Can I use a wildcard DNS record with any record type?

Wildcard records work with most common DNS record types including A, AAAA, CNAME, MX, and TXT. However, you cannot use a wildcard for NS or SOA records at the zone apex. The most common use is wildcard A records (pointing subdomains to an IP) and wildcard CNAME records (pointing subdomains to another hostname).

Will a wildcard DNS record override my existing subdomain records?

No. Specific records always take priority over wildcard records. If you have an A record for blog.example.com and a wildcard *.example.com, traffic to blog.example.com uses the specific A record. The wildcard only applies to subdomains that don't have their own records defined.

Is a wildcard DNS record bad for SEO?

Not directly, but it can cause problems if misconfigured. If your wildcard serves the same content on unlimited subdomains, search engines may see it as duplicate content. The best practice is to return a 404 or redirect undefined subdomains to your main domain instead of serving content on every possible subdomain.

How do I set up a wildcard DNS record?

In your DNS provider's dashboard, create a new record with * as the hostname. Choose the record type (usually A or CNAME), enter the destination (IP address or hostname), and set your TTL. For example: Type: A, Name: *, Value: 192.0.2.1, TTL: 3600. The wildcard will apply to all subdomains that don't have specific records.

What is the difference between a wildcard DNS record and a wildcard SSL certificate?

A wildcard DNS record controls where subdomain traffic is routed (mapping *.example.com to an IP address). A wildcard SSL certificate secures HTTPS connections for all subdomains (*.example.com). They serve different purposes but are often used together — the DNS record routes traffic, and the SSL certificate encrypts it.

What is a Wildcard DNS Record? How It Works

1. How Wildcard DNS Records Work

In standard DNS, every subdomain needs its own record. If you want blog.example.com to work, you create an A record or CNAME record specifically for it.

A wildcard record changes this. By creating a record with * as the hostname, you tell DNS servers: "For any subdomain that doesn't have its own record, use this one."

# Example wildcard A record

*.example.com. 3600 IN A 192.0.2.1

# What happens:

blog.example.com → 192.0.2.1 (no specific record, wildcard applies)

shop.example.com → 192.0.2.1 (no specific record, wildcard applies)

anything.example.com → 192.0.2.1 (no specific record, wildcard applies)

www.example.com → 203.0.113.5 (has its own A record, wildcard ignored)

Key rule: Specific records always override wildcard records. If a subdomain has its own record, the wildcard is ignored for that subdomain.

2. Wildcard Syntax Rules

Wildcard records follow specific rules that are often misunderstood:

Record	Valid?	Notes
*.example.com	✓ Valid	Standard wildcard — matches all undefined subdomains
*.www.example.com	✓ Valid	Scoped wildcard — only matches subdomains under www
*abc.example.com	✗ Invalid	Asterisk must be the entire leftmost label, not part of it
abc.*.example.com	✗ Invalid	Asterisk must be the leftmost label only
..example.com	⚠ Partial	Only the first * is a wildcard, the second is literal

The wildcard applies across multiple levels by default. A record for *.example.com will match both one.example.com and deep.sub.example.com — unless a more specific record exists in between.

3. When to Use Wildcard DNS Records

Multi-tenant SaaS applications

Platforms like Shopify or WordPress.com give each customer a subdomain (mystore.shopify.com). A wildcard record routes all customer subdomains to the same infrastructure, where the application handles routing internally.

Development and staging environments

Teams create subdomains like feature-x.dev.example.com for each branch or developer. A wildcard on *.dev.example.com means no DNS changes are needed for each new environment.

Catch-all for typos and undefined subdomains

Instead of visitors seeing a DNS error when they type ww.example.com or wwww.example.com, a wildcard record routes them to your main site or a custom error page.

Email catch-all

A wildcard MX record can route email for any subdomain to your mail server. However, this needs careful configuration to avoid SPF/DKIM issues.

4. Risks and When to Avoid Wildcards

Wildcard records are powerful but can cause serious problems if misused:

Subdomain takeover

If your wildcard points to cloud infrastructure (like AWS CloudFront) and that resource is deleted, an attacker can claim it. Now login.example.com serves attacker-controlled content — with your domain name.

Internal DNS confusion

Devices on your network may append your domain as a search suffix. A wildcard means typos like google.com.example.com resolve instead of failing — causing broken functionality and hard-to-debug errors.

SSL certificate complications

A wildcard SSL certificate (*.example.com) paired with a wildcard DNS record means any compromised subdomain serves valid HTTPS — making attacks harder to detect.

Email deliverability issues

A wildcard MX record can conflict with SPF and DKIM configurations, potentially causing email from undefined subdomains to be flagged as spam.

Best practice: Only use wildcard DNS records if you have a clear use case. If you don't need one, don't create one — explicit records are always safer.

5. How to Set Up a Wildcard DNS Record

Setting up a wildcard record is straightforward in most DNS providers:

Step 1: Log into your DNS provider (Cloudflare, Route 53, your registrar, etc.)

Step 2: Add a new DNS record

Step 3: Set the record fields:

Field	Value
Type	A (or CNAME)
Name / Host	*
Value / Target	Your server IP or hostname
TTL	3600 (1 hour)

Step 4: Save and wait for DNS propagation

After creating the record, use DNSFly's DNS Propagation Checker to verify it's resolving correctly across global servers.

Check Your Wildcard DNS Record

Enter any subdomain of your domain to see if your wildcard record is active and propagating correctly across 21 global DNS servers.

DNS Propagation Checker