0

I have a main domain ( aa.example.com) with hunderds of subdomains ( bb.aa.example.com). I made a wildcard record to forward all subdomains (bb.) to a list of addresses in round-robin fashion. The problem I am fscing is the wildcard is forwarding anything towards the the IP ( example , "cc.bb." which is not a vaild subdomain). How can I limit that so it will only forwards ( bb.aa.example.com) and drops any invalid subdomains ( cc.bb.aa.example.com ).

Note: aa, bb, and cc being any arbitary value.

MuhanadAbdullah
  • 3
  • 1

1 Answers1

0

A wildcard matches anything below.

So *.example.com will match for both a.example.com but also a.b.example.com or a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.example.com, due to the way the resolution algorithm works.

If you don't want this, you need to change the architecture of your DNS tree.

If you have a fixed list of subdomains below example.com then define them explicitly, and remove the wildcard.

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
  • Thank you for the reply, well I have another issue now. – MuhanadAbdullah Feb 17 '22 at 15:30
  • ok , no I have the problem that the main domain ( example.com ) don't resolve to anything, only the subdomains do, I want the main domain to be resolved through the internet ( e.g through 8.8.8.8). – MuhanadAbdullah Feb 17 '22 at 15:55
  • If you have a wildcard of `*.example.com` it does not match by design `example.com` so if you need records there you need to enter them specifically alongside the ones for the wildcard. – Patrick Mevzek Feb 18 '22 at 01:53
  • thank you for the reply I have searched a lot for the issue I have. what I need is ALIAS record type which is not supported by BIND. :( – MuhanadAbdullah Feb 20 '22 at 23:17
  • It won't be supported by any browser, since it is not a standard record but only something proprietary that some DNS provider do, each one differently. The future will be SVCB/HTTPS records which standard is not yet fully done but they are already available at at least one DNS provider and consumed by browsers soon. – Patrick Mevzek Feb 21 '22 at 08:31