I want to create a wildcard subdomain on my google domain so that every subdomain points to the main site.
So for example if my website is called abc.com any subdomain hello.abc.com/ xyz.abc.com/etc.abc.com to all point to the main site.
Is there a way to do this in google domains?
I managed to do it like that:
for the exact match example.com I use: # in Name.
for all wildcard matches *.example.com I use: * in Name.
so I have:
Name
Typ
TTL
Data
#
A
1h
123.123.123.123
*
A
1h
123.123.123.123
Use the wildcard character * as in *.example.com.
About wildcard records
I solved this recently and I got annoyed at how long it took me to find an answer. I'm going to go through this here really quick, because this is the SO question I landed on when I searched for the problem and the answers didn't help. If I ever come back here again, I'd prefer to have it answered. Maybe it'll help someone else too.
A Stupidly Simplistic Description of DNS
When your computer wants to talk to another computer, it has to figure out where it is. Computers use numbers instead of nice names, so smart people invented DNS to do that translation. For our purpouses, a DNS server is just a thing that stores a bunch of information about how to translate nice human names like google.com into annoying computer names like 19:3f:93:27:40...
To do this it stores a bunch of records. these are just rows in a database somewhere.
A Too-Short Summary Of The Record Types Involved.
DNS has two types of records relevant to this problem:
A Records
Address records directly map from a human name to a computer name.
Here's what it looks like (roughly) circa 2023 in google domains. If you're like me and too cheap for a static IP, this will be in dynamic dns, otherwise it'll be somehwere else.
CNAME Records
CNAME records point to other records, specifically A records. If you want traffic for some subdomain to go to a specific place, you create a CNAME record. That way when someone asks the DNS system for "wiggling.worms.com", it will actually give them the IP for "worms.com", or wherever your computer/network is actually located. The record looks like this:
whenever anyone asks the DNS system "where is somesubdomian.yourdomain.com?", it will answer with whatever the result of looking up "yourdomain.com" is. More about debugging this in a bit.We're almost there.
First, I want to spend a sentence or two venting, skip to the next paragraph if you don't want to hear it. Many answers on many sites I've seen said that the "yourdomain.com." part of this was arbitrary, and could be "anything.yourdomain.com.". This is incorrect. When the DNS system encounters a CNAME record, it will follow it as written, which means if you use "anything.yourdomain.com", and you don't happen to have an A type record for "anything.yourdomain.com", the DNS query for "somedomain.yourdomain.com" will fail. This is probably very obvious to people who are not hastily slapping together a homelab, but it was very frustrating finding so many easily accessible answers that were simply wrong.
OK. Last bit.You pay good money for that domain and everything under it! Wouldn't it be nice to not have to make a CNAME record for every subdomain you could possibly use? Well now you can, with wildcard CNAME records! In the hostname part of the CNAME record, simply put "*" when you're bored of creating endless records and ALL subdomains matching that pattern will be routed to the associated record. NEAT.
Debugging - Because Things Go Wrong
You thought you did it right, why doesn't it work? Fortunately, people thought of this, and made tools. I used dig, because I learned it in school. You can also use other tools as are available on your system, notably nslookup for windows. These tools let you look at what's actually going on when you talk to the DNS system. For example:
pi#raspberrypi:/ $ dig google.com
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Raspbian <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35586
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 178 IN A 142.250.188.14
;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb 16 19:00:23 GMT 2023
;; MSG SIZE rcvd: 55
We figured out where google is, but how did we get there? dig has a (weirdly formatted) +trace option that will tell us about the whole path we took to get the answer:
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Raspbian <<>> google.com +trace
;; global options: +cmd
. 26362 IN NS a.root-servers.net.
. 26362 IN NS b.root-servers.net.
. 26362 IN NS c.root-servers.net.
. 26362 IN NS d.root-servers.net.
. 26362 IN NS e.root-servers.net.
. 26362 IN NS f.root-servers.net.
. 26362 IN NS g.root-servers.net.
. 26362 IN NS h.root-servers.net.
. 26362 IN NS i.root-servers.net.
