TransWikia.com

What is the Akamai Name Server I see for some big companies?

Information Security Asked by Hanan N. on November 11, 2021

I have played with DNS a lot lately, and I have found that some big companies’ web sites use the Akamai NS as the Name Server for their WWW servers, for example:

$>nslookup
> www.redhat.com
Server:     192.168.43.1
Address:    192.168.43.1#53

Non-authoritative answer:
www.redhat.com  canonical name = www.redhat.com.edgekey.net.
www.redhat.com.edgekey.net  canonical name = www.redhat.com.edgekey.net.globalredir.akadns.net.
www.redhat.com.edgekey.net.globalredir.akadns.net   canonical name = e86.b.**akamaiedge**.net.
Name:   e86.b.**akamaiedge**.net
Address: 2.23.96.112

> www.ynet.co.il
Server:     192.168.43.1
Address:    192.168.43.1#53

Non-authoritative answer:
www.ynet.co.il  canonical name = ynet.co.il.d4p.net.
ynet.co.il.d4p.net  canonical name = a39.g.**akamai**.net.
Name:   a39.g.**akamai**.net
Address: 81.218.31.170

I have looked up at the Akamai website, but couldn’t find the exact problem this is supposed to solve for its users, but I could understand that it is related to security (maybe to prevent DDOS attacks).

Does anybody know what kinds of attacks it is supposed to solve? or maybe I am just wrong and there isn’t any relation to security but to outsourcing the DNS management?

3 Answers

It's a couple of things. The answers above are right, but also missing an important feature.

It is for DDoS prevention. DNS is one of the last unencrypted, unauthenticated, UDP protocols in common use on the Internet. That makes it great for reflected or bot-directed attacks. Using a DNS service can help keep those from hitting your data center.

It is for optimization: we can steer the response to a server near you. There can be lots of A/AAAA records for each name, and we might give out different ones in London than in Berlin.

There's also a misfeature of the DNS protocol: you can't have a CNAME and an MX record for the same name. Well, if we can tell whether you're a mail server looking to relay or an end client looking for a web site, we can show you one or the other. Look at https://www.akamai.com/us/en/products/security/fast-dns.jsp for words like "zone apex mapping" to read more.

(Note: I work for Akamai Information Security; this is neither my personal statement, nor Akamai's, but the product of editing by others)

Answered by Brian Sniffen on November 11, 2021

Akamai is one of the largest CDN companies in the world. CDN networks make web sites perform faster by bringing content closer to web sites visitors, through different technologies.

CDN can shield web sites from surges in traffic whether it was benign traffic (a site hosting a hot video), or malicious when the site is under DDoS attacks. This protection comes from the size/scalability of CDN vs a regular web site's (10000s of servers vs 10s).

For the content web sites want to be served via CDN they will create a CNAME that points to an A record that belongs to the CDN (as the output of nslookup above).

Answered by Bassec on November 11, 2021

From what I understand in there, its seems to be a service for optimisation.

It seems to be some kind of Content Delivery Network used to host the same content in different place to deliver it faster to clients around the world.

Answered by M'vy on November 11, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP