DNS-Based Defense

We’re going to look at three different DNS-based defenses for preventing anyone from forging email that looks like it came from your domain. It will be useful to be able to query DNS records to understand these defenses and configure them for your domains. If you’re running a Unix-like operating system like Mac OS or Linux, you’ll have a program called dig installed. You can run dig at the command line. You can read the man page for more details, but for our purposes all you need to know is to run dig with two arguments—the host or domain you want to learn more about and the keyword txt. That will look like this:

 $ ​​dig​​ ​​punkgrok.org​​ ​​txt
 
 ; <<>> DiG 9.8.3-P1 <<>> punkgrok.org txt
 ;; global options: +cmd
 ;; Got ...

Get Practical Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.