Wildcard DNS

Available on: Plus Pro Elite

1. What This Feature Does

Wildcard DNS creates a *.domain record that matches any subdomain query that does not have its own explicit DNS record. When you create a wildcard for a base domain (e.g., myserver.certadns.com), the system generates a wildcard pattern *.myserver.certadns.com that resolves all unmatched subdomains to the same IP address as the base domain.

For example, if myserver.certadns.com points to 203.0.113.50 and you create a wildcard for it, then anything.myserver.certadns.com, test.myserver.certadns.com, and sub.anything.myserver.certadns.com will all resolve to 203.0.113.50, unless you have created explicit records for those specific subdomains.

The wildcard record is stored in the database with fqdn = "*.{base_fqdn}" and is_wildcard=True. The base domain is marked with wildcard_enabled=True. The wildcard record is synchronized to PowerDNS as a standard DNS wildcard entry and uses the base domain's IP address as the target.

2. When You Should Use It

• You run services on many subdomains (e.g., customer-specific instances) and need all of them to resolve to the same IP without creating individual DNS records for each.
• You want a catch-all DNS entry for development or staging environments where subdomain names are dynamically generated.
• You operate a multi-tenant application where each tenant gets a unique subdomain, all pointing to the same application server.
• You want to simplify DNS management by avoiding the need to manually create records for every possible subdomain.

3. When You Should Not Use It

• Different IPs for different subdomains: Wildcard records resolve all matching subdomains to the same IP. If you need different IPs, create individual DNS records instead.
• Email (MX records): Wildcard DNS only creates A or AAAA records. For wildcard MX records, use the DNS Record Management feature on an imported zone.
• Free plan users: Wildcard DNS is only available on Plus, Pro, and Elite plans. Free plan users receive a 403 error when attempting to create wildcards.
• Security-sensitive environments: Wildcard DNS can cause unintended DNS matches. Ensure no subdomain collisions will occur with existing or future services.

4. Prerequisites

• A Plus, Pro, or Elite plan subscription. Free users cannot create wildcard DNS records.
• An existing base domain in your account. The wildcard is created as a child of this domain.
• The base domain must have an IP address assigned. The wildcard will use the same IP as the base domain.
• No existing wildcard for the same base domain. Each base domain can have only one wildcard.

5. How It Works (Brief)

When you create a wildcard, the system performs the following steps:

1. Validates that the base domain exists and has an IP address assigned.
2. Checks that no wildcard already exists for this base domain.
3. Creates a new domain record with fqdn = "*.{base_fqdn}", is_wildcard=True, and the same IP as the base domain.
4. Sets wildcard_enabled=True on the base domain to indicate it has a wildcard child.
5. Creates a WildcardUsage tracking record in the database.
6. Synchronizes the wildcard record to PowerDNS as a standard DNS wildcard entry.

Once created, the wildcard record resolves all DNS queries for subdomains that do not have explicit records. Explicit records always take precedence over wildcard matches. For example, if you create an explicit record for api.myserver.certadns.com pointing to a different IP, that record will be returned instead of the wildcard.

The wildcard uses the same IP address as the base domain. If you update the base domain's IP, the wildcard IP is not automatically updated. You must delete and recreate the wildcard or update the wildcard record separately.

6. How to Use It

Creating a wildcard

1. Navigate to Dashboard > Domains.
2. Locate the base domain for which you want to create a wildcard. Ensure the domain has an IP address assigned.
3. In the Actions column, click the sparkle icon. (This icon only appears for paid plan users and is not shown for domains that are already wildcards or that already have a wildcard.)
4. The Wildcard Modal opens and displays:
   • The wildcard pattern in purple text: *.{base_fqdn}
   • The target IP address from the base domain.
   • An explanation of what subdomains will match (e.g., "Matches anything.myserver.certadns.com" and "Matches sub.anything.myserver.certadns.com").
5. If the base domain has no IP address, a yellow warning appears: "Please set an IP address on the base domain before creating a wildcard." The Create button is disabled.
6. Click Create Wildcard.
7. The wildcard record is created and appears in the domain list with a purple "Wildcard" badge.

Viewing wildcards

1. Wildcard domains appear in the domain list with a purple "Wildcard" badge in the Domain column.
2. Use the filter dropdown and select Wildcard to view only wildcard domains.
3. Wildcard domains are included in the domain count and count toward your plan's domain limit.

Deleting a wildcard

1. In the domain list, locate the wildcard domain (identified by the purple "Wildcard" badge).
2. Click the trash icon in the Actions column.
3. Confirm the deletion in the dialog.
4. The wildcard record is removed from PowerDNS, wildcard_enabled is set to False on the base domain, and the wildcard domain record is permanently deleted.

Deleting the base domain does not automatically delete the wildcard. You must delete the wildcard separately, or the wildcard will remain in the database as an orphaned record.

7. Inputs and Settings

Field	Description	Constraints
Base Domain	The existing domain for which the wildcard is created. The wildcard pattern becomes *.{base_fqdn}.	Must exist in your account, must have an IP address assigned, and must not already have a wildcard.
Wildcard Pattern	Automatically generated as *.{base_fqdn}. Cannot be customized.	Read-only. Displayed in purple in the modal.
Target IP	The IP address to which all wildcard matches will resolve. Inherited from the base domain.	Must be a valid IPv4 or IPv6 address. The wildcard uses the base domain's current IP at the time of creation.

Plan restrictions

Plan	Wildcard DNS
Free	Not available (403 error)
Plus	Available
Pro	Available
Elite	Available

8. Outputs and Results

Wildcard domain list entry

Wildcard domains appear in the domain list with the following characteristics:

Column	Value
Domain	Shows the wildcard FQDN (e.g., *.myserver.certadns.com) in monospace font with a purple "Wildcard" badge.
Zone	The parent zone of the base domain.
Status	Green "Active" badge (wildcards are always active unless the base domain is inactive).
Current IP	The IP address to which wildcard queries resolve.
Monitoring	Can be enabled or disabled, same as regular domains.
Actions	Update IP (pencil icon), Update Help (question mark icon), Delete (trash icon). The sparkle icon does not appear on wildcard domains.

DNS resolution behavior

When a DNS query is made for a subdomain under the wildcard pattern:

• If an explicit DNS record exists for the queried subdomain, that record is returned (explicit records override wildcards).
• If no explicit record exists, the wildcard record is returned, resolving to the wildcard's target IP.
• If the wildcard is deleted, queries for unmatched subdomains return NXDOMAIN (non-existent domain).

API response

The domain list API includes wildcard domains in the domains array. Wildcard domains have is_wildcard: true and fqdn in the format *.{base_fqdn}.

{
  "id": 12345,
  "fqdn": "*.myserver.certadns.com",
  "is_wildcard": true,
  "ip_address": "203.0.113.50",
  "status": "active",
  "zone_id": 1,
  "wildcard_enabled": false
}

9. How to Interpret Results

Normal

• The wildcard domain appears in the list with a purple "Wildcard" badge and shows the correct IP address.
• DNS queries for unmatched subdomains (e.g., test.myserver.certadns.com) return the wildcard IP.
• DNS queries for explicit subdomains (e.g., api.myserver.certadns.com if you created a separate record) return the explicit record's IP, not the wildcard IP.

Unexpected or worth investigating

• Wildcard does not appear in the list: The wildcard creation may have failed. Check for error messages in the UI or verify that the base domain has an IP address assigned.
• DNS queries still return NXDOMAIN: The wildcard record may not have synchronized to PowerDNS. Wait a few moments and retry. If the issue persists, delete and recreate the wildcard.
• Wildcard IP does not match base domain IP: The wildcard uses the IP from the base domain at the time of creation. If you updated the base domain's IP after creating the wildcard, the wildcard IP is not automatically updated. Update the wildcard IP separately or delete and recreate the wildcard.

Common interpretation mistakes

• Expecting wildcard to auto-update with base domain IP: The wildcard IP is set at creation time and does not automatically sync with the base domain. You must update the wildcard IP manually if the base domain IP changes.
• Assuming wildcard overrides explicit records: Explicit DNS records always take precedence over wildcard matches. If you create a record for sub.myserver.certadns.com, that record is returned instead of the wildcard, even if the wildcard exists.
• Confusing wildcard domain with base domain: The wildcard is a separate DNS record with FQDN *.{base_fqdn}. It appears as a distinct entry in the domain list.

10. Common Issues and Explanations

"Requires paid plan" error (403)

Wildcard DNS is only available on Plus, Pro, and Elite plans. Free users cannot create wildcard records. Upgrade to a paid plan to access this feature.

"Base domain not found" error (404)

The base domain does not exist in your account or has been deleted. Verify that the domain appears in your domain list and that you are using the correct domain ID.

"Wildcard already exists" error (400)

A wildcard has already been created for this base domain. Each base domain can have only one wildcard. To create a new wildcard, delete the existing wildcard first.

"PowerDNS sync failure" error (500)

The wildcard record was created in the database but failed to synchronize to the authoritative DNS servers. This is a server-side issue. Contact support if the error persists.

Create button is disabled in the Wildcard Modal

The base domain does not have an IP address assigned. A yellow warning appears in the modal: "Please set an IP address on the base domain before creating a wildcard." Update the base domain's IP, then retry creating the wildcard.

Sparkle icon does not appear for a domain

The sparkle icon for creating wildcards only appears under these conditions:

• You are on a Plus, Pro, or Elite plan (Free users do not see the icon).
• The domain is not already a wildcard.
• The domain does not already have a wildcard child.

If the icon is missing, verify your plan status and check whether a wildcard already exists for the domain.

Wildcard not resolving in DNS lookups

Verify that the wildcard record appears in your domain list with a purple "Wildcard" badge. If the record exists, wait for DNS propagation (up to 60 seconds on paid plans). Query the authoritative nameservers (ns1.certadns.com or ns2.certadns.com) directly to confirm the wildcard is present.

11. Limits and Constraints

Constraint	Value
Wildcards per base domain	1
Plan requirement	Plus, Pro, or Elite
IP address source	Inherited from base domain at creation time
Domain limit impact	Wildcard records count toward your plan's domain limit
Record type	A or AAAA (matches base domain's record type)

• Wildcard records use the same TTL as regular domains: 60 seconds on paid plans.
• Wildcard domains cannot have their own wildcard child. For example, you cannot create *.*.myserver.certadns.com.
• Deleting the base domain does not automatically delete the wildcard. You must delete the wildcard separately.
• Wildcard records on imported zones are subject to the 500 DNS records per zone limit.

12. Related Features

• Dynamic DNS Domains — Create and manage base domains for which wildcards can be created.
• Managed DNS Zones — Import your own domain to create wildcard records on custom zones.
• DNS Record Management — Create explicit DNS records (MX, CNAME, TXT, etc.) that override wildcard matches.
• Uptime Monitoring — Monitor the reachability of wildcard domain targets.
• DNS Analytics — View query volume and traffic patterns for wildcard domains.

13. Updates and Behavior Changes

• Wildcard DNS support was added as a paid-plan-only feature. Free users attempting to create wildcards receive a 403 error.
• The sparkle icon UI indicator was introduced to make wildcard creation more discoverable for paid users.
• Wildcard domain filtering was added to the domain list filter options, allowing users to view only wildcard domains.
• Wildcard records are now tracked separately in the WildcardUsage table for usage analytics and billing purposes.