Weet je het is zo gek he; die Amerikaanse president, niet Bill Clinton maar zijn voorganger. Die zei toch in zo’n speech op tv dat er een nieuwe wereld orde was aangebroken. In die speech zei hij letterlijk dat er een nieuwe wet zou komen, en „niet de wet van de jungle.” Ik hoor het hem nog zeggen. Maar we kunnen nu, 19 jaar na dato, toch eindelijk wel concluderen dat dat ook maar praatjes waren.Read more →
Written off the cuff by yours truly. Act One: Groundwork There are two types of adversaries: passive and active. Passive adversaries do not interact with their target. They only monitor. The defense against passive adversaries is encryption. The defense against …Read more →
I’m managing a small VPS that hosts sites to a couple of domain names. Let’s say that one of those is example.com.
For many months now, someone I don’t know has made their domain name a full alias to my domain: every DNS requests to their domain gets the same answer:
IN CNAME example.com. Which means that everyone trying to connect to their domain, will connect to our VPS.
So now we are getting a lot of connection and login attempts, web requests and all of that which aren’t intended for us. And there’s nothing we can do to stop this from happening. Unfortunately their domain is targeted by its own amount of spiders, bots etc. Costing traffic and resources, sometimes a few, sometimes a lot.
So I wish there was a way to invalidate this CNAME from my own domain. Maybe with something like SPF does for email – SPF is a DNS TXT record in which you specify the hosts and/or IPs that are allowed to deliver email from your domain.
If this would be possible for CNAMES – specifying which other domains (or variants of that) are allowed to point to a target domain, “CNAME abuse” (for lack of a better term) like I’m seeing could be quashed.