Tom's questions -server

Tom

Asked: 2015-08-12 05:50:37 +0800 CST

How to add DANE/TLSA on a wildcard subdomain?

I would like to enable DANE/TLSA on *.example.com for https.

To activate it on example.com I can do that (I used TYPE52 instead of TLSA because my DNS provider is not DANE-aware):

_443._tcp.example. IN TYPE52 # 35 01010102d50459538b4c549014266824948c9294da322581e51a0f0e79ce8aea0def89

Wildcard are not allowed in the middle so I can't do that (right?) :

_443._tcp.*.example. IN TYPE52 # 35 01010102d50459538b4c549014266824948c9294da322581e51a0f0e79ce8aea0def89

But activate it on *.example.com the only way I found is (the first line was already there to redirect *.example.com on the same IPs) :

*                         IN CNAME  example.com.
example.com.              IN TYPE52 # 35 01010102d50459538b4c549014266824948c9294da322581e51a0f0e79ce8aea0def89

It works but it falsely enable it for all protocols/ports (ssh, imaps, ...)

Did I miss something ?

Should I explicitly add all sub-domains instead of using a wildcard ?

How to add DANE/TLSA on a wildcard subdomain?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?