January 2026
M	T	W	T	F	S	S
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Archive for the ‘Internet protocol suite’ Category

GitHub – proxykit/ProxyKit: A toolkit to create code-first HTTP reverse proxies on ASP.NET Core

Posted by jpluimers on 2021/09/28

Interesting: [Archive.is] GitHub – proxykit/ProxyKit: A toolkit to create code-first HTTP reverse proxies on ASP.NET Core:

Having built proxies many times before, I felt it is time to make a package. Forked from ASP.NET labs, it has been heavily modified with a different API, to facilitate a wider variety of proxying scenarios (i.e. routing based on a JWT claim) and interception of the proxy requests / responses for customization of headers and (optionally) request / response bodies. It also uses HttpClientFactory internally that will mitigate against DNS caching issues making it suitable for microservice / container environments.

1. Quick Start

1.1. Install

1.2. Forward HTTP Requests

1.3. Forward WebSocket Requests

2. Core Features

2.1. Customising the upstream HTTP request

2.2. Customising the upstream response

2.3. X-Forwarded Headers

2.3.1. Client Sent X-Forwarded-Headers

2.3.2. Adding X-Forwarded-* Headers

2.3.3. Copying X-Forwarded headers

2.4. Configuring ProxyKit’s HttpClient

2.5. Error handling

2.6. Testing

2.7. Load Balancing

2.7.1. Weighted Round Robin

2.8. Typed Handlers

3. Recipes

4. Making upstream servers reverse proxy friendly

5. Performance considerations

6. Note about serverless

7. Comparison with Ocelot

8. How to build

9. Contributing / Feedback / Questions

10. Articles, blogs and other external links

–jeroen

Posted in .NET, .NET Core, .NET Standard, ASP.NET, C#, Communications Development, Development, HTTP, Internet protocol suite, Software Development, TCP | Leave a Comment »

5 days before the Let’s Encrypt’s Root Certificate is expiring!

Posted by jpluimers on 2021/09/24

Only 5 days left to take a close look at both your web-clients (including back-end clients!) and servers to prevent potential Let’s Encrypt mayhem.

Last week, [Wayback] Scott Helme published about [Wayback/Archive.is] Let’s Encrypt’s Root Certificate is expiring!

Let’s Encrypt has done loads of work over the past lustrum to prevent trouble like cross-signing, issuing the successor certificates, and more.

The problem is that people like you and me have refrained from keeping their clients and servers up-to-date, so some security issues will occur. Hopefully they are limited to non-functioning communication and not leaking of data.

It is about this DST Root CA X3 certificate, used by the vast majority of Let’s Encrypt certificates, [Wayback/Archive.is] Certificate Checker: CN=DST Root CA X3, O=Digital Signature Trust Co.:

DST Root CA X3

Certificate Trusted anchor certificate

Subject DN CN=DST Root CA X3, O=Digital Signature Trust Co.

Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co.

Serial Number 44AFB080D6A327BA893039862EF8406B

Valid September 30, 2000 to September 30,
2021 Key RSAPublicKey (2048 bit)

SHA1 Hash DAC9024F54D8F6DF94935FB1732638CA6AD77C13 MD5 Hash 410352DC0FF7501B16F0028EBA6F45C5

SKI C4A7B1A47B2C71FADBE14B9075FFC41560858910 AKI

DST Root CA X3
Certificate	Trusted anchor certificate
Subject DN	CN=DST Root CA X3, O=Digital Signature Trust Co.
Issuer DN	CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial Number	`44AFB080D6A327BA893039862EF8406B`
Valid	September 30, 2000 to September 30, 2021	Key	RSAPublicKey (2048 bit)
SHA1 Hash	`DAC9024F54D8F6DF94935FB1732638CA6AD77C13`	MD5 Hash	`410352DC0FF7501B16F0028EBA6F45C5`
SKI	`C4A7B1A47B2C71FADBE14B9075FFC41560858910`	AKI

