How to define a wildcard `*` name

Managed DNS Hosting
1

My domain is currently at Square having been transferred from Google Domains where I had the following two records defined:

An A record for "wildcard" on my domain. I used this and dynamic DNS to keep the IPv4 address up to date.

And a CNAME record for "*" whose value was "wildcard". I used this to get a domain level certificate from LetsEncrypt.

I also changed the NS over on my Square account to correctly point to the deSEC nameservers.

So with deSec I was able to create the same A record. Running nslookup on my "wildcard" name ("wildcard.<my domain>.<tld>") correctly returns its current IPv4 address.

But am having issues with the "*" CNAME record. I am not able to specify "wildcard" here on deSEC. For the target hostname it wants the value to end in a period.

It does not accept "wildcard." nor "wildcard.<my domain>.<tld>"

I currently have specified "wildcard.<my domain>." (no TLD), but that doesn’t resolve correctly with nslookup.

How do I accomplish this?

2

Hi gbartlett,

Thanks for your message, and welcome to deSEC! :slight_smile:

It seems like what you want is: wildcard.<my domain>.<tld>. (including the final dot)

Stay secure
Peter

1 Like
3

Thank you for the quick reply, I will give this a try.

-g

4

For context: In DNS, names actually always end with a trailing dot.

(Strictly speaking, domain names are a list of labels, and each label is separated with a dot; also, the last label is the root label, which is empty; as a result, it looks like there’s a dot at the end.)

When names without a trailing dot are accepted, that’s often for convenience. However, it is also ambiguous, as in some contexts they are interpreted as subdomains of the main domain (i.e., the full domain name gets appended). To make it non-ambiguous, we go by the DNS specs and insist on the dot. :slight_smile:

Stay secure,
Peter

1 Like
5

Just a quick note that this worked perfectly, I marked it as the Solution.

-g