Internet Architecture Board - IAB Documents

Internet Architecture Board - IAB Documents: "This document contains a number of observations on the implications of the use of wildcards in DNS zones, and makes some recommendations concerning their use.
The contact person for the IAB on this statement is Harald Alvestrand 19 September 2003
IAB Commentary:
Architectural Concerns on the use of DNS Wildcards
There are many architectural assumptions regarding DNS behavior that are not specified in the IETF standards documents describing DNS, but which are deeply embedded in the behavior of Internet protocols and applications. These assumptions are inherent parts of the network architecture of which the DNS is one component.
It has long been known that it is possible to use DNS wildcards in ways that violate these assumptions.
Recent deployments of DNS wildcards with A records at high levels in the DNS tree have shown by experience that the cost of violating these assumptions is significant. In this document we provide an explanation of how DNS wildcards function, and many examples of how their injudicious use negatively impacts both individual Internet applications and indeed the Internet architecture itself.
In particular, we recommend that DNS wildcards should not be used in a zone unless the zone operator has a clear understanding of the risks, and that they should not be used without the informed consent of those entities which have been delegated below the zone. "