My Profile Photo

Sheogorath's Blog

Wildcards in DNS are evil

Today I learned that by using wildcard DNS entries you’ll most likely shoot yourself into the foot. The reason for that is, that there is at least one upcoming RFC out there, that tells you explicitly that “Sites which do not use the advanced method but employ wildcard DNS for their sub-domains MUST make sure that the ‘openpgpkey’ sub-domain is not subject to the wildcarding.”. This means that if you aren’t aware of all RFCs out there, you most likely violated on of them by simply using a wildcard DNS entry.

I came across that while looking up some other detail in this section. Thankfully I’m not using wildcard DNS entries myself, but I’m sure there are people out there. If you do, please check this stuff and maybe write some automation around it so others don’t have to be you.