Until recently I though that having DNS subdomain entries provides enough obscurity thus should it be secure. If your DNS server does not offer transfering domain to another place then any subdomains should be hidden from public sight. Transfers, if enabled (or rather misconfigured) could be made by: Second thing is querying for ANY option, but it does not mean “all”: So, with disabled transfers and lack of exactly private entries while quering for any, you would think that you are on a safe side. And that is actually wrong. There are two 3 options on a table: Someone run
On many chances you may need to configure some domains using .local suffix. Unfortunately this is covered by RFC 6762 (multicast DNS). On specific Linux distributions you will not be able to resolv such domains using DNS server you set either in the machine or in the cloud settings (for instance Azure). How to you know that the DNS query is not reaching your desired DNS server? In case you use named, then first enable query logging by the following comman: Now DNS queries from the clients who set that particular DNS server as its resolved will be visible in