Information Security Asked by Hanan N. on November 11, 2021
I have played with DNS a lot lately, and I have found that some big companies’ web sites use the Akamai NS as the Name Server for their WWW servers, for example:
$>nslookup
> www.redhat.com
Server: 192.168.43.1
Address: 192.168.43.1#53
Non-authoritative answer:
www.redhat.com canonical name = www.redhat.com.edgekey.net.
www.redhat.com.edgekey.net canonical name = www.redhat.com.edgekey.net.globalredir.akadns.net.
www.redhat.com.edgekey.net.globalredir.akadns.net canonical name = e86.b.**akamaiedge**.net.
Name: e86.b.**akamaiedge**.net
Address: 2.23.96.112
> www.ynet.co.il
Server: 192.168.43.1
Address: 192.168.43.1#53
Non-authoritative answer:
www.ynet.co.il canonical name = ynet.co.il.d4p.net.
ynet.co.il.d4p.net canonical name = a39.g.**akamai**.net.
Name: a39.g.**akamai**.net
Address: 81.218.31.170
I have looked up at the Akamai website, but couldn’t find the exact problem this is supposed to solve for its users, but I could understand that it is related to security (maybe to prevent DDOS attacks).
Does anybody know what kinds of attacks it is supposed to solve? or maybe I am just wrong and there isn’t any relation to security but to outsourcing the DNS management?
It's a couple of things. The answers above are right, but also missing an important feature.
It is for DDoS prevention. DNS is one of the last unencrypted, unauthenticated, UDP protocols in common use on the Internet. That makes it great for reflected or bot-directed attacks. Using a DNS service can help keep those from hitting your data center.
It is for optimization: we can steer the response to a server near you. There can be lots of A/AAAA records for each name, and we might give out different ones in London than in Berlin.
There's also a misfeature of the DNS protocol: you can't have a CNAME and an MX record for the same name. Well, if we can tell whether you're a mail server looking to relay or an end client looking for a web site, we can show you one or the other. Look at https://www.akamai.com/us/en/products/security/fast-dns.jsp for words like "zone apex mapping" to read more.
(Note: I work for Akamai Information Security; this is neither my personal statement, nor Akamai's, but the product of editing by others)
Answered by Brian Sniffen on November 11, 2021
Akamai is one of the largest CDN companies in the world. CDN networks make web sites perform faster by bringing content closer to web sites visitors, through different technologies.
CDN can shield web sites from surges in traffic whether it was benign traffic (a site hosting a hot video), or malicious when the site is under DDoS attacks. This protection comes from the size/scalability of CDN vs a regular web site's (10000s of servers vs 10s).
For the content web sites want to be served via CDN they will create a CNAME that points to an A record that belongs to the CDN (as the output of nslookup above).
Answered by Bassec on November 11, 2021
From what I understand in there, its seems to be a service for optimisation.
It seems to be some kind of Content Delivery Network used to host the same content in different place to deliver it faster to clients around the world.
Answered by M'vy on November 11, 2021
2 Asked on October 28, 2021 by stone-true
8 Asked on October 28, 2021
2 Asked on October 28, 2021 by kepotx
2 Asked on October 28, 2021 by nemanja-martinovic
2 Asked on October 28, 2021 by tomi-begher
1 Asked on October 28, 2021 by ian-warburton
2 Asked on October 28, 2021 by alehandro
man in the middle session management vpn vulnerability assessment
0 Asked on October 28, 2021
1 Asked on October 28, 2021 by user238715
4 Asked on October 28, 2021 by m-vencel
2 Asked on October 28, 2021 by sellarafaeli
3 Asked on October 28, 2021 by nkl
account security data leakage encryption passwords web browser
1 Asked on March 9, 2021 by reedghost
1 Asked on March 3, 2021
Get help from others!
Recent Answers
Recent Questions
© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP