forward-domain icon indicating copy to clipboard operation
forward-domain copied to clipboard

Published 20 hours ago verified publisher icon willnode

wildcard domain

Open gitmacer opened this issue 1 year ago • 6 comments

is it possible or can it be added to redirect the wildcard entrie?

.*.mydomain.de. IN TXT forward-domain=https://example.com is resulting in "The TXT record data for ".test.mydomain.de" is missing"

gitmacer avatar May 03 '24 17:05 gitmacer

I don't think it will be ever supported since HTTPS verification can be technically difficult. What's your usecase here?

willnode avatar May 03 '24 23:05 willnode

HTTPS verification looks already great to me. For example: _.test TXT forward-domain=https://example.com/*

With a wildcard Record is already working.

I propose to further reduce the complexity of the DNS setup and maintenance efforts.

If you want to setup an alternative domain you would only need

_.*.gs.short.de IN TXT base-domain=gs.short.de; forward-domain=https://greatsite.com

And it should redirect site1.gs.short.de to site1.greatsite.com and 123.gs.short.de to 123.greatsite.com

With updating the subdomains on the greatsite.com domain the alternative domains would be working without change.

I propose base-domain to specify if/which subdomain should get attached. None if base-domain not provided.

gitmacer avatar May 04 '24 01:05 gitmacer

Just want to make sure, we can set _.*.gs.short.de TXT record and set *.gs.short.de CNAME record already? I never thought we can set wildcard in middle of dot labels. I need to read it somewhere.

willnode avatar May 04 '24 09:05 willnode

I noticed * in middle of dot labels is settable but isn't actually supported. txtdirect.org is using "_" as wildcard.

An sufficient and simpler solution would be to simply search for the first forward-domain entry in the domain path and attach the subdomainpath to it.

Wildcard CNAME is supported by most registrars. And wildcard A is definitely no problem. Cludflare for example: https://developers.cloudflare.com/dns/manage-dns-records/reference/wildcard-dns-records/

_.gs.short.de
TXT
forward-domain=https://greatsite.com/

gs.short.de
CNAME
r.forwarddomain.net

*.gs.short.de
CNAME
r.forwarddomain.net

is enough to redirect gs.short.de to greatsite.com and site1.gs.short.de to site1.greatsite.com and 123.gs.short.de to 123.greatsite.com and 321.123.gs.short.de to 321.123.greatsite.com ...

gitmacer avatar May 04 '24 14:05 gitmacer

OK I understand. Although I'd already say there's a tough challenge. We have to turn this software to also be a DNS resolver so DNS validation for wildcard works (so acme dns challenge works).

This is might be possible but significant development time is needed as I have to implement a DNS resolver too. Also, a robust design of how we can provide the TXT record of this also needed (lesser DNS talks and an approach to recursive domain resolving).

willnode avatar May 04 '24 14:05 willnode

Just for clarification, it's technically possible to stick with current HTTP validation to Let's Encrypt but I would reject the idea. If you set a wildcard record then we must do wildcard ssl too, otherwise we would face other problems like hitting Let's encrypt rate limit.

willnode avatar May 04 '24 14:05 willnode