Most security tools, browsers included, use the boundaries from https://publicsuffix.org/ . While DNS could indicate what is a zone cut and what is not, it's not the only feature that indicates a transition between administrations. Rubens On Mon, Feb 24, 2025 at 10:59 PM Harry Hoffman via NANOG <nanog@nanog.org> wrote:
Hi Folks,
Feel free to tell me this isn't the proper place for my question but given that networking and DNS are hand in hand I thought it might be reasonable to ask here.
In working with several OSINT sources for domain processing it seems like the way domains and subdomains are processed essentially equates subdomains with FQDNs.
For example, several APIs (and even ChatGPT) classify the following:
access.api.bbc.com
account-api.api.bbc.com
account-api.int.api.bbc.com
account-api.stage.api.bbc.com
account-api.test.api.bbc.com
account-cdn.test.api.bbc.com
with subdomains as either: all subdomains as api.bbc.com
or as subdomains of access.api, account-api.api, account-api.int.api, etc.
instead of classifying as: api.bbc.com int.api.bbc.com stage.api.bbc.com test.api.bbc.com
Has this become common practice? Is there a definitive way to determine subdomains? I seem to recall that "older" dns server software wouldn't allow this but it could be that my memory is faulty.
Thanks!
Cheers, Harry