Is a wildcard DNS record bad practice?

If you ever put a computer in that domain, you will get bizarre DNS failures, where when you attempt to visit some random site on the Internet, you arrive at yours instead.

Consider: You own the domain example.com. You set up your workstation and name it. ... let's say, yukon.example.com. Now you will notice in its /etc/resolv.conf it has the line:

search example.com

This is convenient because it means you can do hostname lookups for, e.g. www which will then search for www.example.com automatically for you. But it has a dark side: If you visit, say, Google, then it will search for www.google.com.example.com, and if you have wildcard DNS, then that will resolve to your site, and instead of reaching Google you will wind up on your own site.

This applies equally to the server on which you're running your web site! If it ever has to call external services, then the hostname lookups can fail in the same way. So api.twitter.com for example suddenly becomes api.twitter.com.example.com, routes directly back to your site, and of course fails.

This is why I never use wildcard DNS.


Is a wildcard DNS record bad practice?

Personally, I don't like it. Especially when there are machines in that domain. Typos go unchecked, errors are less obvious... but there's nothing fundamentally wrong with it.

The only negative I found is that someone could link to my site using http://i.dont.like.your.website.mywebsite.tld.

Have your http server redirect all such requests to the proper, canonical addresses, or not respond at all. For nginx that would be something like:

server {
    listen 80;
    server_name *.mywebsite.tld;
    return 301 $scheme://mywebsite.tld$request_uri;
    }

and then the regular

server {
    listen  80;
    server_name mywebsite.tld;
    [...]
    }

It's all a matter of opinion. For me it's not bad practice.

I'm creating a multi-tenant app which uses a database per tenant. It then selects the database to be used based on the subdomain.

For example milkman.example.com will use the tenant_milkman database.

Like this I have separated tables for each tenant, like, tenant_milkman.users, tenant_fisherman.users, tenant_bobs_garage.users, which in my opinion is a huge lot easier to maintain for this specific app, instead of having all users from all companies in the same table.

[edit - Michael Hampton has a good point]

That being said, if you don't have a specific reason to accept any (variable) subdomain, like I do, then you shouldn't accept them.