Quoting Scott, these clients likely will fail, so need attention:

OpenSSL <= 1.0.2

Windows < XP SP3

macOS < 10.12.1

iOS < 10 (iPhone 5 is the lowest model that can get to iOS 10)

Android < 7.1.1 (but >= 2.3.6 will work if served ISRG Root X1 cross-sign)

Mozilla Firefox < 50

Ubuntu < 16.04

Debian < 8

Java 8 < 8u141

Java 7 < 7u151

NSS < 3.26

Amazon FireOS (Silk Browser)

On the server side, you can help Android devices by using a Let’s Encrypt certificate that is cross-signed with the ISRG Root X1 certificate [Wayback/Archive.is] Certificate Checker: CN=ISRG Root X1, O=Internet Security Research Group, C=US:

ISRG Root X1

Certificate

Subject DN CN=ISRG Root X1, O=Internet Security Research Group, C=US

Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co.

Serial Number 4001772137D4E942B8EE76AA3C640AB7

Valid January 20, 2021 to September 30, 2024 Key RSAPublicKey (4096 bit)

SHA1 Hash 933C6DDEE95C9C41A40F9F50493D82BE03AD87BF MD5 Hash C1E1FF07F9F688498274D1A18053EABF

SKI 79B459E67BB6E5E40173800888C81A58F6E99B6E AKI C4A7B1A47B2C71FADBE14B9075FFC41560858910

ISRG Root X1
Certificate
Subject DN	CN=ISRG Root X1, O=Internet Security Research Group, C=US
Issuer DN	CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial Number	`4001772137D4E942B8EE76AA3C640AB7`
Valid	January 20, 2021 to September 30, 2024	Key	RSAPublicKey (4096 bit)
SHA1 Hash	`933C6DDEE95C9C41A40F9F50493D82BE03AD87BF`	MD5 Hash	`C1E1FF07F9F688498274D1A18053EABF`
SKI	`79B459E67BB6E5E40173800888C81A58F6E99B6E`	AKI	`C4A7B1A47B2C71FADBE14B9075FFC41560858910`

Via [Archive.is] Scott Helme on Twitter: “There are only 10 days left until the Let’s Encrypt root certificate expires and there are still questions over what the impact will be! Full details here: …” which links to the above article showing a nice graph of the current Let’s Encrtypt root certificate setup:

–jeroen

Posted in Communications Development, Development, Encryption, https, HTTPS/TLS security, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, TCP, TLS, Web Development | Leave a Comment »

The spookback localghost address to resolve 👻

Posted by jpluimers on 2021/09/21

“Spooky dev environment hack: add 127.0.0.1 xn--9q8h to /etc/hosts and then all your dev servers can be accessed at http://👻 It’s localghost!”

Via:

–jeroen

Posted in Communications Development, Development, HTTP, Internet protocol suite, Power User, Software Development, TCP | Leave a Comment »

Chocolatey: when upgrades or installs keep insisting the hash has changed, and over time the mismatch changes as well

Posted by jpluimers on 2021/09/14

A while ago, I bumped into problems updating UltraVNC through Chocolatey.

It is similar to issues with other packages I have seen in the past: sha256 hash mismatches of which the reported mismatch changes over time, though the version stays the same.

This was tracked down to the actual file download site now needing a correct HTTP referer header. Likely this is to stop automated downloads, which kind of back-fires as ultimately you want to automate download and installation of things as much as possible.

