1

I would like to match all subdomains to return an A record (this works) but I would like to exclude one particular subdomain from resolving (not sending an A record at all).

*.example.com.        IN   A   127.0.0.1
exclude.example.com.  IN   A   [no IP at all]

I would like to configure this directly in bind and also in a plesk environment.

Teddy
  • 195
  • 2
  • 8

1 Answers1

1

To exclude an A record of a wildcard subdomain it is possible to add a TXT record with the particular subdomain.

*.example.com.        IN   A   127.0.0.1
differ.example.com.   IN   A   192.168.0.1
exclude.example.com.  IN   TXT "Hello"

Then exclude.example.com does not resolve. And in this example differ.example.com resolves to another IP than the wildcard IP.

Teddy
  • 195
  • 2
  • 8
  • Will it not? Not tried yet so you could be right, but there's nothing stopping you having a A record and a TXT record with the same name, so surely the wildcard would still be returned when requesting an address rather than a TXT record that's unrelated to providing address information? – Keith Langmead May 31 '23 at 20:28
  • Yes. `*.example.com` is not the same name as `exclude.example.com`. If you query exclude.example.com DNS server notice there *is* a record with that name but with no A data, so it will return nothing in reply to A query. For other records, like include.example.com it will see there is no record with such name, so it will check wildcard. – Nikita Kipriyanov Jun 01 '23 at 05:13
  • 1
    @KeithLangmead I was surprised it works that way. But at least on my own bind installation and also on a plesk installation (where I don't know the used DNS server) it works like this. – Teddy Jun 01 '23 at 16:35
  • @Teddy Nice. Tried it and can confirm it works on Windows DNS (on server 2019) as well. – Keith Langmead Jun 02 '23 at 13:06