this post was submitted on 14 Jan 2026
29 points (93.9% liked)

Selfhosted

54680 readers
603 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
29
solved (sort of): How are people discovering random subdomains on my server? (lem.lemmy.blahaj.zone)
submitted 4 days ago* (last edited 4 days ago) by BonkTheAnnoyed@lemmy.blahaj.zone to c/selfhosted@lemmy.world
11 comments fedilink hide all child comments
 

following up on my previous post:

it turns out that, like anything else weird in infrastructure, it was DNS

I registered mydomain.com as my primary router’s domain, re-ran the experiment with a fresh 128 char subdomain, and I received zero scans on the new domain.

Now my question is, who’s making that one query that leaks my domain name? Is it Apache on startup?

One solution is to resolve all my subdomains on /etc/hosts so it never has to leave the box, but I’m curious what a more experienced net admin would suggest.

you are viewing a single comment's thread
view the rest of the comments
[–] litchralee@sh.itjust.works 4 points 3 days ago* (last edited 3 days ago)

The full-blown solution would be to have your own recursive DNS server on your local network, and to block or redirect any other DNS server to your own, and possibly blocking all know DoH servers.

This would solve the DNS leakage issue, since your recursive server would learn the authoritative NS for your domain, and so would contact that NS directly when processing any queries for any of your subdomains. This cuts out the possibility of any espionage by your ISP/Google/Quad9's DNS servers, because they're now uninvolved. That said, your ISP could still spy in the raw traffic to the authoritative NS, but from your experiment, they don't seem to be doing that.

Is a recursive DNS server at home a tad extreme? I used to think so, but we now have people running Pi-hole and similar software, which can run in recursive mode (being built atop Unbound, the DNS server software).

/

"It was DNS" typically means that name resolution failed or did not propagate per its specification. Whereas I'm of the opinion that if DNS is working as expected, then it's hard to pin the blame on DNS. For example, forgetting to renew a domain is not a DNS problem. And setting a bad TTL or a bad record is not a DNS problem (but may be a problem with your DNS software). And so too do I think that DNS leakage is not a DNS problem, because the protocol itself is functioning as documented.

It's just that the operators of the upstream servers see dollar-signs by selling their user's data. Not DNS, but rather a capitalism problem, IMO.

/</minor nitpick>