0

Protecting the endpoint ID from spoofing.

I would like to understand how NextDNS prevents users from calling the below URL to update the IP in router. 

https://link-ip.nextdns.io/ProfileID/some-string-but-same-for-different-profiles

Does it block the IP if lot of wrong calls are made to figure out the profile IDs? One could write the script and try random values to update the IP for some user and affect the functionality. 

2 replies

null
    • NextDNs
    • 1 mth ago
    • Reported - view

    The last part is unique to each account and can’t be guessed. A profile ID is also quite difficult to guess. If you know a profile ID, you don’t need to link it to use it; for instance, you could build a DoH URL. Using someone else’s profile ID has no benefits; the risk lies with the person using the profile ID, not the owner.

    • Diti
    • 7 days ago
    • Reported - view

    Is the profile ID private information? I would like to put the DNS-over-TLS URL in my public “configuration file”.

Login to reply

Content aside

  • 6 days agoLast active
  • 2Replies
  • 57Views
  • 4 Following