Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Subdomain
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Overview == The [[Domain Name System]] (DNS) has a [[tree structure]] or hierarchy, which includes nodes on the tree being a [[domain name]]. A subdomain is a domain that is part of a larger domain. Each label may contain from 0 to 63 [[octet (computing)|octets]].<ref name="rfc1034">RFC 1034, ''Domain Names - Concepts and Facilities'', P. Mockapetris (Nov 1987)</ref> The full domain name may not exceed a total length of 253 ASCII characters in its textual representation.<ref name="rfc1035">RFC 1035, ''Domain names--Implementation and specification'', P. Mockapetris (Nov 1987)</ref> Subdomains are defined by editing the DNS zone file pertaining to the parent domain. However, there is an ongoing debate over the use of the term "subdomain" when referring to names which map to the [[List of DNS record types#A|Address record]] A (host) and various other types of zone records which may map to any public [[IP address]] destination and any type of server. Network Operations teams insist that it is inappropriate to use the term "subdomain" to refer to any mapping other than that provided by zone [[Authoritative name server|NS]] (name server) records and any server-destination other than that. According to RFC 1034, ''"a domain is a subdomain of another domain if it is contained within that domain"''. Based on that definition, a host cannot be a subdomain, only a domain can be a subdomain. A subdomain will also have a separate zone file with a SOA record (Start of Authority). Most [[domain name registry|domain registries]] only allocate a two-level domain name. Hosting services typically provide DNS Servers to resolve subdomains within that master domain. [[File:Subdomain-en.svg|thumb|300px|Example of subdomain]] A fully qualified domain name consists of multiple parts. For example, take the English Wikipedia domain <code><nowiki>en.wikipedia.org</nowiki></code>. The <code>en</code> is a subdomain of <code>wikipedia.org</code>. Although <code>wikipedia.org</code> is usually considered to be the [[domain name]], <code>wikipedia</code> is actually a sub-domain of the <code>org</code> [[Top-level domain|TLD]] (top level domain). Any fully qualified domain name can be a host or a subdomain. A domain name that does not include any subdomains is known as an ''apex domain'', ''root domain'', or ''bare domain''.<ref>{{cite web|url=https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/about-custom-domains-and-github-pages#using-an-apex-domain-for-your-github-pages-site|title=About custom domains and GitHub Pages Β§ Using an apex domain for your GitHub Pages site|website=GitHub Docs|access-date=2021-04-09|archive-date=2021-08-08|archive-url=https://web.archive.org/web/20210808072525/https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/about-custom-domains-and-github-pages#using-an-apex-domain-for-your-github-pages-site|url-status=live}}</ref> For example, <code>wikipedia.org</code> is the apex domain of Wikipedia, which redirects to the subdomain <code>www.wikipedia.org</code>. To discover more subdomains associated with a domain, you can utilize a variety of methods and tools. Automated tools like Amass<ref>{{Citation |title=owasp-amass/amass |date=2024-10-27 |url=https://github.com/owasp-amass/amass |access-date=2024-10-27 |publisher=OWASP Amass Project}}</ref> and Subfinder <ref>{{Citation |title=projectdiscovery/subfinder |date=2024-10-27 |url=https://github.com/projectdiscovery/subfinder |access-date=2024-10-27 |publisher=ProjectDiscovery}}</ref> leverage open-source intelligence and SSL certificate data<ref>{{Cite web |title=crt.sh {{!}} Certificate Search |url=https://crt.sh/ |access-date=2024-10-27 |website=crt.sh}}</ref> to quickly uncover subdomains. Google Dorking, using the "site:" operator, allows for manual searches of indexed subdomains, while brute force techniques systematically query DNS servers with potential names. Passive DNS reconnaissance through APIs from services like SecurityTrails & Subdomain Center<ref>{{Cite web |title=The World's Fastest Growing Subdomain & Shadow IT Database |url=https://www.subdomain.center/ |access-date=2024-10-27 |website=subdomain.center |language=en}}</ref> can reveal historical data without direct queries. Additionally, community resources such as GitHub and Pastebin may contain publicly available lists of subdomains. Combining these approaches will enhance your ability to effectively identify hidden or overlooked subdomains for security assessments or research purposes.<ref>{{Cite web |last=TheTechromancer |title=Subdomain Enumeration Tool Face-off - 2023 Edition |url=https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off-4e5 |access-date=2024-10-27 |website=blog.blacklanternsecurity.com |language=en}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)