INTENAL tk0600-9501-197720230426
<Entities
in Hosting | status |
ITcmty
- Registry [multi-jurisdiction]
- global DB, WHOIS, NS, SOA, 13× TLD Root Servers
- Status:
inactive/hold/prohibit
- ICANN Domain Registrar
+
Agent
[m4/efl]
- dashboard: NS "pointing", initiate xfer, Registrar-Lock
- legal Registrant: lock, shielded contacts, proxying, confirm WHOIS [subject to formal
verification rules!]
- international public WHOIS records
- DNS
Server Hosting: SOA, all records, TTL [m4/ionos, designated NS]
- ISP / Public DNS Servers [client side]
- Wireless carrier [mobile client]
- DNS caching (esp. negative caching)
- DNS hijack @host level, or perimeter router/proxy
- active external MITM
Attack
transparent proxy, with stale DNS
- published SPF/DKIM/DMARC
- CDN
(optional)
- front-end + geographically dispersed caching server
- DDOS filter & load-balancing
- Akamai,
CloudFront, Azure CDN, Cloudflare, GoogleCloud,
Level 3, Verizon, AT&T
- Reverse Proxy / Tunnel / VPN
- Cloudflare: DDOS/auth/index/concentrator/centralized
logging; obfuscated origin
- Tailscale: dynamic P2P mapping, CGNAT, 2xNAT
- OpenVPN: persistent static "bridgehead"
- Web Host
(http server): [wix?/m4?/gdy?]
- TLS cert: trusted CA? ... self-issued [IT dept/ext]
- Apache / IIS / Nginx / FP / ColdFusion
- CMS (if
dynamic site)
- standard-based: WordPress, Jamstack, Drupal, Joomla
- proprietary*:
Squarespace, Wix, Weebly, Jimbo, Site123
- themes, plug-ins, extensions (essentially override
baseline CMS)
- backend: MySQL, MS-SQL, MariaDB
- SaaS: SalesForce, Stripe, etc.
- Web Developer
+ administrator + content manager + social
media manager
- eMail
Server: separate, but oft-bundled... VERY related: MX records [m4/ionos]
- EXG hosted Exchange plan
- DLP / AV / spam filter / archive server
- integration with on-site Exchange Server &
apparatuses
- ProofPoint, MXDB, RBS/DNSBL... Barracuda/Mimecast
- SMTP mailgun, mailjet, mailchimp, SES, sendinblue
- see also:
SPF/DKIM/DMARC (domain DNS server layer)
*
no API, and non-transferable (captive hosting)