this post was submitted on 14 Jan 2026
11 points (86.7% liked)

Selfhosted

54534 readers
740 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
11
solved (sort of): How are people discovering random subdomains on my server? (lem.lemmy.blahaj.zone)
submitted 18 hours ago* (last edited 18 hours ago) by BonkTheAnnoyed@lemmy.blahaj.zone to c/selfhosted@lemmy.world
9 comments fedilink hide all child comments
 

following up on my previous post:

it turns out that, like anything else weird in infrastructure, it was DNS

I registered mydomain.com as my primary router’s domain, re-ran the experiment with a fresh 128 char subdomain, and I received zero scans on the new domain.

Now my question is, who’s making that one query that leaks my domain name? Is it Apache on startup?

One solution is to resolve all my subdomains on /etc/hosts so it never has to leave the box, but I’m curious what a more experienced net admin would suggest.

top 9 comments
sorted by: hot top controversial new old
[–] stratself@lemdro.id 3 points 13 hours ago* (last edited 13 hours ago)

One solution is to resolve all my subdomains on /etc/hosts so it never has to leave the box, but I’m curious what a more experienced net admin would suggest.

Not a net admin but I would enforce a LAN-only DNS server for all relevant clients and put the records there. And/or put such an infra behind a VPN like Tailscale so bots don't see it.

[–] non_burglar@lemmy.world 4 points 15 hours ago

We would need to know your DNS query path and whether you are querying from inside or outside your private IP space. If you are querying against public servers, then that is completely public.

I registered mydomain.com as my primary router’s domain

Routers don't typically deal with dns except to forward requests upstream or hand out server addresses as dhcp options. Can you elaborate what you mean by your "primary router's domain"?

[–] bigredgiraffe@lemmy.world 3 points 14 hours ago

Okay I saw your previous post but I’m curious now. What happens if you curl your IP address on port 80? Does it send back a 30X redirect for SSL to your newly configured subdomain as the new default location for r do you get back your IP but using SSL?

[–] tal@lemmy.today 3 points 16 hours ago (1 children)

Now my question is, who’s making that one query that leaks my domain name? Is it Apache on startup

If you're wanting a list of DNS queries from your system, assuming that it's DNS and not DoH, maybe:

# tcpdump port domain

Then go start Apache or whatever.

[–] BonkTheAnnoyed@lemmy.blahaj.zone 2 points 12 hours ago

That's handy -- thanks!

[–] talkingpumpkin@lemmy.world 2 points 16 hours ago (1 children)

(I missed the first part so I'm not sure I follow)

How are the the subdomains resolved? If you registered them on a public DNS that might be what leaks them. Otherwise... maybe your browser?

[–] roofuskit@lemmy.world 4 points 15 hours ago (1 children)

Previous post says it is wildcard at the DNS.

[–] stratself@lemdro.id 2 points 13 hours ago

Yeah they registered a wildcard but queries contain the full domain

[–] Decronym@lemmy.decronym.xyz 1 points 14 hours ago* (last edited 12 hours ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IP Internet Protocol
SSL Secure Sockets Layer, for transparent encryption

3 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #1002 for this comm, first seen 15th Jan 2026, 00:05] [FAQ] [Full list] [Contact] [Source code]