Home/ Glossary/ Subdomain

Subdomain (Subdomain)

Security Glossary - DNS

Definition: A subdomain is a domain that is part of a larger domain in the DNS hierarchy. For example, blog.example.com and api.example.com are subdomains of example.com. Subdomains can have their own DNS records (A, CNAME, MX, etc.) and can be delegated to separate nameservers for independent management.

Why Subdomain Matters

Subdomains are commonly used to organize different services: www for the website, api for the backend, mail for email, staging for test environments. Each subdomain can point to different servers or services, providing architectural flexibility.

From a security perspective, every subdomain increases your attack surface. Each subdomain needs its own certificate coverage (wildcard or SAN), may run different software with different vulnerabilities, and can be a target for subdomain takeover if it points to a decommissioned service. A forgotten staging.example.com running outdated software is a common entry point for attackers.

Subdomain enumeration is a standard reconnaissance technique. Attackers use tools to discover all subdomains of a target, looking for forgotten or poorly secured services. Maintaining an inventory of all active subdomains and regularly auditing them is an important security practice. Remove DNS records for subdomains you no longer use.

How to Check

A DNS health checker shows the subdomains associated with your domain. Review each one to verify it is still needed, points to an active service, and is properly secured. Check for dangling CNAME records that could enable subdomain takeover.

Check DNS Health

Frequently Asked Questions

How many subdomains can I have?
There is no practical limit on the number of subdomains. You can create as many as you need. Each subdomain is just additional DNS records in your zone. However, each one adds to your security surface area, so only create subdomains you actually need.
Do subdomains need separate SSL certificates?
A wildcard certificate (*.example.com) covers all first-level subdomains. A SAN certificate can list specific subdomains. Alternatively, each subdomain can have its own certificate. Let's Encrypt supports all these options for free.

Related Terms

Domain Name System CNAME Record (Canonical Name Record) Subdomain Takeover Wildcard SSL Certificate Apex Domain / Root Domain
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.