Wildcard DNS Record
A DNS record whose label is `*`, matching any subdomain that does not have an explicit record, often used to catch all subdomains for a single application or wildcard TLS certificate.
A wildcard DNS record uses `*` as the leftmost label and answers queries for any subdomain that does not have an explicit record. `*.example.com. A 192.0.2.10` means that `foo.example.com`, `bar.example.com`, and `anything.example.com` all resolve to `192.0.2.10`, while `mail.example.com` keeps its own explicit answer if one exists. Wildcards are essential for multi-tenant SaaS (`*.myapp.com`) and pair with wildcard TLS certificates issued via ACME dns-01. The footguns: wildcards do not match multi-label depths (`a.b.example.com` does not match `*.example.com`), they do not match the apex, and combining them with CNAMEs or DNSSEC requires careful zone design.