|
|
|
|
|
|
by jc__denton
1644 days ago
|
|
|
This is the one big downside to certificate transparency. Allowing anyone to ascertain private host names is far from ideal. The immediate counter is to, “run your own CA,” but that comes with its own headaches for small use cases. |
|
|
Something like *.internal.mydomain.com - so that’s all that would appear in transparency logs.
I guess this means you have to manage your own internal DNS mapping to your Tailscale IPs though rather than using Tailscale’s convenience split-DNS.