On Mon, Feb 24, 2025 at 5:58 PM Harry Hoffman via NANOG <nanog@nanog.org> wrote:
> In working with several OSINT sources for domain processing it seems like the
> way domains and subdomains are processed essentially equates subdomains with
> FQDNs.
Hi Harry,
I don't understand what you mean. Do you mean how do local resolvers
expand local names (e.g. "server") in FQDNs
("server.examplecompany.com")?
> Has this become common practice? Is there a definitive way to determine
> subdomains? I seem to recall that "older" dns server software wouldn't allow
> this but it could be that my memory is faulty.
Subdomain is kinda a fuzzy question. Everywhere there's a dot there's
a "subdomain," but the only technical meanings those dots have is
that:
1. There *might* be a DNS delegation there.
2. The resolver's primitive internal compression algorithm can break
the name in parts there when composing the query or response packet.
There's another similar question you might be trying to ask: how do
you determine whether a DNS name has been delegated from one zone file
at one server to another zone file at another server? That has a more
precise answer with technical meaning: If a NS and SOA records exist
at the "dot" boundary then there's a delegation. If not, then there
isn't.
For example, I have a host named "cat.p.dirtside.com." "dirtside.com"
is a delegation of "com" because there's an NS record for
"dirtside.com." However, "p.dirtside.com" is NOT a delegation of
"dirtside.com" because there's no NS record. "cat.p" is simply a name
within the "dirtside.com" zone file.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
