Wildcars records matching to infinite depth

I want to apply a wildcard record which is only matches the first level - is this possible?

That is - would match on a.example.com but not a.a.example.com

I doubt it, but the good(?) news is that SSL certs won’t cover infinite depth, so a.a.example.com won’t load over HTTPS without a certificate warning.

EDIT: Rephrase…I haven’t experimented with it, but I suspect you’ve found it goes to infinite depth…correct? In which case SSL will make that connection not work.

1 Like

Thanks. Yeah, I was hoping there would be some fudge like setting .* or something to say you only want one level of matching.

The SSL cert depth fixes sites as you say (although actually there’s an RFC 8461 for setting email transport security that will require this depth to go to 2 levels when mailing from a subdomain like marketeers tend to, so that’ll be fun when it’s needed…) but my problem is with a TXT record. I wanted a TXT record to match on all subdomains but it also starts matching lots of bits of technology which also look at TXT records.

I think it’s going to be one of those ‘yeah, doesn’t work that way’ things was just holding out hope it was possible with some tricky record def. Cloudflare had kept up their sleeve.

EDIT: RFCs seem to indicate the depth thing is deliberate so I’m out of luck.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.