Wildcard DNS
free/v1/dns/wildcardDetects wildcard DNS configuration by testing for *.domain resolution. Per RFC 4592, wildcard records match only one label level — *.example.com matches foo.example.com but NOT bar.foo.example.com. This endpoint tests this distinction and analyzes security implications.
What It Does
Detects wildcard DNS by querying two independent cryptographically random subdomains and comparing responses. Wildcard is confirmed only when both probes return matching records (preventing false positives from load balancers). Returns the wildcard record type (A, AAAA, CNAME) and target. Beyond A/AAAA/CNAME, also tests whether MX and TXT records wildcard — wildcarded MX means every subdomain receives mail (a real exfiltration / phishing risk), and wildcarded TXT can break SPF/DMARC/DKIM lookups by returning unexpected values for non-existent labels. Probes both label-depth 1 and depth 2 to distinguish an RFC 4592 single-label wildcard from a CDN-style catch-all that synthesizes records at any depth. When the wildcard is a CNAME pointing to a known takeover-prone service (GitHub Pages, Heroku, S3, Azure, Fastly, Netlify, Shopify, WordPress, Ghost, Zendesk, etc.), surfaces a `takeover_risk` flag with concrete remediation advice.
Why It's Useful
Three classes of wildcard misconfiguration matter and most tools detect only one. (1) NXDOMAIN-bypass: standard wildcard makes subdomain enumeration noisy. (2) MX/TXT wildcards: high-impact but rarely tested — every subdomain getting mail is a phishing vector. (3) Wildcard CNAME to an unclaimed third-party service: every subdomain becomes a takeover vector simultaneously. EdgeDNS catches all three in one call and gives wildcard-CNAME findings the same fingerprint set used by the dedicated subdomain-takeover endpoint.
Use Cases
Security Assessment
During reconnaissance, detect if wildcard DNS is in use which affects subdomain enumeration techniques.
Adjust subdomain discovery methodology based on wildcard detection.
Subdomain Takeover Risk Assessment
Detect wildcard CNAME configurations pointing to third-party services. If the service is deprovisioned, ALL subdomains become vulnerable to takeover.
Identify one of the most dangerous DNS misconfigurations before attackers exploit it.
DNS Hygiene Audit
Audit domains for unintended wildcard configurations that could expose internal services.
Identify and remediate accidental wildcard DNS that increases attack surface.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to check for wildcard DNSExample: example.com |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
has_wildcard | boolean | Whether A/AAAA/CNAME wildcard DNS is detected |
wildcard_type | string | The wildcard record type: A, AAAA, CNAME, or null |
wildcard_ips | array | IPv4 addresses returned by wildcard resolution |
wildcard_ipv6s | array | IPv6 addresses returned by wildcard resolution |
wildcard_cname_target | string | CNAME target if wildcard is a CNAME record |
wildcard_mx | object | { has_wildcard, values[] } — true when MX records wildcard at every subdomain (high-impact: every subdomain receives mail) |
wildcard_txt | object | { has_wildcard, values[] } — true when TXT records wildcard at every subdomain (can break SPF/DMARC lookups) |
wildcard_depth | string | "1" for an RFC 4592-conformant single-label wildcard, "multi-label" for a CDN-style catch-all that synthesizes at any depth, or "unknown" when no wildcard is detected |
takeover_risk | object | { at_risk, matched_service, cname_target, remediation } — non-null when a CNAME wildcard points to a known takeover-prone service (GitHub Pages, Heroku, S3, Azure, Fastly, Netlify, Shopify, WordPress, Ghost, Zendesk, Tumblr, Readme.io) |
findings | array | Human-readable findings about MX/TXT wildcards, multi-label depth, and takeover risk |
tested_subdomain | string | Random subdomain used for wildcard detection |
Code Examples
curl "https://api.edgedns.dev/v1/dns/wildcard" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/dns/wildcard?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/dns/wildcard',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full Wildcard DNS guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the Wildcard DNS endpoint live in the playground.