this post was submitted on 14 Jan 2026
31 points (94.3% liked)

Selfhosted

60177 readers
795 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
31
solved (sort of): How are people discovering random subdomains on my server? (lem.lemmy.blahaj.zone)
submitted 5 months ago* (last edited 5 months ago) by BonkTheAnnoyed@lemmy.blahaj.zone to c/selfhosted@lemmy.world
11 comments fedilink hide all child comments
 

following up on my previous post:

it turns out that, like anything else weird in infrastructure, it was DNS

I registered mydomain.com as my primary router’s domain, re-ran the experiment with a fresh 128 char subdomain, and I received zero scans on the new domain.

Now my question is, who’s making that one query that leaks my domain name? Is it Apache on startup?

One solution is to resolve all my subdomains on /etc/hosts so it never has to leave the box, but I’m curious what a more experienced net admin would suggest.

you are viewing a single comment's thread
view the rest of the comments
[–] litchralee@sh.itjust.works 4 points 5 months ago* (last edited 5 months ago)

The full-blown solution would be to have your own recursive DNS server on your local network, and to block or redirect any other DNS server to your own, and possibly blocking all know DoH servers.

This would solve the DNS leakage issue, since your recursive server would learn the authoritative NS for your domain, and so would contact that NS directly when processing any queries for any of your subdomains. This cuts out the possibility of any espionage by your ISP/Google/Quad9's DNS servers, because they're now uninvolved. That said, your ISP could still spy in the raw traffic to the authoritative NS, but from your experiment, they don't seem to be doing that.

Is a recursive DNS server at home a tad extreme? I used to think so, but we now have people running Pi-hole and similar software, which can run in recursive mode (being built atop Unbound, the DNS server software).

/

"It was DNS" typically means that name resolution failed or did not propagate per its specification. Whereas I'm of the opinion that if DNS is working as expected, then it's hard to pin the blame on DNS. For example, forgetting to renew a domain is not a DNS problem. And setting a bad TTL or a bad record is not a DNS problem (but may be a problem with your DNS software). And so too do I think that DNS leakage is not a DNS problem, because the protocol itself is functioning as documented.

It's just that the operators of the upstream servers see dollar-signs by selling their user's data. Not DNS, but rather a capitalism problem, IMO.

/</minor nitpick>