Product Code Database
In the Domain Name System (DNS) hierarchy, a subdomain is a domain name that is a part of another (main) domain. For example, if a domain offered an online store as part of their website it might use the subdomain.
Subdomains are defined by editing the DNS zone file pertaining to the parent domain. However, there is an ongoing debate over the use of the term "subdomain" when referring to names which map to the Address record A (host) and various other types of zone records which may map to any public IP address destination and any type of server. Network Operations teams insist that it is inappropriate to use the term "subdomain" to refer to any mapping other than that provided by zone NS (name server) records and any server-destination other than that.
According to RFC 1034, "a domain is a subdomain of another domain if it is contained within that domain". Based on that definition, a host cannot be a subdomain, only a domain can be a subdomain. A subdomain will also have a separate zone file with a SOA record (Start of Authority).
Most domain registries only allocate a two-level domain name. Hosting services typically provide DNS Servers to resolve subdomains within that master domain.
A fully qualified domain name consists of multiple parts. For example, take the English Wikipedia domain <nowiki></nowiki>. The en is a subdomain of wikipedia.org. Although wikipedia.org is usually considered to be the domain name, wikipedia is actually a sub-domain of the org Top-level domain (top level domain). Any fully qualified domain name can be a host or a subdomain.
A domain name that does not include any subdomains is known as an apex domain, root domain, or bare domain. For example, wikipedia.org is the apex domain of Wikipedia, which redirects to the subdomain www.wikipedia.org.
To discover more subdomains associated with a domain, you can utilize a variety of methods and tools. Automated tools like Amass and Subfinder leverage open-source intelligence and SSL certificate data to quickly uncover subdomains. Google Dorking, using the "site:" operator, allows for manual searches of indexed subdomains, while brute force techniques systematically query DNS servers with potential names. Passive DNS reconnaissance through APIs from services like SecurityTrails & Subdomain Center can reveal historical data without direct queries. Additionally, community resources such as GitHub and Pastebin may contain publicly available lists of subdomains. Combining these approaches will enhance your ability to effectively identify hidden or overlooked subdomains for security assessments or research purposes.
Subdomains are also used by organizations that wish to assign a unique name to a particular department, function, or service related to the organization. For example, a university might assign "cs" to the computer science department, such that a number of hosts could be used inside that subdomain, such as www.cs.example.edu.
There are some widely recognized subdomains such as WWW and FTP. This allows for a structure where the domain contains administrative directories and files including the FTP directories and webpages. The FTP subdomain could contain logs and the web page directories, while the WWW subdomain contains the directories for the webpages. Independent authentication for each domain provides access control over the various levels of the domain.
|
|
