Hacker News new | past | comments | ask | show | jobs | submit login

And that is even more dangerous, it would mean that if for some reason an identical domain extists on the internet (or somebody registers it to do an attack) then all the hosts will connect to the malicious external domain and not the correct host in the internal network. Local hosts should be resolved FIRST.

Also cloudfare this way gets the DNS names of your internal hosts, you are leaking information that otherwise would be private, and system administrator will probably not think about that!

Also with that option is not really secure at all, if somebody wants to intercept your DNS requests he can simply block the IPs of Cloudfare DNS over HTTPS server and then read the DNS requests unencrypted.




You should only use a domain you own or something that isn't routable. You can't blame FF for that


That was an issue with .dev and then google acquired the TLD.


.dev isn't an rfc2606 reserved TLD, so it shouldn't have been used for internal domains in the first place


Replying to the part about ‘something that isn’t routable’

Not because something is not routable means that there won’t be issues.


In all reality, your Enterprise should own the domain externally. What happens if one day a configuration flag is flipped and you're no longer resolving internally the domain?

If you have a problem with Cloudflare, go setup your own, it's just BIND9 with some SSL certs.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: