Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can you check with dns for new entries and check 443 for a couple weeks to see if there’s a tls cert there?


You can't enumerate DNS entries. (And not even privately: some of our (DNS) entries are wildcards, CNAMEs, etc. all make that hard.)

We do (now) follow the CT logs for ourselves. That catches some cases, but not everything.


Why not? I can just check the zone file and go through line by line, right?

The wildcards would be tough but you could follow cnames as those would need to be in the cert as is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: