[ocp4_workload_rhacs] Add specific DNS for central route#136
Draft
agonzalezrh wants to merge 14 commits into
Draft
[ocp4_workload_rhacs] Add specific DNS for central route#136agonzalezrh wants to merge 14 commits into
agonzalezrh wants to merge 14 commits into
Conversation
agonzalezrh
requested review from
fridim,
rut31337,
stencell and
wkulhanek
as code owners
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
1. The "Wildcard Match" Rule
In the DNS world (RFC 1034), a wildcard record (e.g., *.apps.mydomain.com) only matches if the name requested does not exist in the zone.
If you have:
*.apps.mydomain.com A 1.2.3.4
When you query test.apps.mydomain.com, the server looks for a specific match. Since one doesn't exist, it falls back to the wildcard. Success.
2. The Problem: Empty Non-Terminals
When you create _acme-challenge.test.apps.mydomain.com, you have technically created a branch in the DNS tree. Even if test.apps.mydomain.com has no IP address (A record) of its own, it now "exists" as a parent of the ACME record.
Before: test.apps.mydomain.com did not exist. The wildcard covered it.
After: test.apps.mydomain.com now exists as an Empty Non-Terminal. Because it "exists" (to lead to the ACME record), the DNS server stops looking at the wildcard. Since test itself has no A record, the server returns NODATA (NOERROR with 0 answers).