Wildcard DNS Records — *.example.com

Q: What is a A record in DNS?

## What Is a Wildcard DNS Record? A wildcard DNS record uses an asterisk (*) as the leftmost label in a domain name to match any subdomain that does not have an explicit DNS record. It acts as a catch-all for undefined subdomains. ### BIND Zone File Syntax dns ; Wildcard A record — all undefined subdomains point to one IP *.example.com. 3600 IN A 203.0.113.50 ; Wildcard AAAA record *.example.com. 3600 IN AAAA 2001:db8::50 ; Wildcard CNAME — all undefined sub

Learn how wildcard DNS records match all subdomains that do not have explicit records. Understand syntax, limitations, and multi-tenant hosting configurations.

AAlias

Zone File Entry

*.example.com.    IN    A    203.0.113.50

Detailed Explanation

What Is a Wildcard DNS Record?

A wildcard DNS record uses an asterisk (*) as the leftmost label in a domain name to match any subdomain that does not have an explicit DNS record. It acts as a catch-all for undefined subdomains.

BIND Zone File Syntax

; Wildcard A record — all undefined subdomains point to one IP
*.example.com.       3600    IN    A       203.0.113.50

; Wildcard AAAA record
*.example.com.       3600    IN    AAAA    2001:db8::50

; Wildcard CNAME — all undefined subdomains alias to one target
*.example.com.       3600    IN    CNAME   default.example.com.

; Wildcard MX — catch-all for email
*.example.com.       3600    IN    MX      10 mail.example.com.

How Wildcard Matching Works

Wildcard records match at exactly one label level. The record *.example.com matches:

foo.example.com — matches
bar.example.com — matches
anything.example.com — matches

But does not match:

example.com — the root domain (no label to match)
sub.foo.example.com — two levels deep (need *.*.example.com, which is invalid in standard DNS)

Explicit Records Override Wildcards

If an explicit record exists for a subdomain, it takes precedence over the wildcard:

*.example.com.       3600    IN    A    203.0.113.50    ; catch-all
www.example.com.     3600    IN    A    203.0.113.51    ; explicit override
api.example.com.     3600    IN    A    203.0.113.52    ; explicit override

In this setup, www.example.com resolves to .51, api.example.com resolves to .52, and every other subdomain (e.g., blog.example.com, test.example.com) resolves to .50.

Important Caveat: NXDOMAIN Blocking

A wildcard record eliminates NXDOMAIN responses for its scope. Normally, querying a non-existent subdomain returns NXDOMAIN (the domain does not exist). With a wildcard, all queries return a valid response. This has implications for:

SSL/TLS: Wildcard certificates (*.example.com) pair well with wildcard DNS
Email: A wildcard MX record means mail sent to any subdomain will be accepted
Security: Attackers cannot enumerate subdomains via NXDOMAIN responses

Common Use Cases

Multi-tenant SaaS: Each customer gets a unique subdomain (tenant1.app.example.com) and all resolve to the same load balancer. The application layer routes based on the Host header.
Development environments: Developers create arbitrary subdomains for testing without updating DNS each time.
Catch-all email routing: Accept email for any subdomain address.

Wildcard and CNAME

A wildcard CNAME is common for pointing all subdomains to a CDN or load balancer:

*.example.com.    IN    CNAME    lb.example.com.

Remember: CNAME records cannot coexist with other record types at the same name. If you need both a wildcard A record and a wildcard MX record, do not use a wildcard CNAME.

Use Case

Use wildcard DNS records for multi-tenant SaaS platforms, development environments, or any scenario where you need all subdomains to resolve to the same server without individually defining each one.

Try It — DNS Record Generator

Open full tool →