Citrix ADC

Supporting wildcard DNS domains

Wildcard DNS domains are used to handle requests for nonexistent domains and subdomains. In a zone, use wildcard domains to redirect queries for all nonexistent domains or subdomains to a particular server, instead of creating a separate Resource Record (RR) for each domain. The most common use of a wildcard DNS domain is to create a zone that can be used to forward mail from the internet to some other mail system.

In DNS resolution, wildcard RRs support the wildcard domain. The wildcard RRs are used to synthesize the responses to queries for a nonexistent domain name. For example, if you queried http://image.example.com, and the subdomain “image” did not exist, you might be redirected to example.com.

A wildcard record has an asterisk (*) character as the leftmost label of a domain name. For example, *.example.com. An asterisk at any other place in the domain name does signify a wildcard DNS record. For example, new.*.example.com is not a valid wildcard DNS record.

Note

  • Wildcard domain is supported only when the Citrix ADC appliance is authoritative for the zone and is configured as an ADNS or a DNS proxy server.
  • Wildcard domain is not supported for NS and SOA records.
  • Wildcard domain cannot be applied when the query is in another zone.
  • Wildcard domain cannot be applied when the QNAME or a name between the wildcard domain and the QNAME is known to exist.

Example configuration

add dns soaRec example.com -originServer n1.example.com -contact admin.example.com

add dns nsRec example.com n1.example.com

add dns nsRec example.com n2.example.com

add dns zone example.com  -proxyMode no

add dns addrec www.example.com 2.2.2.2

add dns addrec *.example.com 10.10.10.10

add dns addrec *.example.com 10.10.10.11

add dns aaaarec *.example.com 2001::1

In the example, a wildcard domain name is added for an A and AAAA record.

When a query is received for a domain name that exists in the zone, the Citrix ADC appliance responds with the corresponding response. For example, for www.example.com, the appliance responds with 2.2.2.2 in the example.

For a nonexistent domain name that matches with a wildcard type, a synthesized response is delivered.

In the example, the Citrix ADC appliance responds with 10.10.10.10 and 10.10.10.11 for a domain name nonexist.example.com or xyz.example.com.

Wildcard synthesis is not applicable for a domain name that exists in the zone.

For example, for the query www.example.com and type AAAA, the Citrix ADC appliance does not synthesize with wildcard, because www.example.com exists with type A. In the example, the Citrix ADC appliance responds with a NODATA response.

For a query say abc.example.com and type AAAA, the Citrix ADC appliance responds with a synthesized response. For example, for www.example.com, the appliance responds with 2001::1 in the example.

Supporting wildcard DNS domains