Is a wildcard DNS record bad practice?
If you ever put a computer in that domain, you will get bizarre DNS failures, where when you attempt to visit some random site on the Internet, you arrive at yours instead.
Consider: You own the domain example.com
. You set up your workstation and name it. ... let's say, yukon.example.com
. Now you will notice in its /etc/resolv.conf
it has the line:
search example.com
This is convenient because it means you can do hostname lookups for, e.g. www
which will then search for www.example.com
automatically for you. But it has a dark side: If you visit, say, Google, then it will search for www.google.com.example.com
, and if you have wildcard DNS, then that will resolve to your site, and instead of reaching Google you will wind up on your own site.
This applies equally to the server on which you're running your web site! If it ever has to call external services, then the hostname lookups can fail in the same way. So api.twitter.com
for example suddenly becomes api.twitter.com.example.com
, routes directly back to your site, and of course fails.
This is why I never use wildcard DNS.
Is a wildcard DNS record bad practice?
Personally, I don't like it. Especially when there are machines in that domain. Typos go unchecked, errors are less obvious... but there's nothing fundamentally wrong with it.
The only negative I found is that someone could link to my site using http://i.dont.like.your.website.mywebsite.tld.
Have your http server redirect all such requests to the proper, canonical addresses, or not respond at all. For nginx that would be something like:
server {
listen 80;
server_name *.mywebsite.tld;
return 301 $scheme://mywebsite.tld$request_uri;
}
and then the regular
server {
listen 80;
server_name mywebsite.tld;
[...]
}
It's all a matter of opinion. For me it's not bad practice.
I'm creating a multi-tenant app which uses a database per tenant. It then selects the database to be used based on the subdomain.
For example milkman.example.com
will use the tenant_milkman
database.
Like this I have separated tables for each tenant, like, tenant_milkman.users
, tenant_fisherman.users
, tenant_bobs_garage.users
, which in my opinion is a huge lot easier to maintain for this specific app, instead of having all users from all companies in the same table.
[edit - Michael Hampton has a good point]
That being said, if you don't have a specific reason to accept any (variable) subdomain, like I do, then you shouldn't accept them.