So i have a domain that I have been using solely for homelab and VPS services (domain.example).

I have my A and AAAA record for my VPS proxying through cloudflare (proxy.domain.example) and a DNS A record pointing towards my homelab for my home Wireguard (wg.domain.example) with no other records pointing home or anywhere. I have a couple of services at home with certificates for example (proxmox.domain.example, nas.domain.example, router.domain.example) that are using cloudflares API token but they do not have records listed at cloudflare

Now my issue is I specifically setup a Cloudflare WAF to block every continent/country except my own and this is now showing in the events that a crawler is attempting to access router.domain.example, nas.domain.example, homeassistant.domain.example. Do I have any reason to be concerned and also how would this web crawler only be searching for my home lab domains. None of these services are public facing.

  • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    8 months ago

    Yepp sorry - what I meant was bundling multiple different root domains, e.g. example.com & example1234567.org in the same cert.

    I currently do as you mentioned above, renewing with just one root bundled with its accompanying subdomain wildcard.