In the Domain Name System (DNS) hierarchy, a subdomain is a domain that is a part of another (main) domain.[1] For example, if a domain offered an online store as part of their website example.com
, it might use the subdomain shop.example.com
.
Overview
editThe Domain Name System (DNS) has a tree structure or hierarchy, which includes nodes on the tree being a domain name. A subdomain is a domain that is part of a larger domain. Each label may contain from 0 to 63 octets.[2] The full domain name may not exceed a total length of 253 ASCII characters in its textual representation.[3]
Subdomains are defined by editing the DNS zone file pertaining to the parent domain. However, there is an ongoing debate over the use of the term "subdomain" when referring to names which map to the Address record A (host) and various other types of zone records which may map to any public IP address destination and any type of server. Network Operations teams insist that it is inappropriate to use the term "subdomain" to refer to any mapping other than that provided by zone NS (name server) records and any server-destination other than that.
According to RFC 1034, "a domain is a subdomain of another domain if it is contained within that domain". Based on that definition, a host cannot be a subdomain, only a domain can be a subdomain. A subdomain will also have a separate zone file with a SOA record (Start of Authority).
Most domain registries only allocate a two-level domain name. Hosting services typically provide DNS Servers to resolve subdomains within that master domain.
A fully qualified domain name consists of multiple parts. For example, take the English Wikipedia domain en.wikipedia.org
.
The en
is a subdomain of wikipedia.org
.
Although wikipedia.org
is usually considered to be the domain name, wikipedia
is actually a sub-domain of the org
TLD (top level domain). Any fully qualified domain name can be a host or a subdomain.
A domain name that does not include any subdomains is known as an apex domain, root domain, or bare domain.[4] For example, wikipedia.org
is the apex domain of Wikipedia, which redirects to the subdomain www.wikipedia.org
.
To discover more subdomains associated with a domain, you can utilize a variety of methods and tools. Automated tools like Amass[5] and Subfinder [6] leverage open-source intelligence and SSL certificate data[7] to quickly uncover subdomains. Google Dorking, using the "site:" operator, allows for manual searches of indexed subdomains, while brute force techniques systematically query DNS servers with potential names. Passive DNS reconnaissance through APIs from services like SecurityTrails & Subdomain Center[8] can reveal historical data without direct queries. Additionally, community resources such as GitHub and Pastebin may contain publicly available lists of subdomains. Combining these approaches will enhance your ability to effectively identify hidden or overlooked subdomains for security assessments or research purposes.[9]
Subdomain usage
editThis section needs additional citations for verification. (March 2023) |
Subdomains are often used by internet service providers supplying web services. They allocate one (or more) subdomains to their clients who do not have their own domain name. This allows independent administration by the clients over their subdomain.
Subdomains are also used by organizations that wish to assign a unique name to a particular department, function, or service related to the organization. For example, a university might assign "cs" to the computer science department, such that a number of hosts could be used inside that subdomain, such as www.cs.example.edu
.[10]
There are some widely recognized subdomains such as WWW and FTP. This allows for a structure where the domain contains administrative directories and files including the FTP directories and webpages. The FTP subdomain could contain logs and the web page directories, while the WWW subdomain contains the directories for the webpages. Independent authentication for each domain provides access control over the various levels of the domain.
Uses
editUnited Kingdom
editIn the United Kingdom, the second-level domain names are standard and branch off from the top-level domain. For example:
- .ac.uk: academic (tertiary education, further education colleges and research establishments) and learned societies
- .co.uk: general use (usually commercial)
- .gov.uk: government (central and local)
- .judiciary.uk: courts (to be introduced in the near future)[11]
- .ltd.uk: limited companies
- .me.uk: general use (usually personal)
- .mod.uk: Ministry of Defence and HM Forces public sites
- .net.uk: ISPs and network companies (unlike .net, use is restricted to these users)
- .nhs.uk: National Health Service institutions
- .nic.uk: network use only (Nominet UK)
- .org.uk: general use (usually for non-profit organisations)
- .parliament.uk: parliamentary use (only for the UK Parliament and the Scottish Parliament)
- .plc.uk: public limited companies
- .police.uk: police forces
- .sch.uk: Local Education Authorities, schools, primary and secondary education, community education
Vanity domain
editA vanity domain is a subdomain of an ISP's domain that is aliased to an individual user account, or a subdomain that expresses the individuality of the person on whose behalf it is registered. [12]
Server cluster
editDepending on application, a record inside a domain, or subdomain might refer to a hostname, or a service provided by a number of machines in a cluster. Some websites use different subdomains to point to different server clusters. For example, www.example.com
points to Server Cluster 1 or Datacentre 1, and www2.example.com
points to Server Cluster 2 or Datacentre 2 etc.
Subdomains versus directories
editSubdomains are different from directories. Directories are physical folders on an actual computer, while subdomains are a part of the URL that can be routed to any file or folder on the server machine.
See also
editReferences
edit- ^ P. Mockapetris (November 1987). "Name space specifications and terminology". Domain names - concepts and facilities. IETF. sec. 3.1. doi:10.17487/RFC1034. RFC 1034. Retrieved 2008-08-03.
- ^ RFC 1034, Domain Names - Concepts and Facilities, P. Mockapetris (Nov 1987)
- ^ RFC 1035, Domain names--Implementation and specification, P. Mockapetris (Nov 1987)
- ^ "About custom domains and GitHub Pages § Using an apex domain for your GitHub Pages site". GitHub Docs. Archived from the original on 2021-08-08. Retrieved 2021-04-09.
- ^ owasp-amass/amass, OWASP Amass Project, 2024-10-27, retrieved 2024-10-27
- ^ projectdiscovery/subfinder, ProjectDiscovery, 2024-10-27, retrieved 2024-10-27
- ^ "crt.sh | Certificate Search". crt.sh. Retrieved 2024-10-27.
- ^ "The World's Fastest Growing Subdomain & Shadow IT Database". subdomain.center. Retrieved 2024-10-27.
- ^ TheTechromancer. "Subdomain Enumeration Tool Face-off - 2023 Edition". blog.blacklanternsecurity.com. Retrieved 2024-10-27.
- ^ Shweta; Main, Kelly. "What Is A Subdomain? Everything You Need To Know – Forbes Advisor". www.forbes.com. Reviewed by Rob Watts. Archived from the original on 2023-03-31. Retrieved 2023-03-31.
- ^ "UK court systems set to adopt judiciary.uk domain names". BBC News. 23 November 2011. Archived from the original on 4 July 2018. Retrieved 26 February 2014.
- ^ John, Alex. "Subdomain". Archived from the original on 20 August 2024. Retrieved 29 November 2021.