Wildcard DNS Records: Use Cases and Configuration
Learn what wildcard DNS records are, when to use them, how they affect subdomains, and how to avoid common routing and SSL problems.
Introduction
A wildcard DNS record allows many undefined subdomains to resolve using one DNS rule. For example, a wildcard record for *.example.com can send unknown subdomains like client1.example.com or anything.example.com to the same destination.
Wildcard DNS can be useful for SaaS platforms, client portals, temporary environments and multi-tenant applications. But it should be used carefully. DNS can point wildcard subdomains to a server, but the server, application, CDN or hosting platform must still be configured to handle those hostnames.
Quick answer
A wildcard DNS record uses an asterisk, such as *.example.com, to match subdomains that do not already have their own DNS records. It can point many subdomains to the same IP address or hostname, but it does not automatically configure hosting, SSL or application routing for those subdomains.
What is wildcard DNS?
A wildcard DNS record is a DNS record that matches undefined subdomains under a domain.
*.example.com → 192.0.2.10
This means that random.example.com, client1.example.com or test.example.com may resolve to the same destination if no more specific DNS record exists.
Wildcard DNS usually applies only when there is no exact record for that subdomain. Exact records normally take priority.
How wildcard DNS works
Wildcard DNS acts as a fallback for subdomains that do not have their own records.
Specific record:
app.example.com A 192.0.2.20
Wildcard record:
*.example.com A 192.0.2.10
Result:
app.example.com uses 192.0.2.20 because it has a specific record.
anything.example.com uses 192.0.2.10 because it matches the wildcard.
The exact behavior can depend on DNS provider and record type, but specific records should be configured intentionally when they need different behavior.
Common use cases
SaaS customer subdomains
client1.example.com, client2.example.com and similar hostnames route to the same platform.
Temporary environments
dev.example.com, staging.example.com or preview subdomains can be handled dynamically.
Multi-tenant applications
Many customer or workspace hostnames point to the same application infrastructure.
Catch-all subdomains
Unknown subdomains can show a default page instead of failing DNS resolution.
Internal tools
Teams may use wildcard DNS for dashboards, testing or development environments.
Wildcard DNS is powerful, but it should not be used as a shortcut if each subdomain needs different routing, SSL or security rules.
Which records can be wildcard?
Wildcard A
Points undefined subdomains to an IPv4 address.
*.example.com A 192.0.2.10
Wildcard AAAA
Points undefined subdomains to an IPv6 address.
*.example.com AAAA 2001:db8::10
Wildcard CNAME
Points undefined subdomains to another hostname.
*.example.com CNAME app.hostingprovider.example
Wildcard MX/TXT
Possible in some DNS contexts, but less common and should be used only when a provider specifically requires it.
Most website wildcard setups use A, AAAA or CNAME records.
Why this matters
Wildcard DNS matters because it can make many subdomains resolve automatically. This is useful for dynamic platforms, but it can also hide mistakes. A typo like admn.example.com may still resolve, even if it was not intentionally created.
Wildcard DNS should be paired with proper application routing, SSL coverage, logging and security controls.
How to check wildcard DNS
Use DNS Lookup to test a subdomain that should only exist because of the wildcard record.
When checking wildcard DNS, review
These five checks help confirm wildcard DNS is configured and working as expected.
Wildcard record
Check whether *.example.com exists.
Test hostname
Check a random hostname such as test-wildcard.example.com.
Specific records
Check whether important subdomains have their own exact records.
Destination
Confirm whether wildcard subdomains point to the expected IP or hostname.
Service readiness
Confirm the server, CDN or application accepts wildcard hostnames.
Check wildcard DNS now
Use DNS Lookup to test wildcard and specific subdomain records.
Common problems
Wildcard points to the wrong destination
HighUndefined subdomains resolve to an old server, wrong hosting platform or incorrect CDN target.
Next step: Update the wildcard A, AAAA or CNAME record at the active DNS provider.
DNS works but application does not
MediumThe wildcard record resolves, but the server or application does not recognize the requested hostname.
Next step: Configure wildcard host handling in the hosting, CDN or application platform.
