Yes, although if you don't believe us maybe you're looking in the wrong
place....
On Thu, 3 Apr 2020, John Levine wrote:
In article <[email protected]>,
Tessa Plum <[email protected]> wrote:
University has generally some private research projects who have their
domain names, but university won't let others see these domain names
unless the projects have got public.
If those names are ever retrieved by users on networks outside your
university, it's very likely that they're in public passive DNS
databases that are widely visible. It is not realistic to believe
that you can put names in your public DNS and not have the world
know about them.
There is this thing called a "search list". Love 'em or hate 'em (kind of
like DNAMEs!).
Suppose your (ab)user is in a coffee shop (wearing appropriate hazmat gear
of course). They load their web browser. It's visited
secret-project.university-example.edu previously. Being extremely helpful,
the browser tries to prefetch the address for
secret-project.university-example.edu. When that doesn't work, it then
tries secret-project.university-example.edu.coffeeshop-example.com. And so
on, and so forth. (*cough* .cisco *cough* .belkin... no it's not COVID, I
seem to have some DNS caught in my throat...)
--
Fred Morris
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