. 26362 IN NS j.root-servers.net.
. 26362 IN NS k.root-servers.net.
. 26362 IN NS l.root-servers.net.
. 26362 IN NS m.root-servers.net.
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 1170 bytes from 199.7.91.13#53(d.root-servers.net) in 12 ms
google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; Received 836 bytes from 192.43.172.30#53(i.gtld-servers.net) in 12 ms
google.com. 300 IN A 142.251.214.142
;; Received 55 bytes from 216.239.38.10#53(ns4.google.com) in 50 m
If you set this up wrong, running this should give you an idea of what exactly you're doing wrong. For me it showed that there was no record for "any.mydomain.com" and so the dns resolution for "somethingelse.mydomain.com" was failing. There are other issues you might run into, but for this question, that's probably the big one.
OK. I think that mostly covers it. It's probably overkill, but if it's helpful to one person it's worth it. Including me in the future.
Related
dig qq.com
; <<>> DiG 9.10.6 <<>> qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61180
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;qq.com. IN A
;; ANSWER SECTION:
qq.com. 95 IN A 183.3.226.35
qq.com. 95 IN A 203.205.254.157
qq.com. 95 IN A 123.151.137.18
qq.com. 95 IN A 61.129.7.47
;; Query time: 59 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 21 00:16:17 CST 2021
;; MSG SIZE rcvd: 99
in my example,the QUERY is 1.
I come from here
Query: 1: The number of queries in this session, which was one.
Is the explanation right?
If if it is right,can I have more queries at once,I saw all of examples in internet is always 1.
from https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.1
QDCOUNT an unsigned 16 bit integer specifying the number of
entries in the question section
from https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.2
The question section is used to carry the "question" in most queries,
i.e., the parameters that define what is being asked. The section
contains QDCOUNT (usually 1) entries
Query: 1: The number of queries in this session, which was one.
Is the explanation right?
Yes, dig displays there the number of entries for the 4 sections: QUERY, ANSWER, AUTHORITY, ADDITIONAL.
If if it is right,can I have more queries at once,I saw all of examples in internet is always 1.
You can't.
The format seems to allow for it, however things were never really specified so it is not possible today, for at least the simple reason that the answer has a single return code to note the success or failure of the request, so if the request has multiple queries, some successul, some not, how could the return code handle that?
I believe that is answered here: https://www.ietf.org/rfc/rfc1035.txt
OPCODE A four bit field that specifies kind of query in this
message. This value is set by the originator of a query
and copied into the response. The values are:
0 a standard query (QUERY)
1 an inverse query (IQUERY)
2 a server status request (STATUS)
3-15 reserved for future use
In the case of dig, I supposed we will either see QUERY or IQUERY as we are either retrieving the domain name that corresponds to Internet address or vice versa
For example: I want to look up the A record for www.ardainc.org.
I query the root servers and get back an answer with a referral to the .org servers.
When I query the .org server next, do I send the same question (an A record for www.ardainc.org) or do I ask now instead for the NS records for the domain name?
Empirically, asking for A records all the way down seems to always work, but I keep hearing that resolvers first look up the name servers for a domain, and then ask for the actual records they want. The RFCs do not seem to specify.
You send always the same question, because irrespective of the QTYPE the authoritative nameserver will give you a referral to the proper nameservers, so you get "automatically" the NS records in the AUTHORITY section.
See the generic algorithm in RFC1034 section 4.3.2.
It is not clear from where you hint "but I keep hearing that you need to check NS records."
You can easily reproduce it manually, summarized for your case:
Step 1
dig www.ardainc.org A #a.root-servers.net gives:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47905
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13
;; AUTHORITY SECTION:
org. 2d IN NS d0.org.afilias-nst.org.
org. 2d IN NS a0.org.afilias-nst.info.
org. 2d IN NS c0.org.afilias-nst.info.
org. 2d IN NS a2.org.afilias-nst.info.
org. 2d IN NS b0.org.afilias-nst.org.
org. 2d IN NS b2.org.afilias-nst.org.
