How to create wildcard CNAME record

[Simon F]

I want to create a wildcard CNAME record:

```
CNAME("*abc", "*def.gh.acm-validations.aws."),
```

Which should be support according ot rf4592 (https://www.ietf.org/rfc/rfc4592.txt), but `dnscontrol preview` gives me a "invalid char" error:

```
2025/06/05 15:01:50 ERROR: in CNAME *abc.www.XXX.com: target (*def.gh.acm-validations.aws.) includes invalid char

```

Any ideas on how to fix this?

Thank you so much!

[Tom Limoncelli]

Are you able to create the record via the AWS control panel?

Tom 

[Simon F]

Yes. The record actually already exists.

Imported the zone via `dnscontrol get-zones`

- Simon

[Tom Limoncelli]

On Thu, Jun 5, 2025 at 9:44 AM 'Simon F' via DNSControl-discuss <dnscontro...@googlegroups.com> wrote:

Yes. The record actually already exists.

Imported the zone via `dnscontrol get-zones`

That error comes from DNS Control:

```

$ grep -B1 'includes invalid char' pkg/normalize/validate.go
if strings.ContainsAny(target, `'" +,|!£$%&()=?^*ç°§;:<>[]()@`) {
return fmt.Errorf("target (%v) includes invalid char", target)
--
if !strings.HasSuffix(target, ".in-addr.arpa.") && strings.Contains(target, "/") {
return fmt.Errorf("target (%v) includes invalid char", target)

```

While a record with those wildcards are RFC-compliant, DNSControl flags it as invalid because it is rather unusual. (See Opinion #3: dnsconfig.js are not zonefiles).

The short-term fix would be to maintain the record via the AWS web portal and include an IGNORE() to work around it.

```

   IGNORE("*abc", CNAME),

or maybe

   IGNORE("", CNAME, "**.acm-validations.aws"),

```

The long-term fix would be to add a way to disable this validation.  Something like CNAME(foo, bar, { permit_scary_targets: true } ).  The `func checkLabel()` has `skip_fqdn_check` but I guess we never added one for targets.  If you'd like to submit a PR, I think the community would appreciate this feature.  (Especially the AWS community, if this is a common thing.)

Best,

Tom