OPNsense Forum

English Forums => General Discussion => Topic started by: NevadaTech on March 26, 2023, 05:43:01 pm

Title: Security question - domain or no domain
Post by: NevadaTech on March 26, 2023, 05:43:01 pm

Hello,

There is probably no firm 'real' answer to this question. If there is please let me know. In general, is your router more secure if you do not have an external domain associated with it's public IP? For example is router.walmart.com less secure than only using it's static IP of 12.34.56.78?

In this scenario, it is an OPNsense router with out of the box security enabled. There are IPSEC VPN connections to the box - both tunnel links and OpenVPN temporary connections. No other WAN ports open. I like the idea of setting a DNS name to it. I don't see how it would be less secure.

Title: Re: Security question - domain or no domain
Post by: schnipp on March 26, 2023, 08:03:21 pm

No, it is not less secure.

The only more theoretical aspect can be that an attacker manipulates the DNS used for establishing the IPsec tunnel to your endpoints. But, this only affects availability and not confidentiality and integrity of exchanged data.