// dns · subdomains
postgresql.org Subdomain Discovery
Discover subdomains of postgresql.org by searching Certificate Transparency (CT) logs. This passive reconnaissance technique finds subdomains that have had SSL/TLS certificates issued for them.
//01
postgresql.org Subdomains from CT Logs
Certificate Transparency logs are public, append-only databases of all SSL/TLS certificates issued by participating Certificate Authorities. By searching these logs for postgresql.org, we can discover subdomains that have had certificates issued for them.
This approach is passive — it doesn't send any traffic to postgresql.org's servers. It only queries the public crt.sh database, making it safe and non-intrusive.
//02
How Subdomain Discovery Works for postgresql.org
When a Certificate Authority issues an SSL/TLS certificate for any subdomain of postgresql.org, the certificate details are recorded in Certificate Transparency logs. These logs are publicly searchable.
By querying crt.sh for %.postgresql.org, we find all certificates ever issued for postgresql.org and its subdomains. The name_value fields from these certificates reveal subdomain names that may not be discoverable through other means.
//03
Using postgresql.org's Subdomain Data
Discovered subdomains of postgresql.org can help identify forgotten services, development environments, or unauthorized infrastructure. Domain administrators should regularly audit their subdomain footprint.
Note that CT log discovery only finds subdomains that have had SSL/TLS certificates issued. Subdomains using only HTTP or internal DNS records without certificates will not appear in these results.