IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [dns-domain]

A domain name is an identification string that defines a realm of administrative autonomy, authority, or control on the Internet. Domain names are formed by the rules and procedures of the Domain Name System (DNS). Technically, any name registered in the DNS is a domain name.

135 questions
14
votes
3 answers

Domain name expiration and TLS

If I purchase a domain name that has expired, do I have any assurance that the previous owner does not have a valid HTTPS certificate for the site? In other words, do CAs check domain name expiration dates when issuing a certificate to ensure the…
PulpSpy
  • 2,204
  • 15
  • 19
14
votes
2 answers

What problem does DNSSEC solve?

I have read through the questions tagged DNSSEC on this site, and over the years you hear statistics about DNSSEC adoption and about organizations enabling it on their domains... but nobody mentions what they are actually trying to solve. Well, that…
Luc
  • 31,973
  • 8
  • 71
  • 135
12
votes
4 answers

How to stop/detect someone else registering a certificate for my domain

With the proliferation of low-cost automated CAs what can be done to mitigate the attack of someone doing a spear phishing attack to get a login to our webmail system, then using an automated service like RapidSSL to issue a new certificate for…
Scott Chamberlain
  • 1,320
  • 1
  • 9
  • 16
11
votes
2 answers

How to protect against exploitation using a lapsed domain

Consider a domain that had been in active use for some time but is no longer desired — perhaps the company is out of business or a name change took place years ago, or whatever. The domain registration will be allowed to lapse. I'm guessing there…
Andrew Vit
  • 825
  • 1
  • 6
  • 9
10
votes
1 answer

Why can the validity of an SSL certificate exceed the registration period of a domain?

I can understand why one might desire to purchase a certificate for multiple years but I am left wondering why it appears to be possible to obtain a valid certificate for a domain that may have come under new ownership by way of registering for a…
Squeak
  • 271
  • 1
  • 5
8
votes
2 answers

Is it reasonable to keep control panel in separate subdomain or domain?

Since I'm quite beginner to information and websites security, I'd like to ask more experienced people about and idea, that just crossed my mind (probably isn't my original discovery! :]). With introduction of so many new top-level domains, would it…
trejder
  • 3,329
  • 5
  • 23
  • 33
8
votes
2 answers

Why some applications host the API in a different domain?

I have seen a trend of applications moving their APIs to other domains (from api.application.com to api.applicationapi.com). Two examples: 3.basecampapi.com and api.dropboxapi.com Is there a security benefit to host the API in a different domain…
Victor
  • 373
  • 1
  • 10
8
votes
2 answers

Did scammers take control of a subdomain to host phishing site?

This morning I received a text message (ostensibly) from my bank: We need to contact you. Please visit https://paymentassistance.nationwide.co.uk for more information My spidey sense immediately tingled. I've never received an SMS from my bank…
Whitehaven
  • 81
  • 1
  • 4
7
votes
1 answer

Does dnssec protect against malicious registrars?

With the recent conspiracy theories around the registrar MarkMonitor Inc., the question arises, if DNSSEC protects against a registrar going malicious (or being attacked). This is especially interesting in the context of SSL certificates. At the…
Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
6
votes
3 answers

Does domain privacy make a domain less secure?

Does buying domain privacy make the domain more secure against hijacking? Would it make the domain less secure against losing it, if the registar gets bankrupt? I am afraid that the domain could be seized to pay the debt of the registrar, if buying…
Quora Feans
  • 1,861
  • 1
  • 12
  • 20
6
votes
2 answers

How can Cloudflare determine the owner of a website?

Assume that we have two websites with two different owners. Both of them set their domain name server to john.ns.cloudflare.com and joly.ns.cloudflare.com. The first owner set both domains in his account in CloudFlare and set server IP to his server…
Ebrahim Poursadeqi
  • 181
  • 4
6
votes
1 answer

DNS Tunneling - Mitigation

I believe the root cause for DNS tunneling is because the internal hosts are allowed to do recursive queries of external domains. For DNS tunneling to work, an internal host should be able to send queries to attacker controlled domain…
bAd bOy
  • 61
  • 3
6
votes
2 answers

Malicious users trying to create yahoo accounts with random emails at my domain?

Recently, I have been getting a string of emails from yahoo with people trying to create accounts or add email addresses @mydomain.tld to their account. I was wondering if anyone else has seen this type of behavior and if they know what type of…
Eric G
  • 9,691
  • 4
  • 31
  • 58
6
votes
2 answers

Could a stolen certificate show as trusted?

I have recently started learning about PKI and have the following question/s. As far as I know a signed certificate contains the domain name of the server that the certificate will be placed upon. If I were to change the 'hosts' file of a PC and…
RJSmith92
  • 311
  • 2
  • 9
5
votes
3 answers

How do you verify a certificate belongs to a domain?

I'm using PHP and trying to verify a SSL certificate belongs to the SMTP domain/IP I'm connecting to. Currently I can verify the certificate is valid using the following code $resource = fsockopen( "tcp://mail.example.com", 25, $errno, $errstr );…
Xeoncross
  • 313
  • 2
  • 12
1
2
3
8 9