Can you find an hidden domain on a server? [closed]

security domain-name-system

It's not really clear what you are asking.

In the best case, the hacker has to know the IP address and the domain name in order to access the server. Someone who just happens to visit the IP address cannot easily discover the name of the web site if the server's default configuration does not reveal it.

The crucial question then is how exactly the system is set up and whether that configuration can be trusted to not leak the information you want it to protect. We have no information about this, so the short answer is simply "it depends."

Still, someone who knows which domain name you are likely to use and who is specifically striving to access this particular server could perhaps find out by some means which IP address you are connecting to. If they have visibility into the network you are connected to, they would just have to look where the packets from your computer are going in order to discover this.

Depending on the risk scenario, you might want to consider adding additional layers of security around the system. Perhaps require authentication in order to access the server (and/or require a private SSL certificate), and/or use a VPN to hide the destination of your outbound traffic.


No, it is not possible. You can only know which domains this server is ready to serve either by the brute force (which is infeasible), or from side channels.

But the way you presented the idea creates issues.

The first: you are hijacking some others's domain. Never do this. You own example.com means you can do anything under this domain three, so better use e.g. abracadabra.example.com or jeug982-gu9fg.example.com, or buy another domain, but don't hijack other's domains. You may continue to use hosts or you may consider adding it to the DNS — this wouldn't change much; DNS is also non-traversable (DNSSEC — with NSEC3), e.g. you can't list all subdomains of some domain and what I said about web server applies here: only brute force or side channel.

Second: don't assume this is secure. While in theory this could be considered as a shared secret (e.g. password), in practice nobody will consider this name as a secret. For example, browser will display it in clear on the screen, so anybody staring into your screen may see this very secret name. You may use secret domain name for site admin panel for improved security, but don't rely on it and still implement proper authentication.

Related

How to add new attribute to an existing LDAP user objects
Exim4 client rejecting TLS certificate
www.example.com vs example.com?
Rackspace yum install git cURL 443 Connection refused
Add email recipient in header in Postfix
ssh TOTP connection with jump host forwarding
Large custom GCP metric
I cannot expand RAID5 capacity on an Adaptec RAID 71605, an "expand" in ribbon is greyed out
Iptables -C (--check) doesn't work
There may be no DNS name server shards remaining for the name. Google cloud
Companion affinity change notification
Do multiple hits from the same Simon/Richter boomerang add multiple hits to the staleness queue?