Classroom

FindSubDomains classroom

In our chapters you will find interesting and important information about domains.

We wish to create a really helpful and interesting section, so we invite you to be our co-authors.

Please, send us your articles to classroom@findsubdomains.com and we will publish most interesting of them under your copyright.

Table of content

A domain name is your website name. A domain name is the address where Internet users can access your website. A domain name is used for finding and identifying computers on the Internet. Computers use IP addresses, which are a series of number. However, it is difficult for humans to remember strings of numbers. Because of this, domain names were developed and used to identify entities on the Internet rather than using IP addresses.

Every domain name is unique. No two websites can have the same domain name. If someone types in www.yourdomain.com, it will go to your website and no one else's.
TLD/gTLD

A Top-Level Domain (TLD, also sometimes referred to as a string) is the last part of a domain name, for example, .com, .net, .us, .info, etc. Each TLD is managed by a single registry. In technical TLD is subdomain of root domain, which always empty string.

Full list of TLD - http://data.iana.org/TLD/tlds-alpha-by-domain.txt

Varieties of TLDs

There are different types of TLDs.

  • gTLDs, which includes
    • sTLDs (Sponsored Top level Domain)
    • brand TLDs.
  • ccTLDs (Country Code Top-Level Domain)

These TLDs operate in different manners, and can be categorized in some simple ways:
  • Operating Mode:
    • Open - Operating and offering both registration and resolution services.
    • Closed - Not accepting registrations, may be resolving evergreen/legacy/infrastructure subdomains.
  • Level of Restriction:
    • Unrestricted - If there are no requirements that must be met in order to register a name under a TLD, that TLD is Unrestricted.
    • Restricted - Requiring Local Physical Address, Local Tax ID, or other specific criteria be met to qualify in order to provision a name.
    • Sponsored - A variation on Restricted, the applicant for a domain in an STLD must meet the requirements within that TLD (ie. .jobs would require that Human Resources be involved, .travel would require certain Travel criteria are met, etc).
gTLD

A Generic top-level domain (gTLD) is an internet domain name extension with three or more characters. It is one of the categories of the top level domain (TLD) in the Domain Name System (DNS) maintained by the Internet Assigned Numbers Authority. There are currently lot of gTLDs and in the root zone of the Internet and they are categorized as:

  • generic (.com, .info, .net, .org), which can be used for general purposes;
  • sponsored (.aero, .asia, .cat, .coop, .edu, .gov, .int, .jobs, .mil, .mobi, .tel, .travel, and .xxx), which can only be used by entities engaged within the specific industry;
  • generic restricted (.biz, .name, .pro), which can be used only for their specific purposes and infrastructure (.arpa), which is exclusively used to support operationally-critical infrastructural identifier spaces and it is operated by IANA.
  • TLD classification

    TLDs operate in different manners, and can be categorized in some simple ways:
    • Operating Mode:
      • Open - Operating and offering both registration and resolution services.
      • Closed - Not accepting registrations, may be resolving evergreen/legacy/infrastructure subdomains.
    • Level of Restriction:
      • Unrestricted - If there are no requirements that must be met in order to register a name under a TLD, that TLD is Unrestricted.
      • Restricted - Requiring Local Physical Address, Local Tax ID, or other specific criteria be met to qualify in order to provision a name.
      • Sponsored - A variation on Restricted, the applicant for a domain in an STLD must meet the requirements within that TLD (ie. .jobs would require that Human Resources be involved, .travel would require certain Travel criteria are met, etc).
    FQDN

    Fully Qualified Domain Name

    A fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the internet. The FQDN consists of two parts: the hostname and the domain name. For example, an FQDN for a hypothetical mail server might be mymail.somecollege.edu. The hostname is mymail, and the host is located within the domain somecollege.edu. The same applies to web addresses. For example, www.indiana.edu is the FQDN on the web for IU. In this case, www is the name of the host in the indiana.edu domain.

    Read more...Hide

    A subdomain is a domain that is a part of a larger domain under the Domain Name System (DNS) hierarchy. For example TLD is subdomain of root domain, example.com - subdomain of .com domain etc.

    Usually, subdomain mean child for domain in zone with open/limited registration in second or third level but not their children eg. YYY.example.com, YYY.example.com.de, but not NNN.example.something.com
    Domain Name Rules

    A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.). Note that periods are only allowed when they serve to delimit components of "domain style names". No blank or space characters are permitted as part of a name. No distinction is made between upper and lower case.

    The first character must be an alpha character or digit. The last character must not be a minus sign or period. A host which serves as a GATEWAY should have "-GATEWAY" or "-GW" as part of its name. Hosts which do not serve as Internet gateways should not use "-GATEWAY" and "-GW" as part of their names.

    A host which is a TAC should have "-TAC" as the last part of its host name, if it is a DoD host. Single character names or nicknames are not allowed.

    However, a valid host name can never have the dotted-decimal form #.#.#.#, since at least the highest-level component label will be alphabetic.

    Various objects and parameters in the DNS have size limits. They are listed below. Some could be easily changed, others are more fundamental.

    labels 63 octets or less (label.example.com)

    names 255 octets or less (full domain) in real 253 symbols with dots, for example maximum allowed: (63 letters).(63 letters).(63 letters).(61 letters)

    Whenever a user inputs the identity of an Internet host, it SHOULD be possible to enter either (1) a host domain name or (2) an IP address in dotted-decimal ("#.#.#.#") form. The host SHOULD check the string syntactically for a dotted-decimal number before looking it up in the Domain Name System.

    To safely satisfy these needs, four domain names are reserved as listed and described below.

    ".test"
    is recommended for use in testing of current or new DNS related code.
    ".example"
    is recommended for use in documentation or as examples.
    ".invalid"
    is intended for use in online construction of domain names that are sure to be invalid and which it is obvious at a glance are invalid.
    ".localhost"
    TLD has traditionally been statically defined in host DNS implementations as having an A record pointing to the loop back IP address and is reserved for such use. Any other use would conflict with widely deployed code which assumes this use.

    In the past, lots of people chose to use a dummy, unofficial TLD (top-level-domain) for their internal network, like domain.lan, domain.local of domain.internal (and also domain.internalhost)

    But this can get you in serious trouble. Because these names are not supported by internet standards, the most important RFC on this is: RFC 2606 This RFC standard is very explicit on choosing domain names for private testing and documentation

    Read more...Hide

    A web-developer , domainer or a casual surfer are many times tempted to find subdomains of website or domain. This might be due to various reasons like,

  • To find details of unsecured subdomains
  • To see SEO effects (e.g. Google displaying results from subdomains search)
  • To check for misbehaving redirects
  • Finding hidden subdomains of competitor domains
  • Working on subdomains as CDN or just sheer curiosity.
  • Whatever may be the reasons, but it is always interesting to look at all that information and wonder how it relates. Many times, such info provides insights to a developer or server admin which he might don't know to exists.
    Penetration tests

    Find subdomains, in penetration testing, used for extending attack surface.

    Furthermore, subdomains sometimes host 'non-public' applications (e.g. test, development, restricted) which are usually less secure than the public applications so they can be the primary attack targets.

    Getting some information about companies and their products

    Sometimes, company add regional subdomains or for their products, in case downloadoffice2010.microsoft.com, de.all.biz, uk.all.biz

    Read more...Hide