Anyway: this is the [Archive.is] thread (which cannot be archived as Disqus hates archiving in the WayBack machine, and archive.is often fails with it too):

Graham Bloice a month ago

The recent update to 1.2300 fails for me with a file hash error. The install script has fe3d1135ae0e7b72394a6f3cc137282cb5e6382a55b5ceee72140d28f5ffe961, but the installer as downloaded, and verified via a separate download and hash check has 5A42A24BED5A39ACA44443916E5B2C4C259CE8E843E90FD07F7AB3D26CB237C8
IdealChain Graham Bloice 3 hours agoThis is because the download page has some “anti leeching” logic which checks the referer header and redirects to the homepage in case that check fails.Dear maintainer, please add the header “Referer: https://www.uvnc.com/” to the Install-ChocolateyPackage options!
Maurice Kevenaar IdealChain 2 hours ago
IdealChain Thanks for this hint! I was still looking for a solution and now, thanks to you, I have one.A new version is being build and will be pushed up soon.

Jeroen Pluimers Maurice Kevenaar 23 minutes agoAs per chocolatey.org/packages/ultravnc/1.2300.0.20200105, it looks like these URLs from the .nuspec files have been permanently removed from the UltraVNC site:<releasenotes>http://www.uvnc.com/general/whatsnew.html</releasenotes> <licenseurl>http://www.uvnc.com/general/license.html</licenseurl> ... <docsurl>http://www.uvnc.com/docs.html</docsurl>There is no replacement for `releaseNotes` or `licenseUrl` (not even in their source code repository at sourceforge.net/p/ultravnc/code/HEAD/tree/UltraVNC%20Project%20Root/UltraVNC/)An alternative for `docsUrl` is www.uvnc.com/docs/uvnc-server.html (that’s what `Documentation` at www.uvnc.com points to).
Jeroen Pluimers Graham Bloice 2 days ago
By now the error has changed; could it be that UltraVNC keeps releasing new Version 1.2300 with different hashes?

You have ultravnc v1.2240.0.20190403 installed. Version 1.2300 is available based on your source(s). Progress: Downloading ultravnc 1.2300... 100%
ultravnc v1.2300 [Approved]
ultravnc package files upgrade completed. Performing other installation steps.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
Error - hashes do not match. Actual value was '5168CD279B36141B4B5B21CAC449FD4738A0E7C281D19BE99B3EF22968D77B7E'.
Downloading ultravnc 64 bit
from 'https://www.uvnc.eu/download/1230/UltraVNC_1_2_30_X64_Setup.exe'
WARNING: C:\Users\jeroenp\AppData\Local\Temp\chocolatey\ultravnc\1.2300\index.php is of content type text/html; charset=utf-8
Download of index.php (-1 B) completed.
Error - hashes do not match. Actual value was 'D0030DCF7A58166CC96FF5F258D5E6F179F94F412456CD0CE7223561532A3AB2'.
ERROR: Checksum for 'C:\Users\jeroenp\AppData\Local\Temp\chocolatey\ultravnc\1.2300\index.php' did not meet 'fe3d1135ae0e7b72394a6f3cc137282cb5e6382a55b5ceee72140d28f5ffe961' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The upgrade of ultravnc was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\ultravnc\tools\chocolateyInstall.ps1'.
See log for details.

Related: Chocolatey got more strict on various URLs being correct; see [WayBack] (UltraVNC) Why has the X64 been removed? · Issue #42 · mkevenaar/chocolatey-packages · GitHub.

–jeroen

Posted in Chocolatey, CommandLine, Communications Development, Development, HTTP, Internet protocol suite, Power User, PowerShell, Software Development, TCP, Windows | Leave a Comment »

Most network protocols are TCP based, so be aware ping uses ICMP and traceroute UDP

Posted by jpluimers on 2021/09/08

Interesting thread: [WayBack] SwiftOnSecurity sur Twitter : “I had this issue in my prev company network. QoS will drop ICMP and you’ll chase your tail. If you want to find out if a network service works, test the service. If you want to know if TCP works, use TCP.… “

So:

tcpping and tcptraceroute for the win!
remember that some protocols, rely on ICMP or UDP, so ensure these work on your network tool (do not QoC them away!)

[WayBack] Zimmie on Twitter: “It is perhaps worth noting: traceroute does not generally use ICMP. Instead, it uses this horrific UDP port range with a different port for every probe at every hop. 30 hops? That’s 90 different UDP ports you just tried. Makes its value questionable at the best of times.…”

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Power User, TCP, UDP | Leave a Comment »

Tricks used by software developers to https://127.0.0.1

Posted by jpluimers on 2021/09/07

Long interesting thread at [WayBack] Thread by @sleevi_: “@SwiftOnSecurity So, some history: It used to be folks would get certs for “localhost”, just like they would from “webmail”, despite no CA e […]”

In 2019, applications were still using tricks (including shipping private keys!) to “securely” access https://127.0.0.1 on some port.

This should have stopped in 2015, but hadn’t. I wonder how bad it still is today.

[WayBack] SwiftOnSecurity on Twitter: “Me: Threat-hunting rare DNS lookups in a corporate network. Confluence: … “

[WayBack] Tavis Ormandy on Twitter: “This turned out to be a real vulnerability! 😮 The certificate was issued by @digicert, who are now required to revoke it. It was issued before mandatory CT, so didn’t show up in …. See … for context.…”
[WayBack] Ryan Sleevi on Twitter: “So, some history: It used to be folks would get certs for “localhost”, just like they would from “webmail”, despite no CA ever having validated the name. They just relied on pinky promises to be good. Luckily, browsers forbid that … “
[WayBack] Ryan Sleevi on Twitter: “Look at the dates on those. Yes, it’s a things CAs used to do, and they had to be dragged kicking and screaming into not doing it (and even then, *many* ignored/“oopsied” the requirement to revoke). I regret to inform you it didn’t stop until 2015/2016 – … “
[WayBack] Guidance on Internal Names – CAB Forum
[Archive.is] HTTPS encryption on the web – Google Transparency Report: atlassian-domain-for-localhost-connections-only.com
[Archive.is] HTTPS encryption on the web – Google Transparency Report
- SubjectC=AU, O=Atlassian Pty Ltd, L=Sydney, ST=New South Wales, CN=atlassian-domain-for-localhost-connections-only.com
- Serial NumberA:3E:93:53:0E:74:53:AE:CB:40:BA:20:10:12:F8:FB
- IssuerC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CAValidity11 May 2017 — 15 May 2020
The domain is (at the time of writing, so hopefully that is now “was”) used by the [WayBack] Administering the Atlassian Companion App – Atlassian Documentation
- [WayBack] Companion App doesnt work in corporate network.

At the time of writing, the interactive Google DNS showed the domain pointing to localhost [WayBack] Google Public DNS:

Result for atlassian-domain-for-localhost-connections-only.com/A with DNSSEC validation:

{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "atlassian-domain-for-localhost-connections-only.com.",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "atlassian-domain-for-localhost-connections-only.com.",
      "type": 1,
      "TTL": 1620,
      "data": "127.0.0.1"
    }
  ]
}

[Archive.is/WayBack] SSL Server Test: atlassian-domain-for-localhost-connections-only.com (Powered by Qualys SSL Labs)

Assessment failed: IP address is from private address space (RFC 1918)

Read the rest of this entry »

Posted in Communications Development, Development, DNS, HTTP, Internet, Power User, Software Development, TCP, TLS | Leave a Comment »

For my link archive: DNS over https

Posted by jpluimers on 2021/09/02

DNS over HTTPS

For my link archive:

DNS over HTTPS – Wikipedia / Public recursive name server – Wikipedia
[WayBack] RFC 8484 – DNS Queries over HTTPS (DoH)
- [WayBack] DNS Queries over HTTPS
- [WayBack] GitHub – dohwg/draft-ietf-doh-dns-over-https: Discussion of draft-ietf-doh-dns-over-https in the IETF’s DOH Working Group
[WayBack] DNS over HTTPS · curl/curl Wiki · GitHub (which has a list of publicly available servers)
[WayBack] A cartoon intro to DNS over HTTPS – Mozilla Hacks – the Web developer blog
[WayBack] DNS over HTTPS – Cloudflare Resolver

JSON DNS output

Some DNS over HTTSP providers support dns-json, which Cloudflare delivers non-pretty printed.

