0

E.g. in my DNS providers UI, I have a A record for the main domain along the lines: mydomain.com.: <my server ip address>

This works fine. I'd like to obtain a wildcard SSL certificate to be able to add several subdomains.

Can I add a record of the form *.mydomain.com: <my server ip address> Is this normal or sound practice?

Doug Fir
  • 111
  • 4
  • 2
    Yes, and you do it just like that. – Michael Hampton Jul 02 '21 at 22:53
  • OK thanks, set that up just now – Doug Fir Jul 02 '21 at 23:19
  • 1
    If you are new to DNS configuration, you should avoid using wildcards. They do work, but can be complicated to understand. Or at least try wildcards first on non important domains until you master DNS. You don't need a wildcard DNS entry to get a wildcard certificate, like at LetsEncrypt. You don't need a wildcard DNS entry later to use a certificate with a wildcard entry in it. – Patrick Mevzek Jul 03 '21 at 01:26
  • Thanks for the pointers @PatrickMevzek, in the end I removed the wildcard dns entry anyway – Doug Fir Jul 03 '21 at 01:27

1 Answers1

0

Yes, you may use * as a wild card for subdomains, as stated in RFC1034 sections 4.3.2 and 4.3.3 with some changes and clarifications in RFC4592.

At least one drawback will be the clever and less tasteful subdomains people choose to use to link to your site.

Paul
  • 3,037
  • 6
  • 27
  • 40