6

How can I hide the subdomains list from scan tools like dnsdumpster? I have some subdomains, where I keep dev versions of my projects.

I need to be sure that nobody can know about subdomains.

Community
  • 1
Kandrat
  • 195
  • 1
  • 5
  • 2
    Do you use HTTPS on these hosts? If yes, the X.509 certificates is published in public Certificate Logs and there are tools to search by name/suffix so said differently there is a million way to find out about your subdomains so do not try to "hide" them, you should invest your energy into real security. – Patrick Mevzek Nov 15 '19 at 06:52

2 Answers2

5

You can't. It would defeat the primary purpose of the dns system: To map ip addresses to domain (or subdomain) names. For that reason all dns entries are public.

Also see Domain Name System

A security related note: Development versions of your projects should not be publicly available on the internet. If they have to, they should at least be protected to persons that do need to have access, for example by limiting access to certain ip addresses or by using a password protection.

Martin Weil
  • 151
  • 5
  • Thanks for reply. Dev versions are protected, it just another layer of protection. I know thats possible, because i know domains, which subdomains are not found with dnsdumpster.com, but subdomains are alive. – Kandrat Nov 14 '19 at 16:44
  • 2
    It might be possible to hide your subdomains from dnsdumpster or any other specific tool. Even if you succeed in doing this temporarily, the fact remains that the dns system is public. And there are numerous ways to find subdomains, not even all actually use the dns system. There is no way to be sure that nobody can know of your subdomains. See also: [Security through obscurity](https://wikipedia.org/wiki/Security_through_obscurity) – Martin Weil Nov 14 '19 at 17:17
5

If your dev versions of your sites with the subdomains that you do not want to be publicly obvious are all located on the same host. Thus your dev sites just use host headers, then you could just use a wild card entry in your DNS to point to your host. It doesn't really hide anything other than the fact that now you do not have to create any entries in your DNS for those subdomains and thus do not show up in any tools that list out all your DNS entries.

dmarietta
  • 519
  • 2
  • 6
  • 13