undefined | Better HN

0 pointsjustin_oaks1y ago0 comments

If you control the DNS resolution in your company and use an internal certificate authority, technically you don't have to rent a domain name. You can control how it resolves and "hijack" whatever domain name you want. It won't be valid outside your organization/network, but if you're using it only for internal purposes then that doesn't matter.

Of course, this is a bad idea, but it does allow you to avoid the "rent".

0 comments

zrm1y ago

One of the reasons that it's a bad idea is that whoever does have the domain can get a certificate for any name under it from any public CA, which your devices would generally still trust in addition to your private CA.

OJFord1y ago

But then you still need a private CA (public one is going to resolve the domain correctly and find you don't control it) so you may as well have used .internal?

j / k navigate · click thread line to collapse

0 pointsjustin_oaks1y ago0 comments

Of course, this is a bad idea, but it does allow you to avoid the "rent".

0 comments

zrm1y ago

OJFord1y ago

But then you still need a private CA (public one is going to resolve the domain correctly and find you don't control it) so you may as well have used .internal?

j / k navigate · click thread line to collapse