ADC

Supporting wildcard DNS domains

September 21, 2020

Contributed by:

Wildcard DNS domains are used to handle requests for a nonexistent domains and subdomains. In a zone, if you want to redirect queries for all nonexistent domains or subdomains to a particular server, you can use wildcard domains rather than creating a separate Resource Record (RR) for each such domain. The most common use of a wildcard DNS domain is to create a zone that can be used to forward mail from the internet to some other mail system.

In DNS resolution, the wildcard domain is supported by wildcard RRs. The wildcard RRs are used to synthesize the responses to queries for a nonexistent domain name. For example, if you queried http://image.example.com, and the subdomain “image” did not exist, you could be redirected to example.com.

A wildcard record has an asterisk (*) character as the leftmost label of a domain name. For example, *.example.com. An asterisk at any other place in the domain name does signify a wildcard DNS record. For example, new.*.example.com is not a valid wildcard DNS record.

Note

Wildcard domain is supported only when the Citrix ADC appliance is authoritative for the zone and is configured as an ADNS or a DNS proxy server.

Wildcard domain is not supported for NS and SOA records.

Wildcard domain cannot be applied when the query is in another zone.

Wildcard domain cannot be applied when the QNAME or a name between the wildcard domain and the QNAME is known to exist.

Example configuration

add dns soaRec example.com -originServer n1.example.com -contact admin.example.com

add dns nsRec example.com n1.example.com

add dns nsRec example.com n2.example.com

add dns zone example.com  -proxyMode no

add dns addrec www.example.com 2.2.2.2

add dns addrec *.example.com 10.10.10.10

add dns addrec *.example.com 10.10.10.11

add dns aaaarec *.example.com 2001::1
<!--NeedCopy-->

In the example, wildcard domain name is added for A and AAAA record.

When a query is received for a domain name that exists in the zone, say www.example.com, the Citrix ADC appliance responds with the corresponding response; that is 2.2.2.2 in the example.

For a nonexistent domain name that matches with a wildcard type, a synthesized response is delivered.

In the example, the Citrix ADC appliance responds with 10.10.10.10 and 10.10.10.11 for domain name nonexist.example.com or xyz.example.com.

Wildcard synthesize is not applicable for a domain name that exists in the zone.

For example, for the query www.example.com and type AAAA, the Citrix ADC appliance does not synthesize with wildcard, because www.example.com exists with type A. In the example, the Citrix ADC appliance responds with a NODATA response.

For a query say abc.example.com and type AAAA, the Citrix ADC appliance responds with a synthesized response; that is 2001::1 in the example.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Supporting wildcard DNS domains

September 21, 2020

Contributed by:

September 21, 2020

Contributed by:

Supporting wildcard DNS domains

Example configuration

In this article