Hacker News new | past | comments | ask | show | jobs | submit login

You can't enumerate DNS entries. (And not even privately: some of our (DNS) entries are wildcards, CNAMEs, etc. all make that hard.)

We do (now) follow the CT logs for ourselves. That catches some cases, but not everything.




Why not? I can just check the zone file and go through line by line, right?

The wildcards would be tough but you could follow cnames as those would need to be in the cert as is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: