dns

pihole for dns cache/forwarder
SRV records for port numbers
pozzed by companies
- pay to play or have domain highjacked by adds once traffic increases
- piratebay domain wars
- numerous known malware domains exist for years
- few implement security 'properly'
  - wildcard cert pinning with BGP route hijack protection (crypto exchange was attacked by this)
- registrars are generally rent seeking tater heads
  - cloudflare takes law into own handles despite claims of being 'impartial'
    - extortion racket for ddos protection
      - blocks sites that critic them on 1.1.1.3
      - allows 'stressers', malware, doxing for hire services to remain in perpetuity
        
        malwarebytes blocked cloudflare ip space because of their unresponsiveness. Cloudflare doubled down despite logs of malware saying it was 'protected speech' to distribute malware
      - personal threats to individuals who criticized them
        
        ex. cloudbleed, cloudflare lobbied the FTC to personally investigate the security researchers and questioned the legality of openly discussing security research
    - banned 8chan
    - banned kiwifarms (banned by ddos guard the next day)
  - namecheap ceo challenges 'security researchers' to hack their customers accounts on twitter for 'clout'
    - less than a day after their support portal leaks db info
Certificate Transparency logs https://www.gstatic.com/ct/log_list/v3/all_logs_list.json with schema https://www.gstatic.com/ct/log_list/v3/log_list_schema.json.

DNS

notes