Wildcard DNS records (denoted by *) are special entries that match any undefined subdomain. While most developers are familiar with wildcard A records, wildcard CNAME records are less commonly discussed but equally valid in DNS specifications.
According to RFC 1034 and RFC 4592, wildcard CNAME records are technically valid in DNS implementations. However, there are important considerations:
; Example DNS zone file entry
*.example.com. IN CNAME loadbalancer.example.net.
Wildcard CNAMEs are particularly useful in these scenarios:
- Cloud-based SaaS platforms where each customer gets a unique subdomain
- Dynamic staging environments (e.g.,
feature-123.staging.example.com) - CDN configurations where multiple subdomains point to the same endpoint
Here's how to create a wildcard CNAME using AWS CLI:
aws route53 change-resource-record-sets \
--hosted-zone-id Z1EXAMPLE \
--change-batch '{
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "*.api.example.com",
"Type": "CNAME",
"TTL": 300,
"ResourceRecords": [{"Value": "api-gateway.execute-api.us-east-1.amazonaws.com"}]
}
}]
}'
Be aware of these challenges with wildcard CNAMEs:
- They don't work at the zone apex (e.g.,
example.comcan't be a wildcard) - Some legacy systems might have unexpected behavior with wildcards
- Security considerations for certificate issuance (Let's Encrypt handles wildcards differently)
While wildcard records reduce DNS zone file size, they can potentially impact resolution time:
; Compare resolution paths
; Explicit record
customer1.example.com. IN CNAME elb123.aws.amazon.com.
; Wildcard alternative
*.example.com. IN CNAME elb123.aws.amazon.com.
Use these commands to verify your configuration:
dig +short test.example.com CNAME
nslookup -type=CNAME randomsubdomain.example.com
Wildcard DNS records (denoted by *) are special entries that match any undefined subdomains. While commonly used with A records (e.g., *.example.com), their application with CNAME records raises valid technical considerations.
Yes, wildcard CNAME records are perfectly valid according to RFC 1034. The syntax follows standard CNAME format:
*.api.example.com. IN CNAME lb.cloudprovider.com.
However, important DNS protocol constraints exist:
- Wildcard CNAMEs cannot coexist with other records for the same name
- They must follow standard TTL and record length limitations
Here's a complete BIND zone file example:
; Zone file for example.com
$TTL 3600
@ IN SOA ns1.example.com. admin.example.com. (
2023081501 ; serial
7200 ; refresh
3600 ; retry
1209600 ; expire
3600 ; minimum
)
; Base records
@ IN A 192.0.2.1
www IN A 192.0.2.1
; Wildcard CNAME implementation
*.cdn IN CNAME cdnprovider.example.net.
*.api IN CNAME api-gateway.aws.amazon.com.
When debugging wildcard CNAME issues, check these diagnostic commands:
# Basic DNS lookup dig random.cdn.example.com CNAME # Full trace resolution dig +trace foo.api.example.com
Watch for these potential pitfalls:
- NXDOMAIN responses indicating missing records
- CNAME chains exceeding the maximum length (15 for most resolvers)
- TTL mismatches causing propagation delays
Wildcard CNAMEs impact resolution:
| Metric | Impact |
|---|---|
| Initial resolution | Slightly slower due to additional wildcard matching |
| Cache efficiency | Improved when many subdomains resolve to same target |
| DNSSEC validation | No additional overhead compared to regular CNAMEs |
Major DNS services handle wildcard CNAMEs differently:
- AWS Route 53: Full support with 100 alias targets
- Cloudflare: Supports with optional proxy toggle
- Google Cloud DNS: Allows but enforces 250-character limit