• kudos@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    Might be an idea to not use any public A records and just use it for cert issuance, and Stick with private resolvers for private use.

    • state_electrician@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      It’s a domain with hosts that all resolve to private IP addresses. I don’t care if someone manages to see hosts like vaultwarden, cloud, docs or photos through enumeration if they all resolve to 10.0.0.0/8 addresses. Setting up a private resolver and private PKI is just too much of a bother.

      • fine_sandy_bottom@lemmy.federate.cc
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        My set up is similar to this but I’m using wildcards.

        So all my containers are on 10.0.0.0/8, and public dns server resolves *.sub.domain.com to 10.0.0.2, which is a reverse proxy for the containers.