So i have a domain that I have been using solely for homelab and VPS services (domain.example).
I have my A and AAAA record for my VPS proxying through cloudflare (proxy.domain.example) and a DNS A record pointing towards my homelab for my home Wireguard (wg.domain.example) with no other records pointing home or anywhere. I have a couple of services at home with certificates for example (proxmox.domain.example, nas.domain.example, router.domain.example) that are using cloudflares API token but they do not have records listed at cloudflare
Now my issue is I specifically setup a Cloudflare WAF to block every continent/country except my own and this is now showing in the events that a crawler is attempting to access router.domain.example, nas.domain.example, homeassistant.domain.example. Do I have any reason to be concerned and also how would this web crawler only be searching for my home lab domains. None of these services are public facing.
Ahhhh thank you. Yes I use LetsEncrypt for all the homelab services which explains it then.
Its one reason i use DNS challenge wildcard domains.
I know security through obscurity is not security, and that a leaked wildcard cert is more damaging… However the likelihood of a leaked cert is slim, the convenience is huge, the attack window isn’t huge (well, 90 days) and less published information about internals feels more secure.
maybe you issued one certificate with multiple domains, mixing internet facing ones with purely internal. It is very easy to discover hidden subdomains inspecting the certificate you get from a public service