Step 2
We pick any one to go further:
dig www.ardainc.org A #b2.org.afilias-nst.org. gives:
; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39247
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; AUTHORITY SECTION:
ardainc.org. 1d IN NS ns.josh.com.
ardainc.org. 1d IN NS ns2.josh.com.
Step 3
Same step as previous:
dig www.ardainc.org A #ns2.josh.com. gives:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23030
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; ANSWER SECTION:
www.ardainc.org. 3m8s IN CNAME web.josh.com.
web.josh.com. 5m IN CNAME aws.josh.com.
aws.josh.com. 1m IN A 18.217.156.232
We got our answer, the resolution stops there. Note that we did three A queries, never a NS one.
If you do dig +trace you will see the same thing,
(of course beneath what you see more happens, because when you do #ns2.josh.com., dig has first to resolve this name to find the IP address, so more A and AAAA queries)
I am trying to get a full understanding of the meaning of DNS resolution process, through +trace option (in order to make the resolver simulate the NS default server role). I have taken the following output from a didactic example, then I added some lines that I found in a different context (I am sure that this is a possible scenario). These lines that I added are the last 2 of the output (regarding the NS of XXX.mit.edu and WWW.YYY.ZZZ).
dig www.mit.edu +trace
; <<>> DiG 9.2.4 <<>> www.mit.edu +trace
;; global options: printcmd
. 2788 IN NS b.root-servers.net.
. 2788 IN NS c.root-servers.net.
. 2788 IN NS d.root-servers.net.
. 2788 IN NS e.root-servers.net.
. 2788 IN NS f.root-servers.net.
. 2788 IN NS g.root-servers.net.
. 2788 IN NS h.root-servers.net.
. 2788 IN NS i.root-servers.net.
. 2788 IN NS j.root-servers.net.
. 2788 IN NS k.root-servers.net.
. 2788 IN NS l.root-servers.net.
. 2788 IN NS m.root-servers.net.
. 2788 IN NS a.root-servers.net.
;; Received 276 bytes from 193.204.161.133#53(193.204.161.133) in 1 ms
edu. 172800 IN NS A3.NSTLD.COM.
edu. 172800 IN NS C3.NSTLD.COM.
edu. 172800 IN NS D3.NSTLD.COM.
edu. 172800 IN NS E3.NSTLD.COM.
edu. 172800 IN NS G3.NSTLD.COM.
edu. 172800 IN NS H3.NSTLD.COM.
edu. 172800 IN NS L3.NSTLD.COM.
edu. 172800 IN NS M3.NSTLD.COM.
;; Received 302 bytes from 192.228.79.201#53(b.root-servers.net) in 194 ms
mit.edu. 172800 IN NS STRAWB.mit.edu.
mit.edu. 172800 IN NS BITSY.mit.edu.
mit.edu. 172800 IN NS W20NS.mit.edu.
;; Received 138 bytes from 192.5.6.32#53(A3.NSTLD.COM) in 182 ms
www.mit.edu. 60 IN A 18.7.22.83
mit.edu. 21600 IN NS BITSY.mit.edu.
mit.edu. 21600 IN NS STRAWB.mit.edu.
mit.edu. 21600 IN NS W20NS.mit.edu.
mit.edu. 21600 IN NS XXX.mit.edu
mit.edu. 21600 IN NS WWW.YYY.ZZZ
;; Received 154 bytes from 18.71.0.151#53(STRAWB.mit.edu) in 150 ms
I understood everything that happen before those lines: "." information are kept by root name servers. The list of root name servers is given by 193.204.161.133, which is my default name server. "edu" information are given by the name servers in the "second block" (XX.MSTLD.COM). And this is information is given by a root name server. "mit.edu" information are given by STRAWB, BITSY and W20NS (which are authority NS for mit.edu). This is also fine. So, in the "last block": what do the "XXX.mit.edu" and "WWW.YYY.ZZZ" mean? They are also autorithy NS for mit.edu, but why weren't they listed previously, along with the other 3 autorithy NS? It is like if only STRAWB.mit.edu knows that there are more NS containing information relating to mit.edu zone.. does it mean that they are auxiliary name servers, maybe for redundancy?
