My Profile Photo

Sheogorath's Blog

Depending on the time of the day a friend, a colleague, a wise guy. The beauty of the world is its sense of humor to show humans their way by letting them search their own.

Cover image for this blog post

Wildcards in DNS are evil

Today I learned that by using wildcard DNS entries you’ll most likely shoot yourself into the foot. The reason for that is, that there is at least one upcoming RFC out there, that tells you explicitly that “Sites which do not use the advanced method but employ wildcard DNS for their sub-domains MUST make sure that the ‘openpgpkey’ sub-domain is not subject to the wildcarding.”. This means that if you aren’t aware of all RFCs out there, you most likely violated on of them by simply using a wildcard DNS entry.

I came across that while looking up some other detail in this section. Thankfully I’m not using wildcard DNS entries myself, but I’m sure there are people out there. If you do, please check this stuff and maybe write some automation around it so others don’t have to be you.