DNS engineer here, I'm not doing work on a weekend, but I will make you guys aware of digwebinterface.com great tool for running investigations like this
Fediverse
A community dedicated to fediverse news and discussion.
Fediverse is a portmanteau of "federation" and "universe".
Getting started on Fediverse;
- What is the fediverse?
- Fediverse Platforms
- How to run your own community
As a DNS engineer - do you own a shirt with the slogan “It’s always DNS.” on it?
It's not DNS until the firewall team cleans house and even then not until you happened to catch me between matches in the videogame I'm playing while waiting for something to break
Thanks for sharing your research
Out of interest, is pathfinder.social among those snatched up by these?
It does not seem to be the case. Was it the full domain for this instance ?
Yes, that's the full domain. It used to host communities such as [email protected]. Unfortunately it's been dead for 9–10 months now.
According to this service, that domain never had any subdomains, so looks like there's just nothing there at the moment.
Not sure how reliable it is, but it did correctly identify all of my own subdomains for a website that no one ever goes to.
These services usually use either or both of passive DNS replication (running public recursive DNS resolvers and logging lookup that returns a record) and certificate transparency logs (where certificate authorities publish the domain names for which they issue certificates). A lot of my subdomains are missing from these services
Ahh I guess they probably got my subdomains from let's encrypt then, used them for pretty much all my websites.
Edit: Just checked and yup, all my old subdomains are there from let's encrypt.
What I did is use a wildcard subdomain and certificate. This way, only pierre-couy.fr
and *.pierre-couy.fr
ever show up in the transparency logs. Since I'm using pi-hole with carefully chosen upstream DNS servers, passive DNS replication services do not seem to pick up my subdomains (but even subdomains I share with some relatives who probably use their ISP's default DNS do not show up)
This obviously only works if all your subdomains go to the same IP. I've achieved something similar to cloudflare tunnels using a combination of nginx and wireguard on a cheap VPS (I want to write a tutorial about this when I find some time). One side benefit of this setup is that I usually don't need to fiddle with my DNS zone to set up a new subdomains : all I need to do is add a new nginx config file with a server
section.
Some scanners will still try to brute-force subdomains. I simply block any IP that hits my VPS with a Host
header containing a subdomain I did not configure
~~I feel like this could be abused by a bad actor by recreating instances in several ways:~~
- ~~Use the "dead" accounts that are still mods on communities on other instances.~~
- ~~Sneakily monitor user behavior (like votes etc.) without looking out of place.~~
- ~~Impersonate users.~~
~~I feel like it would be a good idea to start a list of the domains of dead instances and add them to a blocklist until the original people start using them again.~~
EDIT: This doesn't seem like a real problem due to key signing.
This is just the domain name, not the instance itself. If the instance is offline the moderator accounts will be inaccessible even if the domain name is sold.
Yes, but what if someone just creates a new instance and adds previous accounts. How do other instances know that the running instance has changed and didn't just go offline if it's registered on the original domain?
I would hope there's some kind of key signing mechanism to prove it's the same instance and not just someone else who's running another on the same domain.