| ▲ | dongcarl 8 hours ago | |
Actually, they don’t need to do a reverse lookup at all. They can just look at the TLS SNI field and the hostname is there in plaintext. It’s _more_ trouble to do the reverse lookup. | ||
| ▲ | jqpabc123 8 hours ago | parent [-] | |
It’s _more_ trouble to do the reverse lookup. It’s _more_ trouble to even bother with hostnames at all. Just log IPs. By doing so, you're capturing the same essential data in a more compact form. | ||