[BlueOnyx:15020] Re: SSL change after updates?

Wed Mar 26 21:42:29 -05 2014

Michael,

Bind can use wildcards.  Here's an example zone file

$TTL    86400
@       IN SOA  ns.domain.com. admin.domain.com.  (
         2012020502      ; Serial
         10800           ; Refresh
         3600            ; Retry
         604800          ; Expire
         3600            ; Negative cache TTL
)

                         IN NS   ns1.nameservice.com.
                         IN NS   ns2.nameservice.com.
                         IN A    66.66.66.66
                         MX 1    mail
                         MX 10   mail.backupmx.com.

; Addresses

*                       IN A    66.66.66.66
*                       MX 1    mail
*                       MX 10   mail.backupmx.com.

Note that the domain name is picked up from the named.conf stanza.  The 
first A record is for the domain as host (that is, "mydomain.com").  The 
second matches anything under that domain ("mail.mydomain.com", 
"www.mydomain.com", etc.)

More detail here: http://en.wikipedia.org/wiki/Wildcard_DNS_record

Eric

On 3/26/14 7:56 PM, Michael Stauber wrote:
>
> [...] wildcard domains and SSLs [...]
> I'm not sure I understand the problem entirely, as I never used wildcard
> SSL certificates myself. Where does the '*' go? With that I mean I need
> to know all the places where a '*' might be valid.
>
> >From what you wrote I guess the wildcard goes into the "web server
> alias" and the "email server alias"?
>
> *How about the DNS? From a talk with Greg I recall that DNS wildcards are
> also allowed these days. So we also could have "A Records" and "MX
> Records" with wildcards?*
>
> I really need to know the entire applicability in order to make this happen.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140326/d7752abf/attachment.html>