Today I learned…
When you have a DNS zone (example.com) and create a wildcard like *.example.com with a CNAME to example.com every subdomain is resolved to your A/AAAA entry for example.com
If you run dig (domain information groper) you can see it in your shell:
-> % dig www.example.com
;; ANSWER SECTION:
www.example.com. 86400 IN CNAME example.com.
example.com. 3600 IN A 1.2.3.256How to break it
Today I learned, that if you add a record for a specific subdomain, e.g. www.example.com with a TXT entry, then the CNAME and therefore the A record is no longer used.
Or in other words: Wildcards work only, if there is no other more specific entry – and it doesn’t matter whether this is a MX, TXT or an SRV entry.
How to fix it
Fix is easy, if you add a TXT record for a specific subdomain, you need to add the CNAME record as well.
Source
A common mistake is thinking that a wildcard MX for a zone will apply to all hosts in the zone. A wildcard MX will apply only to names in the zone which aren’t listed in the DNS at all. e.g.,
https://datatracker.ietf.org/doc/html/rfc1912#section-2.7
More Source
Thanks Alexander Jank!
Technically, your explanation & conclusion is correct.
https://datatracker.ietf.org/doc/html/rfc1034#section-4.3.3
Just the RFC you are linking to, specifically states this for MX records – the general behavior is codified in RFC 1034 section 4.3.3
Thanks!
We had the problem with a customer of ours, it is currently 21:24 when I’m typing this and just hang up a call with Jonas Hünig – that is one reason we are hosting most of our customers (and all new one) on maxcluster. And Jonas was the one providing the source.
Dear Fabian!
technically, your explanation & conclusion is correct.
Just the RFC you are linking to, specifically states this for MX records – the general behavior is codified in RFC 1034 section 4.3.3 – https://datatracker.ietf.org/doc/html/rfc1034#section-4.3.3
Thanks for your blog post!
If you want to dig even deeper: RFC 882 – Section Wildcards https://datatracker.ietf.org/doc/html/rfc882