A CNAME with a wildcard embedded

domain-name-system cname-record wildcard domain-name

I'm trying to set up a CNAME DNS entry:

start.*.example.com

That matches the following domain names:

start.a.b.c.example.com
start.a.example.com

Is this possible? My current tests are failing with networksolutions.com.

It was previously working as an A record wildcard (*.exmaple.com) - but I would like it to work as a CNAME.


Solution 1:

start.*.example.com

DNS wildcards do not work like this, so you can not do that (as a wildcard) and hence "embedded wildcard" is not a thing in DNS world.

It is not a problem of the record type (CNAME vs A vs anything else) or the DNS provider used, it is the fact that a wildcard HAS TO be a first label of * and then other labels.

So *.example.com is a wildcard (and hence will trigger specific behavior during DNS exchanges, matching multiple names) but start.*.example.com is not a wildcard: you can certainly create a CNAME record with this name, however it will match only itself, literally, including with the asterisk, and absolutely nothing else (no matching of any other name)

See RFC 1034:

4.3.3. Wildcards

In the previous algorithm, special treatment was given to RRs with owner names starting with the label "*". Such RRs are called wildcards.

and later:

The contents of the wildcard RRs follows the usual rules and formats for RRs. The wildcards in the zone have an owner name that controls the query names they will match. The owner name of the wildcard RRs is of the form "*.", where is any domain name.

If you need to match a single thing, you can create the wildcard of *.example.com and both start.a.example.com and start.a.b.c.example.com will match the wildcard record, but as would any other name where start and/or a and/or b and/or c are replaced by something else.

The Wikipedia entry at https://en.wikipedia.org/wiki/Wildcard_DNS_record has exactly the same content as above:

Say there is a DNS zone with the following resource records:

[...]

*.example.               3600     TXT   "this is a wildcard"
*.example.               3600     MX    10 host1.example.
sub.*.example.           3600     TXT   "this is not a wildcard"

[...]

The following responses would be synthesized from one of the wildcards in the zone:

[...]

foo.bar.example. TXT The answer will be "foo.bar.example. IN TXT ..." because bar.example. does not exist, but the wildcard does.

[...]

The following responses would not be synthesized from any of the wildcards in the zone:

[...]

sub.*.example. MX No wild card will match because sub.*.example. exists. The domain sub.*.example. will never act as a wild card, even though it has an asterisk in it.

Related

How to check OS version of Synology NAS Disk Station Manager (DSM)?
Active Directory 2 Factor Authentication with Smartcards
AWS IAM Roles: What is a trusted entity exactly?
"Bad response to Storage command" when scheduling job with Bacula
Postfix recipient address verification: does it work without maintaing a list of relay domains on the forwarder?
gio mount says "volume doesn't implement mount" when run as non-root
Logrotate Service Failure
How can OpenVPN say "wrong credentials" and then work 15 seconds later when I reconnect? [closed]
Access POP3 content from other computer
What does the user limit in Win Srv 2019 Essentials apply to, concurrent connections or existing accounts? [duplicate]
Amazon EC2: Public IP changes at reboot
Why are docker images - architecture specific?