In the Domain Name System (DNS) hierarchy, a subdomain is a domain that is a part of another (main) domain. For example, if a domain offered an online store as part of their website example.com
, it might use the subdomain shop.example.com
.
The Domain Name System (DNS) has a tree structure or hierarchy, which includes nodes on the tree being a domain name. A subdomain is a domain that is part of a larger domain. Each label may contain from 0 to 63 octets. The full domain name may not exceed a total length of 253 ASCII characters in its textual representation.
Subdomains are defined by editing the DNS zone file pertaining to the parent domain. However, there is an ongoing debate over the use of the term "subdomain" when referring to names which map to the Address record A (host) and various other types of zone records which may map to any public IP address destination and any type of server. Network Operations teams insist that it is inappropriate to use the term "subdomain" to refer to any mapping other than that provided by zone NS (name server) records and any server-destination other than that.
According to RFC 1034, "a domain is a subdomain of another domain if it is contained within that domain". Based on that definition, a host cannot be a subdomain, only a domain can be a subdomain. A subdomain will also have a separate zone file with a SOA record (Start of Authority).
Most domain registries only allocate a two-level domain name. Hosting services typically provide DNS Servers to resolve subdomains within that master domain.
A fully qualified domain name consists of multiple parts. For example, take the English Wikipedia domain en.wikipedia.org
.
The en
is a subdomain of wikipedia.org
.
Although wikipedia.org
is usually considered to be the domain name, wikipedia
is actually a sub-domain of the org
TLD (top level domain). Any fully qualified domain name can be a host or a subdomain.
A domain name that does not include any subdomains is known as an apex domain, root domain, or bare domain. For example, wikipedia.org
is the apex domain of Wikipedia, which redirects to the subdomain www.wikipedia.org
.
To discover more subdomains associated with a domain, you can utilize a variety of methods and tools. Automated tools like Amass and Subfinder leverage open-source intelligence and SSL certificate data to quickly uncover subdomains. Google Dorking, using the "site:" operator, allows for manual searches of indexed subdomains, while brute force techniques systematically query DNS servers with potential names. Passive DNS reconnaissance through APIs from services like SecurityTrails & Subdomain Center[8] can reveal historical data without direct queries. Additionally, community resources such as GitHub and Pastebin may contain publicly available lists of subdomains. Combining these approaches will enhance your ability to effectively identify hidden or overlooked subdomains for security assessments or research purposes.[9]
This section needs additional citations for verification.(March 2023) |
Subdomains are often used by internet service providers supplying web services. They allocate one (or more) subdomains to their clients who do not have their own domain name. This allows independent administration by the clients over their subdomain.
Subdomains are also used by organizations that wish to assign a unique name to a particular department, function, or service related to the organization. For example, a university might assign "cs" to the computer science department, such that a number of hosts could be used inside that subdomain, such as www.cs.example.edu
.[10]
There are some widely recognized subdomains such as WWW and FTP. This allows for a structure where the domain contains administrative directories and files including the FTP directories and webpages. The FTP subdomain could contain logs and the web page directories, while the WWW subdomain contains the directories for the webpages. Independent authentication for each domain provides access control over the various levels of the domain.
In the United Kingdom, the second-level domain names are standard and branch off from the top-level domain. For example:
A vanity domain is a subdomain of an ISP's domain that is aliased to an individual user account, or a subdomain that expresses the individuality of the person on whose behalf it is registered. [12]
Depending on application, a record inside a domain, or subdomain might refer to a hostname, or a service provided by a number of machines in a cluster. Some websites use different subdomains to point to different server clusters. For example, www.example.com
points to Server Cluster 1 or Datacentre 1, and www2.example.com
points to Server Cluster 2 or Datacentre 2 etc.
Subdomains are different from directories. Directories are physical folders on an actual computer, while subdomains are a part of the URL that can be routed to any file or folder on the server machine.