Re: What about wildcard DNS?
Content Delivery Networks use Wildcard DNS and a Wildcard SSL cert to deliver content over SSL.
Look at the cloudfront.net setup. Typically a {14 character log36 name}.cloudfront.net
something like:
https://d36vh9gkg2fz...oudfront.net/home
That is a wildcard DNS name being served by a vhost and the DNS name resolving to a batch of closely GeoLocated IP Addresses.
greg@maxime:~/iso [6] $ dig d36vh9gkg2fzwi.cloudfront.net
[snip]
;; QUESTION SECTION:
;d36vh9gkg2fzwi.cloudfront.net. IN A
;; ANSWER SECTION:
d36vh9gkg2fzwi.cloudfront.net. 60 IN CNAME d36vh9gkg2fzwi.iad2.cloudfront.net.
d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A 216.137.33.140
d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A 216.137.33.143
d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A 216.137.33.165
d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A 216.137.33.217
d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A 216.137.33.245
d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A 216.137.33.14
d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A 216.137.33.47
d36vh9gkg2fzwi.iad2.cloudfront.net. 60 IN A 216.137.33.67
;; AUTHORITY SECTION:
iad2.cloudfront.net. 97099 IN NS ns-iad2-01.cloudfront.net.
iad2.cloudfront.net. 97099 IN NS ns-iad2-02.cloudfront.net.
[snip]
Its just works right now. Since IE 7+ and most other browsers recognize Wildcard SSL certs... its simple now.
A little background... since in 2003 Wildcard DNS was a fairly new concept and really wasn't treated very well by browsers or by anything and was pushed by Apache Software Foundation and MASS hosting providers... but really didn't matter for SMTP... smtp was the only well known services to be able to handle pattern based mail hosts and quite effectively in that regard...
So, it makes sense its was thought of only for MX records.