←back to thread

Should you use Let's Encrypt for internal hostnames?

(shkspr.mobi)
238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0.213s | source
Show context
marcosdumay ◴[05 Jan 22 17:23 UTC] No.29811898[source]
I will never understand the obsession people have with hiding their private server names.

If somebody gets any access to your local network, there are plenty of ways to enumerate them, and if they can't get access, what's the big deal?

I get that you may want to obfuscate your infrastructure details, but leaking infrastructure details on your server names is quite a red flag. It should really not happen. (Instead, you should care about the many, many ways people can enumerate your infrastructure details without looking at server names.)

replies(6): >>29812502 #>>29812557 #>>29813436 #>>29813580 #>>29814316 #>>29818673 #
1. paxys ◴[05 Jan 22 19:20 UTC] No.29813580[source]
It is a perfectly valid concern. Internal domain names can contain confidential information. They become vectors for attack (especially if running vulnerable software). Obfuscation doesn't mean perfect security but it still goes a long way towards it.