FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

Dynatrace Managed fqdn visible on the internet

Go to solution
y_buccellato
Pro

‎28 Nov 2022 02:49 PM - last edited on ‎19 Jun 2023 12:05 PM by Community Team

The client is telling me that server IP associated with the domain name that is generated after Dynatrace managed installation, is visible on the internet.

So he is looking up xxx.dynatrace-managed.com and resolving the IP of the server on which the cluster node is installed (he said). Is this possible?

In my experience, that kind of data is never exposed and you cannot look up the fqdn assigned to a Dynatrace managed installation.

I need some Community help here 🙂

@Radoslaw_Szulgo

Thanks, Yann

0 Kudos
Reply
6 REPLIES 6

Go to solution
Radoslaw_Szulgo
Dynatrace Guru
Dynatrace Guru

‎28 Nov 2022 04:38 PM

Yes, that is true. We're generating real domains 🙂 that are resolvable by NS servers. The IP addresses should be private IPs that are not reachable through the internet. That's how things work 😉 If the customer doesn't like it - I suggest to opt-out letting us know to remove the domain.

Senior Product Manager,
Dynatrace Managed expert
Reply

Go to solution
y_buccellato
Pro
In response to Radoslaw_Szulgo

‎28 Nov 2022 04:48 PM - edited ‎28 Nov 2022 04:55 PM

Thank you for your experties,

the problem is that if I search the managed fqdn over the internet, let's say here for example:

https://www.dnsqueries.com/en/dns_lookup.php

The private IP of the virtual machine get exposed and the client say this can be a security issue.
So this is an expected behavior, is it reasonable to evaluate this as a security risk?

Reply

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend
In response to y_buccellato

‎28 Nov 2022 06:04 PM

Yes, it's visible.
But it cannot be associated with the customer as those names are randomly generated and assigned. Also if that is accessible or not depends if the cluster node itself is exposed to the internet (typically not).

Sure you can opt-out from the DNS and certificate management. This introduces additional challenges for you as you must manage it by yourself.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
Reply

Go to solution
AntonioSousa
DynaMight Guru
DynaMight Guru

‎28 Nov 2022 09:19 PM

@y_buccellato,

I have also analyzed this in the past from a security perspective for a client. And while it is resolvable in the Internet, private IPs are not even publicly routable, so no one on the Internet can get to the server.

You could also approximate this from the Let's Encrypt certificate, but there is no information there that is useful. While you can get the entire list of certificates issued to Dynatrace Managed servers, you can't get almost anything from there. There is no geo or other type of information you can get there also.

If you did not use a private IP, there could be some more digging done, but given what you have said, your client should have nothing to fear.

Antonio Sousa
Reply

Go to solution
y_buccellato
Pro

‎29 Nov 2022 09:39 AM

Oook, thanks everybody for helping me: the picture is very clear now 🙂 I'll kudo each one of you and you have a breakfast offered by me if you happen to spend some days in Rome 😄

Reply

Go to solution
AntonioSousa
DynaMight Guru
DynaMight Guru
In response to y_buccellato

‎29 Nov 2022 10:13 AM

I love Rome and not been there for some years! I'll remember this one 🤣

Antonio Sousa
Reply
Ask a question

Featured Posts