undefined | Better HN

0 pointsaaomidi4y ago0 comments

You can use wildcard certificates so you're not exposing any infrastructure.

Also, you should really consider all your subdomains to not be private information. It's risky to build security based around that assumption.

Tons of DNS services actually sell their queries, and those can be used to reconstruct these "private" subdomains.

0 comments

1 comments · 1 top-level

pixl974y ago

With this said, wildcards are massive security risks in themselves when devices start getting compromised. You can then chain together things like DNS poisoning and arp attacks to MITM further devices on the network.

And confirming what you said. DNS leaks everywhere, so don't consider its obscurity a form of security.

j / k navigate · click thread line to collapse