nanog mailing list archives

Re: DNS and subdomains

From: Harry Hoffman via NANOG <nanog () nanog org>
Date: Tue, 25 Feb 2025 07:36:16 -0500

Thanks everyone for the wonderful answers! The thoughts in my head were not
aligned with reality ;-)

I had a thought similar to what Bill describes, that everywhere there's a
dot (.) there's a subdomain. I also had the thought/assumption that the
data to the left of the leftmost dot (.) was essentially the hostname. It's
been a while since I've regularly been into DNS but I thought I remembered
it that way. But then seeing some of the OSINT data, that seemed to throw
that idea out the window as they appear to use the publicsuffix.org site to
divine suffix and domain and then consider everything to the left of that
as a subdomain. I've now updated my understanding.

Cheers,
Harry

On Mon, Feb 24, 2025 at 9:47 PM William Herrin <bill () herrin us> wrote:

On Mon, Feb 24, 2025 at 5:58 PM Harry Hoffman via NANOG <nanog () nanog org>
wrote:

In working with several OSINT sources for domain processing it seems

like the way domains and subdomains are processed essentially equates
subdomains with FQDNs.

Hi Harry,

I don't understand what you mean. Do you mean how do local resolvers
expand local names (e.g. "server") in FQDNs
("server.examplecompany.com")?

Has this become common practice? Is there a definitive way to determine

subdomains? I seem to recall that "older" dns server software wouldn't
allow this but it could be that my memory is faulty.

Subdomain is kinda a fuzzy question. Everywhere there's a dot there's
a "subdomain," but the only technical meanings those dots have is
that:

1. There *might* be a DNS delegation there.
2. The resolver's primitive internal compression algorithm can break
the name in parts there when composing the query or response packet.

There's another similar question you might be trying to ask: how do
you determine whether a DNS name has been delegated from one zone file
at one server to another zone file at another server? That has a more
precise answer with technical meaning: If a NS and SOA records exist
at the "dot" boundary then there's a delegation. If not, then there
isn't.

For example, I have a host named "cat.p.dirtside.com." "dirtside.com"
is a delegation of "com" because there's an NS record for
"dirtside.com." However, "p.dirtside.com" is NOT a delegation of
"dirtside.com" because there's no NS record. "cat.p" is simply a name
within the "dirtside.com" zone file.

Regards,
Bill Herrin


--
William Herrin
bill () herrin us
https://bill.herrin.us/

Current thread:

DNS and subdomains Harry Hoffman via NANOG (Feb 24)
- Re: DNS and subdomains Rubens Kuhl (Feb 24)
- Re: DNS and subdomains Mark Andrews (Feb 24)
- Re: DNS and subdomains William Herrin (Feb 24)
  - Re: DNS and subdomains Harry Hoffman via NANOG (Feb 25)
    - Re: DNS and subdomains Stephane Bortzmeyer via NANOG (Feb 28)
    - Re: DNS and subdomains Jay (Feb 28)
    - Re: DNS and subdomains Harry Hoffman via NANOG (Feb 28)
    - Re: DNS and subdomains Shumon Huque (Feb 28)
    - Re: DNS and subdomains Harry Hoffman via NANOG (Feb 28)
    - Re: DNS and subdomains William Herrin (Feb 28)
    - Re: DNS and subdomains David Conrad via NANOG (Feb 28)
    - Re: DNS and subdomains William Herrin (Feb 28)
    - Re: DNS and subdomains Dantzig, Brian (Feb 28)
    - Re: DNS and subdomains Warren Kumari (Feb 28)

(Thread continues...)