Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #16048
| Path | csiph.com!weretis.net!feeder7.news.weretis.net!newsfeed.xs3.de!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Reindl Harald <h.reindl@thelounge.net> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: CNAME restrictions |
| Date | Tue, 4 Aug 2020 19:50:08 +0200 |
| Organization | the lounge interactive design |
| Lines | 22 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.800.1597048674.942.bind-users@lists.isc.org> (permalink) |
| References | <YQXPR01MB38780C7AAD14F0009B63741CCD4A0@YQXPR01MB3878.CANPRD01.PROD.OUTLOOK.COM> <YQXPR01MB3878DEDA813E42EE01166478CD4A0@YQXPR01MB3878.CANPRD01.PROD.OUTLOOK.COM> <20200804173448.GA10336@fantomas.sk> <cfca2c4e-9bd2-b4d7-3b2e-eaf7365f7afa@thelounge.net> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 8bit |
| X-Trace | usenet.stanford.edu 1597048719 15646 149.20.1.60 (10 Aug 2020 08:38:39 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@lists.isc.org |
| Return-Path | <h.reindl@thelounge.net> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 |
| In-Reply-To | <20200804173448.GA10336@fantomas.sk> |
| Content-Language | en-US |
| X-Spam-Status | No, score=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.2 |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-Mailman-Approved-At | Mon, 10 Aug 2020 08:37:49 +0000 |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <cfca2c4e-9bd2-b4d7-3b2e-eaf7365f7afa@thelounge.net> |
| X-Mailman-Original-References | <YQXPR01MB38780C7AAD14F0009B63741CCD4A0@YQXPR01MB3878.CANPRD01.PROD.OUTLOOK.COM> <YQXPR01MB3878DEDA813E42EE01166478CD4A0@YQXPR01MB3878.CANPRD01.PROD.OUTLOOK.COM> <20200804173448.GA10336@fantomas.sk> |
| Xref | csiph.com comp.protocols.dns.bind:16048 |
Show key headers only | View raw
Am 04.08.20 um 19:34 schrieb Matus UHLAR - fantomas: > On 04.08.20 17:29, Leroy Tennison wrote: >> I have a situation where, due to the system's location (IP subnet), >> its DNS >> name is <webserver>.<internal subdomain>.datavoiceint.com. We have a >> certificate for *.datavoiceint.com which we prefer to use > > wildcard in certificates only covers one level of subdomains, so > *.datavoiceint.com will cover <internal subdomain>.datavoiceint.com but not > anything under it. > > you will have to strip the <webserver> part or get other certificate proper wildcard certifiocates are looking like this X509v3 Subject Alternative Name: DNS:*.buildserver.thelounge.net DNS:*.thelounge.net DNS:thelounge.net in other words: you have "*.domain.tld" and "domain.tld" in your SAN
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: CNAME restrictions Reindl Harald <h.reindl@thelounge.net> - 2020-08-04 19:50 +0200
csiph-web