I understand the technical details of setting up the wildcard subdomains and handling it, but I am curious if there is a canonical list somewhere of subdomains I shouldn't let a customer register.
For instance, I wouldn't want a customer to use www as their workspace name. www.bigpicture.site should be reserved.
What other subdomain names should be reserved? Just from brain storming, here is the list I came up with. But I'd love to know if there is a better list somewhere:
www mail ftp web smtp imap pop pop3 blog support about social billing admin knowledge help community
Additionally, I am going to reserve anything that starts with the letters "bp" so I can use those internally.
Otherwise you will be chasing this for a long time:
Official.example.net, postmaster.example.net, search.example.net, mail.example.net, payments.example.net
Vs
Official.users.example.net, mail.users.example.net, etc.
You may want to consider connecting with the PSL:
There's a few lists but I suggest going through them and removing some entries.
Here's one list (tons of entries that don't make much sense): https://github.com/jedireza/reserved-subdomains/blob/master/...
This is another list which is a bit better quality: https://minhajuddin.com/2016/03/09/subdomains-to-restrict-fr...
Another list (there's some I don't agree with): https://github.com/nkkollaw/reserved-subdomains/blob/master/...
Don't do this on your primary domain buy a new one
If you still want to go ahead and you've created an 'a' record for www or mail previously your a record will superseed the wildcat entry which will create a bug where the user cannot access their subdomain. You need to filter any a records you've created to avoid this.