How can I prevent multiple domains with wildcard DNS entries from hijacking each others sub-domains?

Question

I have a shared hosting service where domainA.com and domainB.com share the same IP address. Each of them have a wildcard DNS entry, *.domainA.com and *.domainB.com.

When domainA.com registers the DNS entry subA.domainA.com then it's automatically available at subA.domainB.com.

How can I prevent this? I would prefer a DNS configuration solution. If that's not possible, is the solution simply to provide a separate dedicated IP address to each domain, even though it's all pointing to the same application?

I know that domainB.com can turn around and register that same subdomain and then end users won't see domainA.com's implementation, but that seems impractical given the very infinite nature of *.

If there are ways I may be missing, please enlighten

Answer 1

The only way you can prevent this completely is by removing the wildcards. That's literally what wildcards do: their purpose is to automatically "register" all subdomains that aren't already registered explicitly.

If all your subdomains are being added to DNS individually, then the wildcards serve no purpose anyway.

But if it is impossible to remove the wildcards for some reason, then it falls on the web server (i.e. Apache or other HTTP service) to pay better attention to the HTTP vhosts being requested and not serve the website for the incorrect domain. While the web server cannot outright refuse connection, it can still return a generic "No such website" page in this case.