I know a guy who said “We don’t show up on Shodan because Shodan only groups by IP and does not know the VirtualHost, we’re fine”

FYI: Shodan also does monthly hostname-based scans of the Internet where we set the "Host"/ SNI headers. We use our own DNS DB to grab a list of hostnames/ IPs to launch scans of:

https://www.shodan.io/domain/ycombinator.com

At the moment, I think we're checking around 600 million hostnames.

Is that DNS DB publicly accessible?

Yes, via the API. Btw all of our websites are entirely built on the same public Shodan API that everybody else has access to.