Comment by cure
3 years ago
> OK, so you decide to have an internal DNS - now the whole world knows you have doorbell-model-xyz.myhome.example.com!
Uhm, or you use split horizon DNS? Who in their right mind would leak all their internal DNS names into a public DNS zone?
Sorry for the poor wording on my part. I meant that if you issue a LE Cert for your doorbell, and give it a "sensible" name, the name will appear in the CT Log.
That's in the article, Let's encrypt leaks them for you, if you use them for your intranet.
Named certs have the hostnames they’re valid for in the Certificate itself.
“View Certificate” in a browser, or openssl sclient on cli will show you.
I don't bother with split horizon DNS for my home network.