What is Akamai Ghost?
After making requests to certain domain and their responses being either 4xx or 5xx status codes, the server response header shows Akamai Ghost.
Is this response coming from Akamai’s firewall or their CDN servers?
Category Archives: dns
Would it be a good idea to converge towards a non-pyramidal DNS PKI with free certificates using the state-of-the-art Wireguard protocol? [closed]
The TLS 1.3 is not always correctly implemented on the DNS PKI. We shall replace it with the state-of-the-art Wiregard. There are several aspects to consider in the DNS:
The concentration of risk in a PKI
The generation of websites certif… Continue reading Would it be a good idea to converge towards a non-pyramidal DNS PKI with free certificates using the state-of-the-art Wireguard protocol? [closed]
How to identify a name server that does not have DNSSEC implemented?
I tried dig +dnssec dig [domain name] +dnssec +short. Is RRSIG the only attribute to confirm if a name server has DNSSEC implemented or not? How do I identify a name server that has no DNSSEC implemented?
Also, what tools can I use to test… Continue reading How to identify a name server that does not have DNSSEC implemented?
Is Anonymized DNSCrypt over Tor a better alternative to having Doh+ECH?
I use dnscrypt-proxy’s anonymized DNScrypt with multiple relays, force it all to use TCP, route them over Tor.
Does this prevent my ISP or anyone in my country to see my DNS queries and client hellos when connecting to websites and servers… Continue reading Is Anonymized DNSCrypt over Tor a better alternative to having Doh+ECH?
The impact of DNS attacks on global organizations
Often we see stories about cyber attacks that breached an organisations’ security parameters, and advice on how we can protect against future threats. However, what is often missed, is just how these threat actors managed to breach a system, and as suc… Continue reading The impact of DNS attacks on global organizations
Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?
First, I can update this with the affected domain, if it’s critical, but for obvious reasons I’d like not to be the target of more problems.
Someone registered some CAA records for my domain.
I have full control of all related accounts: Re… Continue reading Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?
Dynamic DNS threats for allow list access to an application
I have some clients whose IP changes every day and static IP is not an option for them.
If I have them install a Dynamic DNS client, and then in my application .htaccess file refer to that Dynamic DNS domain, does that pose any security is… Continue reading Dynamic DNS threats for allow list access to an application
DNS reverse lookup not finding domain name during enumeration
While enumerating a DNS server for a HTB machine, I’ve tried finding a domain name for 127.0.0.1:
┌──(kali㉿kali)-[~]
└─$ dig -x 127.0.0.1 @10.10.11.166
; <<>> DiG 9.18.1-1-Debian <<>> -x 127.0.0.1 @10.10.11.166
;;… Continue reading DNS reverse lookup not finding domain name during enumeration
What’s the use of encrypted DNS when ISP can see the IP address of the website?
I use an encrypted DNS server that supports DNSSEC and DoH, these features are useful for hiding from the ISP, VPN server provider etc. which website you are trying to look up, but eventually those parties will know which website you looke… Continue reading What’s the use of encrypted DNS when ISP can see the IP address of the website?
How to check to see whether DNS over TLS is blocked in my network by ISP?
I’m looking for a method to check whether DNS over TLS is blocked in my network by my ISP or not. A method that isn’t just trial and error of a bunch of popular DoT providers to see which one connects because I need to know for a fact that… Continue reading How to check to see whether DNS over TLS is blocked in my network by ISP?