undefined | Better HN

0 pointsbeeboobaa32y ago0 comments

How would you know? It's not like those records are displayed in their configuration panel and the only way to request TXT records for e.g. a subdomain is to know that subdomain even exists ahead of time.

0 comments

6 comments · 2 top-level

8organicbits2y ago· 2 in thread

If we're still talking about TLS certs, the transparency log has that info (mentioned in the article). I also assume this thread is talking about the domain and any subdomains you're actually using. What would the reason be of setting TXT records for unguessable subdomains?

beeboobaa3OP2y ago

My comment was regarding DNS records, since this subthread switched to talking about DNS 2 comments up:

> Many (most?) registrars add DNS you didn't explicitly ask for

This relates to TLS since DNS records can be used to request a TLS certificate, but yes, those show in the certificate transparency log, so that you can check. But it won't tell you about other DNS records that may be used for various other purposes.

8organicbits2y ago

Did you have any purposes in mind? An A record for the apex of the domain would be easy to find with dig or any other DNS client. I agree with the hypothetical though, your DNS provider can set records that you didn't request, could hide them in the console, and detecting these would be hard in the general case.

1 more reply

neurostimulant2y ago· 2 in thread

When you buy a domain, they ask you which nameservers the domain should point to, right? They won't be able to do this shenanigan if you point it to nameservers outside of their control.

beeboobaa3OP2y ago

Correct, though usually they don't ask during signup. They tend to default to their own nameservers, then let you change it afterwards.

In the case of cloudflare, it means not being able to use the majority of their services.

fastball2y ago

Actually if you use Cloudflare Registrar, you must use Cloudflare DNS. That's the deal. "We provide registration services with absolutely no markup, you use our DNS for that domain".

j / k navigate · click thread line to collapse