-1

I have a rather lengthy public DNS name assigned by a cloud provider. Its nearly impossible to type or remember. I could cname it in public DNS but it refers to a somewhat sensitive URL.

The domain in question is protected via other means.... but.... I'd still rather not publish it and make it all that much easier for a malicious party to find.

As such I'd like to create a CNAME on our private DNS server like:

easy.to.remember.ourdomain.internal -> sd.safd.asdfowerlsdfj.aweriapdfoi1.cloudprovider.com

So that instead of having to type in https://sd.safd.asdfowerlsdfj.aweriapdfoi1.cloudprovider.com I can merely type in: https://easy.to.remember.ourdomain.internal

I was able to create the entry easily enough but it doesn't seem to resolve properly. (The sites not accessible in google chrome despite the private DNS entry being resolvable via dig/nslookup)

Should it? If so any ideas why its not?

Is there any reason I should not be doing this?

Does anyone have any better idea how to make a really obscure domain easier to remember/type (other than creating host entry files) or disclosing the domain via public DNS?

Thanks, Brad

Brad
  • 619
  • 1
  • 10
  • 28
  • works fine on my machine. do the usual DNS trouble shooting steps - check updated serial, included trailing `.` on FQDN in zone file, etc. – ivanivan Jun 28 '19 at 03:09
  • Technically you can put any entry you want to in your own DNS zone. And unless you made a mistake , `easy.to.remember.ourdomain.internal IN CNAME sd.safd.asdfowerlsdfj.aweriapdfoi1.cloudprovider.com. ` **should resolve**. Having said that - Despite resolving correctly the **TLS certificate won't be valid** for `easy.to.remember.ourdomain.internal` , it is probably only valid for `*.cloudprovider` and `https://easy.to.remember.ourdomain.internal` will not work (unless you click away TLS warnings and even then your mileage may vary) – HBruijn Jun 28 '19 at 06:56

1 Answers1

0

I have a rather lengthy public DNS name assigned by a cloud provider. Its nearly impossible to type or remember.
...
Does anyone have any better idea how to make a really obscure domain easier to remember/type

That's why browsers support bookmarks.

Contact the cloud provider on how to associate your own domain / DNS record (using your actual domain, for example cloud-service.example.com and not a made up .internal domain) to their product offering, with a valid TLS certificate such that https://cloud-service.example.com works.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • Cloud provider doesn't allow you to associate a custom domain to their autogenerated domain as far as I'm aware. As far as using a bookmark - the site needs to be distributed to a large number of people and there are a large number of urls so that's pretty impracticle. – Brad Jul 01 '19 at 18:49
  • As I commented, technically you should be able to create a working CNAME record, but that only takes part of resolving an easier-to-remember hostname to the providers ip-address(es). Since HTTP (and HTTPS) requests include the `Host:` header in every request with the site name a user entered in their web browser, that custom hostname will then be what is sent in the requests to your provider. Odds are that when that is an unknown hostname those services will trigger an error.... _-_ I have seen internal "applications" that get pushed to peoples start menu that are nothing more than bookmarks – HBruijn Jul 01 '19 at 19:00