cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

Dynatrace Managed fqdn visible on the internet

The client is telling me that server IP associated with the domain name that is generated after Dynatrace managed installation, is visible on the internet.

So he is looking up xxx.dynatrace-managed.com and resolving the IP of the server on which the cluster node is installed (he said). Is this possible?

In my experience, that kind of data is never exposed and you cannot look up the fqdn assigned to a Dynatrace managed installation.

I need some Community help here 🙂

@Radoslaw_Szulgo

Thanks, Yann

6 REPLIES 6

Radoslaw_Szulgo
Inactive

Yes, that is true. We're generating real domains 🙂 that are resolvable by NS servers. The IP addresses should be private IPs that are not reachable through the internet. That's how things work 😉 If the customer doesn't like it - I suggest to opt-out letting us know to remove the domain.

Senior Product Manager,
Dynatrace Managed expert

Thank you for your experties,

the problem is that if I search the managed fqdn over the internet, let's say here for example:

https://www.dnsqueries.com/en/dns_lookup.php

The private IP of the virtual machine get exposed and the client say this can be a security issue.
So this is an expected behavior, is it reasonable to evaluate this as a security risk?

Yes, it's visible.
But it cannot be associated with the customer as those names are randomly generated and assigned. Also if that is accessible or not depends if the cluster node itself is exposed to the internet (typically not).

Sure you can opt-out from the DNS and certificate management. This introduces additional challenges for you as you must manage it by yourself.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

AntonioSousa
DynaMight Guru
DynaMight Guru

@y_buccellato,

I have also analyzed this in the past from a security perspective for a client. And while it is resolvable in the Internet, private IPs are not even publicly routable, so no one on the Internet can get to the server.

You could also approximate this from the Let's Encrypt certificate, but there is no information there that is useful. While you can get the entire list of certificates issued to Dynatrace Managed servers, you can't get almost anything from there. There is no geo or other type of information you can get there also.

If you did not use a private IP, there could be some more digging done, but given what you have said, your client should have nothing to fear.

Antonio Sousa

Oook, thanks everybody for helping me: the picture is very clear now 🙂 I'll kudo each one of you and you have a breakfast offered by me if you happen to spend some days in Rome 😄

I love Rome and not been there for some years! I'll remember this one 🤣

Antonio Sousa

Featured Posts