I have played with DNS a lot lately, and I have found that some big companies’ web sites use the Akamai NS as the Name Server for their WWW servers, for example:
$>nslookup > www.redhat.com Server: 192.168.43.1 Address: 192.168.43.1#53 Non-authoritative answer: www.redhat.com canonical name = www.redhat.com.edgekey.net. www.redhat.com.edgekey.net canonical name = www.redhat.com.edgekey.net.globalredir.akadns.net. www.redhat.com.edgekey.net.globalredir.akadns.net canonical name = e86.b.**akamaiedge**.net. Name: e86.b.**akamaiedge**.net Address: 22.214.171.124 > www.ynet.co.il Server: 192.168.43.1 Address: 192.168.43.1#53 Non-authoritative answer: www.ynet.co.il canonical name = ynet.co.il.d4p.net. ynet.co.il.d4p.net canonical name = a39.g.**akamai**.net. Name: a39.g.**akamai**.net Address: 126.96.36.199
I have looked up at the Akamai website, but couldn’t find the exact problem this is supposed to solve for its users, but I could understand that it is related to security (maybe to prevent DDOS attacks).
Does anybody know what kinds of attacks it is supposed to solve? or maybe I am just wrong and there isn’t any relation to security but to outsourcing the DNS management?
It's a couple of things. The answers above are right, but also missing an important feature.
It is for DDoS prevention. DNS is one of the last unencrypted, unauthenticated, UDP protocols in common use on the Internet. That makes it great for reflected or bot-directed attacks. Using a DNS service can help keep those from hitting your data center.
It is for optimization: we can steer the response to a server near you. There can be lots of A/AAAA records for each name, and we might give out different ones in London than in Berlin.
There's also a misfeature of the DNS protocol: you can't have a CNAME and an MX record for the same name. Well, if we can tell whether you're a mail server looking to relay or an end client looking for a web site, we can show you one or the other. Look at https://www.akamai.com/us/en/products/security/fast-dns.jsp for words like "zone apex mapping" to read more.
(Note: I work for Akamai Information Security; this is neither my personal statement, nor Akamai's, but the product of editing by others)
Answered by Brian Sniffen on November 11, 2021
Akamai is one of the largest CDN companies in the world. CDN networks make web sites perform faster by bringing content closer to web sites visitors, through different technologies.
CDN can shield web sites from surges in traffic whether it was benign traffic (a site hosting a hot video), or malicious when the site is under DDoS attacks. This protection comes from the size/scalability of CDN vs a regular web site's (10000s of servers vs 10s).
For the content web sites want to be served via CDN they will create a CNAME that points to an A record that belongs to the CDN (as the output of
Answered by Bassec on November 11, 2021
0 Asked on January 21, 2021 by compsciguy
1 Asked on January 20, 2021
4 Asked on January 20, 2021 by sentinel
3 Asked on January 18, 2021 by zud
0 Asked on January 17, 2021 by gloomyfit
1 Asked on January 16, 2021 by thunderbolt
0 Asked on January 14, 2021 by mechmk1
3 Asked on January 14, 2021 by brill
5 Asked on January 13, 2021 by sfrj
1 Asked on January 13, 2021 by joshnow
1 Asked on January 12, 2021 by awaaaaarghhh
2 Asked on January 10, 2021 by 888-999
22 Asked on January 9, 2021
2 Asked on January 8, 2021 by brigante
0 Asked on January 6, 2021 by olle-hudga
Get help from others!