I hope my question was clear.
A dig trace is a list of all of the conversations that occurred in the process of resolving a domain name. The conversation runs something like this
Initially a root name server's address is required to begin finding the address, these are usually taken from cache, since this request took 1ms we shall presume this was the case.
Root name servers are queried for the .edu. name servers. The second set of results - the edu. answers are those.
One of the .edu. servers are queried for the mit.edu. name servers. These results are the mit.edu. with STRAWB,BITSY and W20NS
The final answer is recieved from 18.71.0.151#53(STRAWB.mit.edu) and is the top response www.mit.edu To answer the query this is the only record that is required.
The records below the answer are additional records, they are basically the name server being helpful. It is giving you a list of all of the authorative nameservers for the domain to be put into cache so that the next time you need to look up an mit.edu domain you won't need to do the full look up. (and will have the complete set of name servers)
For more information, have a read of RFC 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (search for 'additional')
For a given domain name, i want to determine which level is the very upper level which the domain owner can control (the domain owner can make resolution changes at this level)
eg: for www.abc.yahoo.com, i want to get yahoo.com as the result)
I know there is a tld list at http://www.iana.org/domains/root/db, but there is some exception: net.in, net.cn etc.
Is there somewhere i can get the list of these registrable domains?
Thanks in advance.
Most of the time an easy way is to send a SOA query for the name you have and look at the response. If the name is a zone apex, you'll get a SOA record in the Answer section of the response. If it's not, you'll get a SOA record in the Authority section, and the owner name of that SOA record is the zone apex for the name you asked about. Here's an example of the latter case:
Kadath:~$ dig soa www.abc.yahoo.com #8.8.8.8
; <<>> DiG 9.10.3 <<>> soa www.abc.yahoo.com #8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44025
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.abc.yahoo.com. IN SOA
;; AUTHORITY SECTION:
yahoo.com. 0 IN SOA ns1.yahoo.com. hostmaster.yahoo-inc.com. 2015101301 3600 300 1814400 600
;; Query time: 75 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Oct 13 13:05:19 CEST 2015
;; MSG SIZE rcvd: 107
This works for correctly set up zones. If you also want to cover broken setups, things get considerably less simple.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have pointed the A record for the domain www.fitnaturally.co.uk (domain has been in use for a while) to my server IP (79.170.44.156). I did this 8 hours ago and still nothings happened. From my experience this process doesn't normally take any longer than 4 hours.
After doing a DNS Propagation check at http://www.whatsmydns.net/#A/www.fitnaturally.co.uk/
I have discovered that the correct IP is in some locations but in others it is still the old A Record ip (91.208.99.12). When i keep checking whatsmydns the IP address for each location keep changing back to the old IP also. For example London, UK (BT Global) was 79.170.44.156 but it has now changed back to (91.208.99.12).
If i do a DNS Prop check for http://www.whatsmydns.net/#A/fitnaturally.co.uk/ all A records show 79.170.44.156. But the old website still loads and I cannot connect to the new server via ftp.fitnaturally.co.uk.
Can somebody suggest anything that I can try to get this working or suggest a reason why its taking so long?
Your DNS records have 1-day TTLs, so that's how long it can take for old data to clear out of caches.
$ dig www.fitnaturally.co.uk a #ns1.tsohost.co.uk +norec
; <<>> DiG 9.6-ESV-R4-P3 <<>> www.fitnaturally.co.uk a #ns1.tsohost.co.uk +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7116
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.fitnaturally.co.uk. IN A
;; ANSWER SECTION:
www.fitnaturally.co.uk. 86400 IN A 79.170.44.156
86400 seconds is 1 day. I'm assuming you had the same TTL on the old record that this replaced.
If you want changes to propagate more quickly, you have to lower the TTL. Note that this has to be done BEFORE you make the change, since caches get the TTL when they look up the old data, and hold on to it for that long before checking again.
To answer the inevitable next question: no, there's no way to force caches to clear.
In some cases, DNS propagation may take even more than one day. Use Google DNS 8.8.8.8, which is usually fast, to see if the change was correctly applied.