Can I use nested DNS wildcard records











up vote
3
down vote

favorite
1












I would like to have multiple dns entries with wildcards such that one entry is nested as subdomain of another



CNAME *.example.com -> webserver.example.com
CNAME *.api.example.com -> apiserver.example.com


The intention being that I can use customer.example.com to access the webserver and customer.api.example.com to access the api server.



Since customer.api.example.com is a valid match for both of the wildcard entries i'm not sure how this will get resolved.



I have tested this on AWS route53 as the DNS provider and it seems to work as expected.customer.api.example.com resolved to the api server. But i'm not sure if this is guaranteed by the DNS spec or was just chance it picked the correct server.



Is this behaviour something I can rely on to be consistent?










share|improve this question


























    up vote
    3
    down vote

    favorite
    1












    I would like to have multiple dns entries with wildcards such that one entry is nested as subdomain of another



    CNAME *.example.com -> webserver.example.com
    CNAME *.api.example.com -> apiserver.example.com


    The intention being that I can use customer.example.com to access the webserver and customer.api.example.com to access the api server.



    Since customer.api.example.com is a valid match for both of the wildcard entries i'm not sure how this will get resolved.



    I have tested this on AWS route53 as the DNS provider and it seems to work as expected.customer.api.example.com resolved to the api server. But i'm not sure if this is guaranteed by the DNS spec or was just chance it picked the correct server.



    Is this behaviour something I can rely on to be consistent?










    share|improve this question
























      up vote
      3
      down vote

      favorite
      1









      up vote
      3
      down vote

      favorite
      1






      1





      I would like to have multiple dns entries with wildcards such that one entry is nested as subdomain of another



      CNAME *.example.com -> webserver.example.com
      CNAME *.api.example.com -> apiserver.example.com


      The intention being that I can use customer.example.com to access the webserver and customer.api.example.com to access the api server.



      Since customer.api.example.com is a valid match for both of the wildcard entries i'm not sure how this will get resolved.



      I have tested this on AWS route53 as the DNS provider and it seems to work as expected.customer.api.example.com resolved to the api server. But i'm not sure if this is guaranteed by the DNS spec or was just chance it picked the correct server.



      Is this behaviour something I can rely on to be consistent?










      share|improve this question













      I would like to have multiple dns entries with wildcards such that one entry is nested as subdomain of another



      CNAME *.example.com -> webserver.example.com
      CNAME *.api.example.com -> apiserver.example.com


      The intention being that I can use customer.example.com to access the webserver and customer.api.example.com to access the api server.



      Since customer.api.example.com is a valid match for both of the wildcard entries i'm not sure how this will get resolved.



      I have tested this on AWS route53 as the DNS provider and it seems to work as expected.customer.api.example.com resolved to the api server. But i'm not sure if this is guaranteed by the DNS spec or was just chance it picked the correct server.



      Is this behaviour something I can rely on to be consistent?







      domain-name-system wildcard-subdomain






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 29 at 11:36









      Dave Turvey

      1183




      1183






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          5
          down vote



          accepted










          This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034






          share|improve this answer





















            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f942124%2fcan-i-use-nested-dns-wildcard-records%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            5
            down vote



            accepted










            This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034






            share|improve this answer

























              up vote
              5
              down vote



              accepted










              This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034






              share|improve this answer























                up vote
                5
                down vote



                accepted







                up vote
                5
                down vote



                accepted






                This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034






                share|improve this answer












                This approach is ok, DNS server use the most specific match which is *.api.example.com for customer.api.example.com The behavior should be consistent because is defined in RFC 1034







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 29 at 11:47









                Quantim

                940513




                940513






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f942124%2fcan-i-use-nested-dns-wildcard-records%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    mysqli_query(): Empty query in /home/lucindabrummitt/public_html/blog/wp-includes/wp-db.php on line 1924

                    How to change which sound is reproduced for terminal bell?

                    Can I use Tabulator js library in my java Spring + Thymeleaf project?