A wildcard DNS record is a record in a DNS zone file that will match all requests for non-existent domain names, i.e. domain names for which there are no records at all. It has been suggested that this article be split into multiple articles. ... In computer networking, a zone file is the database element of the domain name system. ...

Wildcards in practice

Whilst the aforegiven definition is in accordance with RFC 1034 § 4.3.2, it is not actually the case in practice. No DNS server software implements wildcards as per RFC 1034. This is in part because, as defined in RFC 1034, wildcard behaviour is not what people generally expect, particularly the interactions between wildcards and MX records. All DNS servers implement wildcards differently, both from RFC 1034 and from one another. An MX record or Mail exchanger record is a type of resource record in the Domain Name System (DNS) specifying how Internet e-mail should be routed. ...

• With djbdns, in addition to checking for wildcards at the current level, the server checks for wildcards in all enclosing superdomains, all of the way up to the root.
• If configured to do so, both Microsoft's DNS server and MaraDNS (by default) have wildcards also match all requests for empty resource record sets, i.e. domain names for which there are no records of the desired type. This has the behaviour in conjunction with MX records that, in the main, people actually desire. In other words, if there is a MX record for "*.example.com", and an A record (but no MX record) for "www.example.com", the "correct" response to a MX request for "www.example.com" is "that doesn't exist"; the actual response with Microsoft's DNS server and MaraDNS is the MX record attached to "*.example.com".
• With BIND, the server follows CNAME chains that are synthesised from wildcards.

djbdns is a simple and secure DNS implementation created by Daniel J. Bernstein because he was fed up with repeated BIND security holes. ... The DNS support in Microsoft Windows NT (and thus its derivatives Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003) comprises two clients and a server. ... MaraDNS is a security-aware Domain Name System (DNS) implementation. ... An MX record or Mail exchanger record is a type of resource record in the Domain Name System (DNS) specifying how Internet e-mail should be routed. ... The DNS support in Microsoft Windows NT (and thus its derivatives Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003) comprises two clients and a server. ... MaraDNS is a security-aware Domain Name System (DNS) implementation. ... BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon) is the most commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto standard. ... The Domain Name System or DNS is a system that stores information about host names and domain names in a kind of distributed database on networks, such as the Internet. ...

Registries that employ wildcards

Between 15 September 2003 and 4 October 2003, VeriSign operated a wildcard DNS entry for all non-existent .com and .net domain names on its root server which redirected users to a VeriSign "web portal" with information about VeriSign products and purchase links to "partner" sites. This had the advantage of VeriSign receiving greater revenue from users wishing to register these domain names, however this action was heavily criticized within the internet technology community. For more coverage of the commercial, ethical, and technical issues relating to this, see the Site Finder article. is the 258th day of the year (259th in leap years) in the Gregorian calendar. ... Year 2003 (MMIII) was a common year starting on Wednesday of the Gregorian calendar. ... is the 277th day of the year (278th in leap years) in the Gregorian calendar. ... Year 2003 (MMIII) was a common year starting on Wednesday of the Gregorian calendar. ... VeriSign, Inc. ... For dot-com companies, see dot-com company. ... .net (network) generic top-level domain (gTLD) used on the Internets Domain Name System. ... The term domain name has multiple related meanings: A name that identifies a computer or computers on the internet. ... A root nameserver is a DNS server that answers requests for the root namespace domain, and redirects requests for a particular top-level domain to that TLDs nameservers. ... For information regarding portals on Wikipedia, see Wikipedia:Portal. ... Site Finder was a wildcard DNS record for all . ...