Read the rest of this entry »

Posted in Cloud, Cloudflare, Communications Development, Development, DNS, Encryption, HTTP, https, HTTPS/TLS security, Infrastructure, Internet, Internet protocol suite, Power User, Security, Software Development, TCP, TLS | Leave a Comment »

Windows chocolatey Wireshark install: ensure you install nmap too, so you have a pcap interface for capturing!

Posted by jpluimers on 2021/08/19

Wireshark is indispensable when doing network communications development or DevOps.

This is my choco-install-network-tools.bat batch file to install Wireshark and the pcap dependency which nmap provides:

choco install --yes nmap
:: wireshark requires a pcap for capturing; nmap comes with npcap which fulfills this dependency
:: see:
:: - https://chocolatey.org/packages/wireshark
:: - https://chocolatey.org/packages/win10pcap
:: - https://chocolatey.org/packages/WinPcap
:: - https://chocolatey.org/packages/nmap
choco install --yes wireshark

Yes, I know: Windows Subsystem for Linux could have an easier installation, but the above:

works on non-Windows-10 as well
saves me from a Wireshark UI inside Windows Subsystem for Linux by fiddling with the X Window System (yes, it can be done: [WayBack] Hands-On with WSL: Running Graphical Apps — Virtualization Review)

See:

[WayBack] Chocolatey Software | Wireshark 3.0.5
[WayBack] Chocolatey Software | WinPcap 4.1.3.20161116 (development has stopped, plus it has a dependency on [WayBack] autohotkey.portable, which might interfere with [WayBack] autohotkey.install or [WayBack] autohotkey)
[WayBack] Chocolatey Software | win10pcap (Install) 10.2.5002
[WayBack] Chocolatey Software | Nmap 7.80
[WayBack] Chocolatey Software | Npcap 0.86

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, nmap, Power User, Software Development, Windows, Windows 10, Windows 8.1, WSL Windows Subsystem for Linux | Leave a Comment »

Auto connect SSH without autossh?

Posted by jpluimers on 2021/08/10

Hopefully an example ssh config will follow.

[WayBack] Jeroen Pluimers on Twitter: “Would you mind sharing a trimmed down version of your ~/.ssh/config file? The bits from your posts are a bit fragmented now, so I’ve lost the overview (:”

–jeroen

Read the rest of this entry »

Posted in *nix, Communications Development, Development, Internet protocol suite, Power User, SSH, ssh/sshd, TCP | Leave a Comment »

On my list of things to try: Amazon SES for outbound/inbound email handling

Posted by jpluimers on 2021/08/10

SES mail servers at the time of writing

*n*x:

# nslookup -type=TXT amazonses.com | grep "v=spf1"
amazonses.com   text = "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:76.223.180.0/23 ip4:76.223.188.0/24 ip4:76.223.189.0/24 ip4:76.223.190.0/24 -all"I

Windows

C:\>nslookup -type=TXT amazonses.com | find "v=spf1"
Non-authoritative answer:
        "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:76.223.180.0/23 ip4:76.223.188.0/24 ip4:76.223.189.0/24 ip4:76.223.190.0/24 -all"

These addresses use a compact CIDR notation to denote ranges of networks containing ranges of network IPv4 addresses.

