Subdomain

The Domain Name System (DNS) has a tree structure or hierarchy, which includes nodes on the tree being a ___domain name. A subdomain is a ___domain that is part of a larger ___domain. Each label may contain from 0 to 63 octets.^[2] The full ___domain name may not exceed a total length of 253 ASCII characters in its textual representation.^[3]

Subdomains are defined by editing the DNS zone file pertaining to the parent ___domain. However, there is an ongoing debate over the use of the term "subdomain" when referring to names which map to the Address record A (host) and various other types of zone records which may map to any public IP address destination and any type of server. Network Operations teams insist that it is inappropriate to use the term "subdomain" to refer to any mapping other than that provided by zone NS (name server) records and any server-destination other than that.

According to RFC 1034, "a ___domain is a subdomain of another ___domain if it is contained within that ___domain". Based on that definition, a host cannot be a subdomain, only a ___domain can be a subdomain. A subdomain will also have a separate zone file with a SOA record (Start of Authority).

Most ___domain registries only allocate a two-level ___domain name. Hosting services typically provide DNS Servers to resolve subdomains within that master ___domain.

A fully qualified ___domain name consists of multiple parts. For example, take the English Wikipedia ___domain en.wikipedia.org. The en is a subdomain of wikipedia.org. Although wikipedia.org is usually considered to be the ___domain name, wikipedia is actually a sub-___domain of the org TLD (top level ___domain). Any fully qualified ___domain name can be a host or a subdomain.

A ___domain name that does not include any subdomains is known as an apex ___domain, root ___domain, or bare ___domain.^[4] For example, wikipedia.org is the apex ___domain of Wikipedia, which redirects to the subdomain www.wikipedia.org.

To discover more subdomains associated with a ___domain, you can utilize a variety of methods and tools. Automated tools like Amass^[5] and Subfinder ^[6] leverage open-source intelligence and SSL certificate data^[7] to quickly uncover subdomains. Google Dorking, using the "site:" operator, allows for manual searches of indexed subdomains, while brute force techniques systematically query DNS servers with potential names. Passive DNS reconnaissance through APIs from services like SecurityTrails & Subdomain Center^[8] can reveal historical data without direct queries. Additionally, community resources such as GitHub and Pastebin may contain publicly available lists of subdomains. Combining these approaches will enhance your ability to effectively identify hidden or overlooked subdomains for security assessments or research purposes.^[9]

Subdomains are often used by internet service providers supplying web services. They allocate one (or more) subdomains to their clients who do not have their own ___domain name. This allows independent administration by the clients over their subdomain.

Subdomains are also used by organizations that wish to assign a unique name to a particular department, function, or service related to the organization. For example, a university might assign "cs" to the computer science department, such that a number of hosts could be used inside that subdomain, such as www.cs.example.edu.^[10]

There are some widely recognized subdomains such as WWW and FTP. This allows for a structure where the ___domain contains administrative directories and files including the FTP directories and webpages. The FTP subdomain could contain logs and the web page directories, while the WWW subdomain contains the directories for the webpages. Independent authentication for each ___domain provides access control over the various levels of the ___domain.

In the United Kingdom, the second-level ___domain names are standard and branch off from the top-level ___domain. For example:

• .ac.uk: academic (tertiary education, further education colleges and research establishments) and learned societies
• .co.uk: general use (usually commercial)
• .gov.uk: government (central and local)
• .judiciary.uk: courts (to be introduced in the near future)^[11]
• .ltd.uk: limited companies
• .me.uk: general use (usually personal)
• .mod.uk: Ministry of Defence and HM Forces public sites
• .net.uk: ISPs and network companies (unlike .net, use is restricted to these users)
• .nhs.uk: National Health Service institutions
• .nic.uk: network use only (Nominet UK)
• .org.uk: general use (usually for non-profit organisations)
• .parliament.uk: parliamentary use (only for the UK Parliament and the Scottish Parliament)
• .plc.uk: public limited companies
• .police.uk: police forces
• .sch.uk: Local Education Authorities, schools, primary and secondary education, community education

A vanity ___domain is a subdomain of an ISP's ___domain that is aliased to an individual user account, or a subdomain that expresses the individuality of the person on whose behalf it is registered. ^[12]

Depending on application, a record inside a ___domain, or subdomain might refer to a hostname, or a service provided by a number of machines in a cluster. Some websites use different subdomains to point to different server clusters. For example, www.example.com points to Server Cluster 1 or Datacentre 1, and www2.example.com points to Server Cluster 2 or Datacentre 2 etc.

Subdomains are different from directories. Directories are physical folders on an actual computer, while subdomains are a part of the URL that can be routed to any file or folder on the server machine.

• Domain name
• Hostname
• Subdirectory
• Subpage
• Vanity ___domain
• Webpage