Re: DNS and subdomains

[Rubens Kuhl <rubensk () gmail com>]

Most security tools, browsers included, use the boundaries from
https://publicsuffix.org/ . While DNS could indicate what is a zone
cut and what is not, it's not the only feature that indicates a
transition between administrations.


Rubens

On Mon, Feb 24, 2025 at 10:59 PM Harry Hoffman via NANOG
<nanog () nanog org> wrote:
> Hi Folks,
>
> Feel free to tell me this isn't the proper place for my question but given that networking and DNS are hand in hand I 
> thought it might be reasonable to ask here.
>
> In working with several OSINT sources for domain processing it seems like the way domains and subdomains are 
> processed essentially equates subdomains with FQDNs.
>
> For example, several APIs (and even ChatGPT) classify the following:
>
> access.api.bbc.com
>
> account-api.api.bbc.com
>
> account-api.int.api.bbc.com
>
> account-api.stage.api.bbc.com
>
> account-api.test.api.bbc.com
>
> account-cdn.test.api.bbc.com
>
>
> with subdomains as either:
> all subdomains as api.bbc.com
>
> or as subdomains of access.api, account-api.api, account-api.int.api, etc.
>
>
> instead of classifying as:
> api.bbc.com
> int.api.bbc.com
> stage.api.bbc.com
> test.api.bbc.com
>
>
> Has this become common practice? Is there a definitive way to determine subdomains? I seem to recall that "older" dns 
> server software wouldn't allow this but it could be that my memory is faulty.
>
>
> Thanks!
>
>
> Cheers,
> Harry