I would like to create some LOC DNS records, and I wanted to know if these records can be queried without knowing the subdomain to which they are attached.
For example, it would be fun to have a GeoCache hunt where a clue lists a DNS subdomain with the next coordinate in a LOC record (or something like that). But the game would be easily defeated if someone could simply dig domain.com any
and get the LOC records for subdomains.
I know that dig domain.com any
does not actually show LOC records for subdomains (geocache1.domain.com, hiddencache.domain.com, etc), but I would like to know if there are other ways that they could be determined (aside from hacking into my CloudFlare account and viewing all records).
Are these records just as hidden as random subdomains?