Wildcard domain — Domainee Glossary

A DNS record like *.example.com that matches every single-label subdomain. The foundation of cheap multi-tenant SaaS routing.

A wildcard domain uses the * character in a DNS record to match any subdomain at the same level. *.example.com matches a.example.com, b.example.com, anything.example.com — but NOT a.b.example.com and NOT the apex example.com.

How it's set up

*.example.com.   A      198.51.100.1
*.example.com.   CNAME  edge.yourapp.com.

Any subdomain not explicitly defined falls through to the wildcard.

Why SaaS uses it

Tenant subdomains. Every new customer gets their own acme.yourapp.com, shop.yourapp.com, without you adding a DNS record per tenant. One wildcard handles all of them.

Pair the wildcard DNS with a wildcard SSL cert and you can serve unlimited tenants with one cert + one record. This is the cheapest possible multi-tenant SaaS topology.

Limits

Wildcards cover ONE level. *.example.com doesn't match a.b.example.com.
Wildcards don't match the apex. example.com needs its own record.
Wildcard SSL certs from Let's Encrypt require DNS-01 ACME challenge (not HTTP-01).
Explicit records override the wildcard. If you have both *.example.com A 1.1.1.1 and shop.example.com A 2.2.2.2, requests for shop go to 2.2.2.2.

For customer-owned domains (hello.acme.com), wildcards don't help. Each customer's domain needs its own cert and its own routing rule.