One solution is to resolve all my subdomains on /etc/hosts so it never has to leave the box, but I’m curious what a more experienced net admin would suggest.

Not a net admin but I would enforce a LAN-only DNS server for all relevant clients and put the records there. And/or put such an infra behind a VPN like Tailscale so bots don’t see it.

We would need to know your DNS query path and whether you are querying from inside or outside your private IP space. If you are querying against public servers, then that is completely public.

I registered mydomain.com as my primary router’s domain

Routers don’t typically deal with dns except to forward requests upstream or hand out server addresses as dhcp options. Can you elaborate what you mean by your “primary router’s domain”?

Okay I saw your previous post but I’m curious now. What happens if you curl your IP address on port 80? Does it send back a 30X redirect for SSL to your newly configured subdomain as the new default location for r do you get back your IP but using SSL?

Now my question is, who’s making that one query that leaks my domain name? Is it Apache on startup

If you’re wanting a list of DNS queries from your system, assuming that it’s DNS and not DoH, maybe:

# tcpdump port domain

Then go start Apache or whatever.

(I missed the first part so I’m not sure I follow)

How are the the subdomains resolved? If you registered them on a public DNS that might be what leaks them. Otherwise… maybe your browser?

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

3 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

[Thread #1002 for this comm, first seen 15th Jan 2026, 00:05] [FAQ] [Full list] [Contact] [Source code]