How is it being logged publicly? Like OP said there is no specific subdomain registered in the DNS records (instead using a wildcard). Same for the SSL cert. Only things I can think of is the browser leaking the subdomains (through google or Microsoft) or the DNS queries themselves being logged and leaked. (Possibly by the ISP inspecting the traffic or logging and leaking on their own DNS servers?). I would hardly call either of those public.
Comment on How are people discovering random subdomains on my server?
chillpanzee@lemmy.ml 3 days agoit’s not even obscurity; it’s logged publicly.
Keelhaul@sh.itjust.works 3 days ago
sommerset@thelemmy.club 3 days ago
It’s not. Wildcard DNS and wildcard cert. Domain is not logged publicly.
People that keep saying logged publicly simply don’t understand setup and technilogy