Most security tools, browsers included, use the boundaries from https://publicsuffix.org/ . While DNS could indicate what is a zone cut and what is not, it's not the only feature that indicates a transition between administrations.
Rubens On Mon, Feb 24, 2025 at 10:59 PM Harry Hoffman via NANOG <nanog@nanog.org> wrote: > > Hi Folks, > > Feel free to tell me this isn't the proper place for my question but given > that networking and DNS are hand in hand I thought it might be reasonable to > ask here. > > In working with several OSINT sources for domain processing it seems like the > way domains and subdomains are processed essentially equates subdomains with > FQDNs. > > For example, several APIs (and even ChatGPT) classify the following: > > access.api.bbc.com > > account-api.api.bbc.com > > account-api.int.api.bbc.com > > account-api.stage.api.bbc.com > > account-api.test.api.bbc.com > > account-cdn.test.api.bbc.com > > > with subdomains as either: > all subdomains as api.bbc.com > > or as subdomains of access.api, account-api.api, account-api.int.api, etc. > > > instead of classifying as: > api.bbc.com > int.api.bbc.com > stage.api.bbc.com > test.api.bbc.com > > > Has this become common practice? Is there a definitive way to determine > subdomains? I seem to recall that "older" dns server software wouldn't allow > this but it could be that my memory is faulty. > > > Thanks! > > > Cheers, > Harry > >
