Is there a risk with having a wildcard / catch-all 'A' record?

user5962 · November 16, 2020, 4:46pm

Since switching to using Cloudflare, I’ve noticed that there are a lot of DNS records for each of our domain names. Please see screenshot below for one of them, our domain azam.net:

Can you kindly let me know if these DNS records seem to be OK please?

Also, are any of them unnecessary and can be deleted?

The only one I have added manually is the catch-all ‘A’ record “*” (star) pointing to our host’s address 83.233.119.60, which one website recommended for Cloudflare DNS settings. However, in Cloudflare it has an exclamation mark warning next to it stating it will be “exposing IPs that are proxied through Cloudflare”. Therefore should it be deleted or remain?

Thank you very much. I greatly appreciate your help.

sdayman · November 16, 2020, 5:33pm

Because your server hosts email and the website, you have no choice but to expose the origin’s IP address.

As for the wildcard DNS entry, those are generally not advisable.

Speaking of email, the ‘mail’ record is a CNAME that points to your root domain which is set to . That ‘mail’ record should be an “A” record with your server’s IP address, and set to DNS Only. Cloudflare does not proxy email connections.

system · November 21, 2020, 5:33pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DNS question: * wildcard for A record DNS & Network	3	2050	October 18, 2020
Proxy A records Getting Started	2	3760	November 15, 2020
Wildcard Type A * DNS Only Getting Started	2	2177	January 5, 2021
Cloudflare says: Make sure all A, AAAA, and CNAME records pointing to proxied records are also proxied to avoid exposing your origin IP DNS & Network	4	7229	September 10, 2019
DNS Warning DNS & Network	2	2025	December 20, 2020

Is there a risk with having a wildcard / catch-all 'A' record?

Related topics