When setting up custom domain for my Github Pages by following https://help.github.com/articles/setting-up-a-custom-subdomain/, I encountered the following warning:
Danger: Do not use wildcard DNS records (e.g. *.example.com) with GitHub Pages! A wildcard DNS record will allow anyone to host a GitHub Pages site at one of your subdomains.
While the warning is very clear: avoid wildcard DNS records, I would like to know how it is possible for another user to host their GitHub Pages using my subdomain even when I'm specifying my own domain YOUR-GITHUB-USERNAME.github.io as CNAME value.
Best Answer
A CNAME is just an alias used by the browser to look up the IP address of a website - the server still only sees the original address (e.g. docs.example.com). In fact, all
YOUR-GITHUB-USERNAME.github.iodomains are just CNAMEs that point to the same DNS record.This means when a request comes to GitHub, there is no way to tell from the header which GitHub pages it should return. It knows which site to serve based on the settings configured in the repositories.
This means that if you have a wildcard
*.example.orgDNS entry pointing to GitHub, anyone can add a CNAME setting to their repository (such as evil.example.org) and GitHub will serve requests made to that CNAME.