CIRD processing to sendmail access file

(this is linux sendmail only)

Converting the nslookup outout to a CIDR based sendmail /etc/mail/access excerpt goes via a pipe sequence of multiple sed commands:

# nslookup -type=TXT amazonses.com | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g' | xargs -I {} sh -c "prips {} | sed 's/$/\tRELAY/g'"
199.255.192.0   RELAY
199.255.192.1   RELAY
...
76.223.190.254  RELAY
76.223.190.255  RELAY

What happens here is this:

Filter out only spf1 records using grep.
Remove the head (.*v=spf1 ip4:) and tail ( -all") of the output, see [WayBack] use of alternation “|” in sed’s regex – Super User.
Replaces all ip4: with newlines (so the output get split over multiple lines), see [WayBack] linux – splitting single line into multiple line in numbering format using awk – Stack Overflow.
Convert the CIDR notation to individual IP addresses (as sendmail cannot handle CIDR),
1. This uses a combination of xargs with the sh trick to split the CIDR list into separate arguments, and prips (which prints the IP addresses for a CIDR); see:
  - for xargs with sh: [WayBack] shell – Piping commands after a piped xargs – Unix & Linux Stack Exchange
  - for prips: [WayBack] prips / Prips · GitLab and [WayBack] Sendmail Open Source FAQs 0 (PDF).
2. Alternatively, use
  - cidrexpand (which requires Perl), see [WayBack] sendmail access file and cidrexpand and [WayBack] cidrexpand in sendmail | source code search engine
  - the bash script at [WayBack] ip address – Bash script to list all IPs in prefix – Stack Overflow
Replaces all end-of-line anchor ($) with a tab followed by RELAY, see
- [WayBack] Bash sed replace double dollar sign $$ extended regular expressions – Unix & Linux Stack Exchange
- [WayBack] Sendmail 8.12.3 cf/README – Anti-Spam Configuration Control

You can append the output of this command to /etc/mail/access, then re-generate /etc/mail/access.db and restart sendmail; see for instance [WayBack] sendmail access.db by example | LinuxWebLog.com.

Without the xargs, the output would look like this:

# nslookup -type=TXT amazonses.com | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g'
199.255.192.0/22
199.127.232.0/22
54.240.0.0/18
69.169.224.0/20
76.223.180.0/23
76.223.188.0/24
76.223.189.0/24
76.223.190.0/24

Via

–jeroen

Posted in *nix, *nix-tools, Amazon SES, Amazon.com/.de/.fr/.uk/..., Cloud, Communications Development, Development, Infrastructure, Internet protocol suite, Power User, sendmail, SMTP, Software Development | Leave a Comment »

« Previous Entries

Next Entries »

	Jeroen Wiert Pluimer… on Does Odido (the old T-Mobile N…
	Lars Fosdal on Security alarm provider Woonve…
	Thomas Mueller on Question got closed in May 202…
	Thaddy de Koning on Formulier voor bewindvoerders…
	Thaddy de Koning on Formulier voor bewindvoerders…

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Internet protocol suite’ Category

GitHub – proxykit/ProxyKit: A toolkit to create code-first HTTP reverse proxies on ASP.NET Core

5 days before the Let’s Encrypt’s Root Certificate is expiring!

The spookback localghost address to resolve 👻

Chocolatey: when upgrades or installs keep insisting the hash has changed, and over time the mismatch changes as well

Most network protocols are TCP based, so be aware ping uses ICMP and traceroute UDP

Tricks used by software developers to https://127.0.0.1

Result for atlassian-domain-for-localhost-connections-only.com/A with DNSSEC validation:

For my link archive: DNS over https

DNS over HTTPS

JSON DNS output

Windows chocolatey Wireshark install: ensure you install nmap too, so you have a pcap interface for capturing!

Auto connect SSH without autossh?

On my list of things to try: Amazon SES for outbound/inbound email handling

SES mail servers at the time of writing

CIRD processing to sendmail access file

Via

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Internet protocol suite’ Category

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Result for atlassian-domain-for-localhost-connections-only.com/A with DNSSEC validation:

Rate this:

Share this:

DNS over HTTPS

JSON DNS output

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

SES mail servers at the time of writing

CIRD processing to sendmail access file

Via

Rate this:

Share this: