Are people able to access a list of all DNS records for a given domain if they’re set up with Cloudflare (if they don’t know the subdomains ahead of time)?
I currently have a subdomain “only-dns” (e.g., only-dns . example . com) which points to my home IP address without any proxying. I understand that “only-dns” is easy to guess, so I’m considering making it some sort of gibberish or a passphrase or something. If I make my subdomain something difficult to guess, like “ornv-foozybip4773.(my domain name)”, would that decrease the chance of people finding my home IP address? Or is there a way for people to probe all of the subdomains and records of a given domain, rendering that obfuscation pointless?
Yes, but security through obscurity is no security at all. Anything in DNS is public. All IP addresses are known, and people are permanently scanning the entire IP address space looking for open and vulnerable systems. There are lots of ways that DNS information can be leaked and discovered by a bad actor.
Why are you worried about somebody finding the DNS record?
Just to make it less likely for bots (or other malicious people) to find out my home IP address. My webserver is open to a Windows remote desktop connection, and while the password is secure, I don’t know if there are other exploits that people can use to bypass that.
I’m a bit confused. This seems to contradict what you said in the beginning of the post, “Only if you grant them access via the dashboard.” Can you clarify what you mean and what the difference is between those two things you said?
I’m saying two different things. Nobody can get a precise listing of your DNS records. However, DNS is a public database of information, and I would never rely of anything you put in the DNS staying secret.
Investigate better ways to protect this. Use a tool like Shodan to search for all the Windows RDP sessions on the Internet to get an idea of how easy they are to find. Their scanning tools do not require listing anything from DNS. Cloudflare tunnels are a better solution that hoping the server will not be found.
There are two different things you could mean by this. Are you concerned about someone finding your (specifically) address in a targeted way? Or about someone randomly finding your system as something they might attack?
For the first case, where someone who knows your identity (or at least your domain name) wants to find your address, one way that could easily leak is if you ever turn on the proxy for the DNS entry. If you do, Cloudflare will issue an SSL certificate for the name, and that is public (not because of Cloudflare, but just because that’s how certificates work).
For the second case, someone randomly finding it, they don’t need (and won’t be using) DNS at all. If your computer has a routable IPv4 address, it will be scanned. They just scan entire address ranges without even looking at DNS, so having an obscure name won’t help in any way.
What I’m most concerned about is making it more difficult for someone to attack my home network and the websites I host, if they so decided. My main concern is my RDP connection, but I will try what Michael suggested.
Thanks to both of you for clarifying these things for me.