SSL does not cover wildcard subdomains
HighDNS resolves, but HTTPS fails because the certificate does not cover *.example.com.
Next step: Use a wildcard certificate or configure SSL for the needed subdomains.
Specific subdomain is overridden unexpectedly
MediumA subdomain may appear to use wildcard behavior because no exact record exists.
Next step: Add a specific DNS record for that hostname if it needs different routing.
Wildcard hides typos
LowMistyped subdomains may still resolve instead of clearly failing.
Next step: Use application-level handling, logging or a default page for unknown hostnames.
Wildcard used when explicit records are better
MediumA wildcard record may create unnecessary complexity for a small static website.
Next step: Use explicit DNS records for important subdomains.
Wildcard conflicts with provider instructions
MediumSome SaaS, CDN or verification systems require specific records and may not work with a wildcard alone.
Next step: Follow the provider’s exact DNS instructions.
How to configure it safely
-
Confirm the use case
Decide why wildcard DNS is needed. Use it for dynamic subdomains, SaaS routing or multi-tenant applications, not as a replacement for planning.
-
Choose the correct record type
Use A/AAAA if the wildcard should point to IP addresses. Use CNAME if the provider gives a hostname target.
-
Add the wildcard record
Create a record for *.example.com at the active DNS provider.
-
Keep important subdomains explicit
Add specific records for important hostnames such as www, mail, app, panel or shop if they need different behavior.
-
Configure the destination service
Make sure the web server, CDN or application accepts wildcard hostnames.
-
Check SSL coverage
Use a wildcard certificate or provider-managed SSL that covers the wildcard hostnames.
-
Test random and specific subdomains
Check both a random wildcard subdomain and important explicit subdomains.
Wildcard DNS examples
Wildcard A record:
*.example.com. 300 IN A 192.0.2.10
Wildcard CNAME record:
*.example.com. 300 IN CNAME app.hostingprovider.example.
Specific record taking priority:
app.example.com. 300 IN A 192.0.2.20
dig random.example.com A
dig app.example.com A
dig '*.example.com' A
These are examples only. Replace hostnames, IP addresses and provider targets with values from your DNS, hosting or application provider.
Wildcard DNS and SSL
Wildcard DNS and wildcard SSL are related but not the same. Wildcard DNS controls how subdomains resolve. Wildcard SSL controls whether HTTPS is valid for matching subdomains.
*.example.com DNS can point subdomains to a server.
*.example.com SSL certificate can secure many subdomains over HTTPS.
A wildcard certificate usually covers one subdomain level, such as app.example.com, but not deep names like dev.app.example.com unless specifically supported.
When not to use wildcard DNS
Avoid wildcard DNS when explicit records are clearer or safer.
Wildcard DNS may not be the best choice when:
- you only have a few known subdomains
- each subdomain points to a different service
- email-related hostnames need strict control
- unknown subdomains should fail instead of resolving
- SSL is not ready for wildcard hostnames
- your application cannot safely handle arbitrary hostnames
For many small websites, explicit DNS records are easier to manage.
Frequently asked questions
What is wildcard DNS?
Wildcard DNS uses an asterisk, such as *.example.com, to match undefined subdomains.
Does wildcard DNS make all subdomains work?
It makes undefined subdomains resolve in DNS, but the server, CDN or application must still handle those hostnames.
Does wildcard DNS include www?
Only if www does not have a more specific DNS record. Important subdomains like www should usually be configured explicitly.
Can wildcard DNS use CNAME?
Yes, many DNS providers support wildcard CNAME records. Follow your provider’s requirements.
Do I need wildcard SSL too?
If wildcard subdomains use HTTPS, you need SSL coverage for those hostnames, often through a wildcard certificate or provider-managed SSL.
Should every website use wildcard DNS?
No. Many websites are better with explicit DNS records for known subdomains.
Related tools
Use these free tools to verify your configuration after applying changes.
Related guides
Browse all DNS & Domain guides →Need help applying this fix?
Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.
Was this guide helpful?
Your feedback helps us improve our guides for everyone.
Thanks for your feedback!