Can I use nested DNS wildcard records

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP

up vote
3
down vote

favorite

1

I would like to have multiple dns entries with wildcards such that one entry is nested as subdomain of another

CNAME *.example.com -> webserver.example.com
CNAME *.api.example.com -> apiserver.example.com

The intention being that I can use customer.example.com to access the webserver and customer.api.example.com to access the api server.

Since customer.api.example.com is a valid match for both of the wildcard entries i’m not sure how this will get resolved.

I have tested this on AWS route53 as the DNS provider and it seems to work as expected.customer.api.example.com resolved to the api server. But i’m not sure if this is guaranteed by the DNS spec or was just chance it picked the correct server.

Is this behaviour something I can rely on to be consistent?

share|improve this question

    up vote
    3
    down vote

    favorite

    1

    I would like to have multiple dns entries with wildcards such that one entry is nested as subdomain of another

    CNAME *.example.com -> webserver.example.com
    CNAME *.api.example.com -> apiserver.example.com
    

    The intention being that I can use customer.example.com to access the webserver and customer.api.example.com to access the api server.

    Since customer.api.example.com is a valid match for both of the wildcard entries i’m not sure how this will get resolved.

    I have tested this on AWS route53 as the DNS provider and it seems to work as expected.customer.api.example.com resolved to the api server. But i’m not sure if this is guaranteed by the DNS spec or was just chance it picked the correct server.

    Is this behaviour something I can rely on to be consistent?

    share|improve this question

      up vote
      3
      down vote

      favorite

      1

      up vote
      3
      down vote

      favorite

      1
      1

      I would like to have multiple dns entries with wildcards such that one entry is nested as subdomain of another

      CNAME *.example.com -> webserver.example.com
      CNAME *.api.example.com -> apiserver.example.com
      

      The intention being that I can use customer.example.com to access the webserver and customer.api.example.com to access the api server.

      Since customer.api.example.com is a valid match for both of the wildcard entries i’m not sure how this will get resolved.

      I have tested this on AWS route53 as the DNS provider and it seems to work as expected.customer.api.example.com resolved to the api server. But i’m not sure if this is guaranteed by the DNS spec or was just chance it picked the correct server.

      Is this behaviour something I can rely on to be consistent?

      share|improve this question

      I would like to have multiple dns entries with wildcards such that one entry is nested as subdomain of another

      CNAME *.example.com -> webserver.example.com
      CNAME *.api.example.com -> apiserver.example.com
      

      The intention being that I can use customer.example.com to access the webserver and customer.api.example.com to access the api server.

      Since customer.api.example.com is a valid match for both of the wildcard entries i’m not sure how this will get resolved.

      I have tested this on AWS route53 as the DNS provider and it seems to work as expected.customer.api.example.com resolved to the api server. But i’m not sure if this is guaranteed by the DNS spec or was just chance it picked the correct server.

      Is this behaviour something I can rely on to be consistent?

      domain-name-system wildcard-subdomain

      share|improve this question

      share|improve this question

      share|improve this question

      share|improve this question

      asked Nov 29 at 11:36

      Dave Turvey

      1183

      1183

          1 Answer
          1

          active

          oldest

          votes

          up vote
          5
          down vote

          accepted

          This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034

          share|improve this answer

            Your Answer

            StackExchange.ready(function() {
            var channelOptions = {
            tags: “”.split(” “),
            id: “2”
            };
            initTagRenderer(“”.split(” “), “”.split(” “), channelOptions);

            StackExchange.using(“externalEditor”, function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using(“snippets”, function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: ‘answer’,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: “”,
            imageUploader: {
            brandingHtml: “Powered by u003ca class=”icon-imgur-white” href=”https://imgur.com/”u003eu003c/au003e”,
            contentPolicyHtml: “User contributions licensed under u003ca href=”https://creativecommons.org/licenses/by-sa/3.0/”u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href=”https://stackoverflow.com/legal/content-policy”u003e(content policy)u003c/au003e”,
            allowUrls: true
            },
            onDemand: true,
            discardSelector: “.discard-answer”
            ,immediatelyShowMarkdownHelp:true
            });

            }
            });

            draft saved
            draft discarded

            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2fserverfault.com%2fquestions%2f942124%2fcan-i-use-nested-dns-wildcard-records%23new-answer’, ‘question_page’);
            }
            );

            Post as a guest

            Required, but never shown

            1 Answer
            1

            active

            oldest

            votes

            1 Answer
            1

            active

            oldest

            votes

            active

            oldest

            votes

            active

            oldest

            votes

            up vote
            5
            down vote

            accepted

            This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034

            share|improve this answer

              up vote
              5
              down vote

              accepted

              This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034

              share|improve this answer

                up vote
                5
                down vote

                accepted

                up vote
                5
                down vote

                accepted

                This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034

                share|improve this answer

                This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034

                share|improve this answer

                share|improve this answer

                share|improve this answer

                answered Nov 29 at 11:47

                Quantim

                940513

                940513

                    draft saved
                    draft discarded

                    Thanks for contributing an answer to Server Fault!

                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid

                    • Asking for help, clarification, or responding to other answers.
                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.

                    Some of your past answers have not been well-received, and you’re in danger of being blocked from answering.

                    Please pay close attention to the following guidance:

                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid

                    • Asking for help, clarification, or responding to other answers.
                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.

                    draft saved

                    draft discarded

                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2fserverfault.com%2fquestions%2f942124%2fcan-i-use-nested-dns-wildcard-records%23new-answer’, ‘question_page’);
                    }
                    );

                    Post as a guest

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Required, but never shown

                    Related Post

                    Leave a Reply

                    Your email address will not be published. Required fields are marked *