0
Protecting the endpoint ID from spoofing.
I would like to understand how NextDNS prevents users from calling the below URL to update the IP in router.
https://link-ip.nextdns.io/ProfileID/some-string-but-same-for-different-profiles
Does it block the IP if lot of wrong calls are made to figure out the profile IDs? One could write the script and try random values to update the IP for some user and affect the functionality.
2 replies
-
The last part is unique to each account and can’t be guessed. A profile ID is also quite difficult to guess. If you know a profile ID, you don’t need to link it to use it; for instance, you could build a DoH URL. Using someone else’s profile ID has no benefits; the risk lies with the person using the profile ID, not the owner.
-
Is the profile ID private information? I would like to put the DNS-over-TLS URL in my public “configuration file”.
Content aside
- 2 mths agoLast active
- 2Replies
- 67Views
-
4
Following