At our crypto service discovery site discovery.cryptosense.com you don’t have to enter the qualified domain name of a server to test (like
www.mydomain.com) – you can just enter a partial name like
mydomain.com and the tool will query DNS records to look for machines.
Previously, we used to do this by looking for common machines like
vpn.mydomain.com. Recently, we added a feature to query the certificate transparency log to look for certificates registered to this domain. This results in much better coverage of machines. The example screenshot below shows part of the results when querying for