The .museum top-level domain operated by MuseDoma has always used a wildcard DNS record to resolve unregistered domains. Attempting to access such a domain leads to a web page informing the user that the domain is not in use, and providing links for further information about .museum. Other top-level domains using a wildcard DNS record (as of May 2007) include .cm, .mp, .nu, .ph, .pw, .tk and .ws. .museum is a generic top-level domain (gTLD) used exclusively by museums, museum associations, and individual members of the museum profession, as these groups are defined by the International Council of Museums (ICOM). ... “TLD” redirects here. ... .cm is the country code top-level domain (ccTLD) for Cameroon. ... .mp is the Internet country code top-level domain ( ccTLD) for Northern Mariana Islands. ... .nu is the Internet country code top-level domain (ccTLD) assigned to the island state of Niue. ... .ph is the Internet country code top-level domain (ccTLD) for Philippines. ... .pw is the Internet country code top-level domain ( ccTLD) for Palau. ... .tk is the Internet country code top-level domain (ccTLD) for Tokelau. ... .ws is the Internet country code top-level domain (ccTLD) for Samoa. ...

Ignoring wildcards employed by others

The Internet Software Consortium produced a version of the BIND DNS software that can be configured by system administrators to filter out wildcard DNS from certain domains. Various others produced a wide range of software patches for BIND and for djbdns. Internet Software Consortium (ISC) was an organization that was founded by Rick Adams and Paul Vixie with funding from UUNET to develop and support a number of reference implementations of Internet software. ... BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon) is the most commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto standard. ... A piece of fabric. ... BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon) is the most commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto standard. ... djbdns is a simple and secure DNS implementation created by Daniel J. Bernstein because he was fed up with repeated BIND security holes. ...

Domain parking is an advertising practice used primarily by domain name registrars and internet advertising publishers to monetize type-in traffic visiting an under-developed domain name. ... The term domain name has multiple related meanings: A name that identifies a computer or computers on the internet. ... According to the U.S. federal law known as the Anti-Cybersquatting Consumer Protection Act, cybersquatting is registering, trafficking in, or using a domain name with bad-faith intent to profit from the goodwill of a trademark belonging to someone else. ... Domaining is the business of buying, selling, developing and monetizing Internet domain names. ... A Domain Name Drop List is a list containing the expired domain names that will be deleted from the domain name registry in the near future. ... Domain name speculation refers to buying domains with the intent of selling them later for a higher price. ... Domain sniping is the practice of an individual registering a domain name whose registration has lapsed yet whose original registrant still has an interest in the domain name. ... Domain parking is an advertising practice used primarily by domain name registrars and internet advertising publishers to monetize type-in traffic visiting an under-developed domain name. ... Domain tasting, also known as domain kiting, is a practice of registrants using the five-day grace period at the beginning of a domain registration for ICANN-regulated generic top-level domains to test the marketability of a domain name. ... Domain name warehousing is the common practice of registrars obtaining control of domain names with the intent to hold or “warehouse” names for their use and/or profit. ... Type-in traffic is a term describing visitors landing at a web site by entering a word or phrase in the web browsers address bar rather than following a hyperlink from another web page, using a browser bookmark, or a search-box search. ... An incorrectly entered URL could lead to a website operated by a cybersquatter. ... The Anticybersquatting Consumer Protection Act (also known as Truth in Domain Names Act), a United States federal law enacted in 1999, is part of A bill to amend the provisions of title 17, United States Code, and the Communications Act of 1934, relating to copyright licensing and carriage of broadcast... The PROTECT Act of 2003 authorized fines and/or imprisonment for up to 30 years for U.S. citizens or residents who engage in illicit sexual conduct abroad. ... A domain hack is an unconventional domain name that combines domain labels, especially the top-level domain (TLD), to spell out the full name or title of the domain, making a kind of pun. ...

External links

• IAB Commentary: Architectural Concerns on the use of DNS Wildcards
• Internet Software Consortium announcement of "delegation-only" feature that can be used to filter out wildcards
• "All your *.COM/*.NET are belong to us." — an explanation of VeriSign's wildcards and their effects, and critique of the various attempts to work around such wildcards in software, including delegation-only, showing how they are each flawed