It might simply be an issue in the GUI that doesn't allow wildcard entries. What you may wish to do is edit the zone record file manually and directly in /var/named and then lock the file so it can't be messed with. Irrespective of whether it's the right or wrong thing to do, it should fix your problem as this should work in BIND.
Hi infinite vortex,
Thanks, indeed the GUI doesn't allow wildcard entries.
I already tried to edit the zone record file (/private/var/named/db.domain.tld) as I explained above and further to that I have already tried to chmod the file read-only.
The system just deletes the whole file and regenerates the entries from the content out of the GUI.
Is there a method to "lock" the file other than the method I describe in this reply?
I agree; "this should work in BIND"!!!
Am curious if the GUI re-interprets the zone file or keeps an XML copy stashed somewhere which is used to regenerate the zone file any time it is edited by the GUI? I have grep'ed /Library looking for such and not found it.
I seriously desire to enter wildcard domain definiitons for obnoxious pop-under ad domains.
I don't know that there's any official documentation on the interaction, nor assurance that things won't change in some new version. I've never seen that documentation, in any case. Various versions of Server.app and Server Admin.app have kept both the service configuration file(s) around and a plist file around; it's dreadfully fun when the two squabble around a DNS change. There've been a few and rare occasions where I've had to exit the app and delete the plist to get the change accepted by the tool.
As for your question, just set your DNS server as the authoritative DNS server for the domain you're aiming at, with no records. Add an empty zone, in other words, that matches the domain or subdomain you're after. No need for wildcards.
Thanks! An empty domain works when my server is the only DNS server but when clients have a fallback DNS listed they go that way when my mini's DNS fails to provide an answer.
But ideas prompted by MrHoffman's and a bit more playing I have now found a workable solution!
- Create a primary domiain, say "dummy.primary"
- Create a nameserver entry for dummy.primary, use "localhost"
Without the nameserver entry clients will try all DNS servers they know. But with, they will stop, which is the desired behavior for killing malicious domains.