# Coding 的痕迹

0%

【warning必须采取的安全措施】：请务必确保时刻没有子域名DNS解析到服务器真实IP，并且服务器真实IP必须始终保密！

## 域名解析

1. 查询时会携带期望得到的记录，如正常查询时会请求对应域名的 A 记录。
1. 客户端会首先查询根域名服务器列表，并从中选择一个；此后，它向所有遇到的服务器查询 sunnysab.cn 所对应的 A 记录。根域名服务器自然不知道，于是返回了 cn 对应的名称服务器（NS 记录）a.dns.cnb.dns.cn 等等；紧接着，它向 a.dns.cn 查询 sunnysab.cn 所对应 A 的记录，以此类推。

2. 接第二条，如果我查询一个三级域名，如 a.b.example.com，就要看哪一级别的名称服务器存储了对应的记录。

If you’re running SSL on those domains but don’t have a wildcard cert, it’s probably grabbing them from certificate transparency logs. https://crt.sh is a nice place to look things up (though updates have stopped for a month due to ongoing backend changes).

Crt.sh is a site where you could find all the SSL or TLS certificates of the particular targeted domain. And the site is open-source to monitor the certificates.

The site is in a GUI format and it is really very easy to gather the information and the motive of the site is to keep the certificate logs very transparently.

Even you could find the certificates algorithms in a ciphertext format. The crt.sh stands for “certificates.Saint Helena”

## 后记

• 查询 DNS 历史解析记录
• 网站邮件头信息
• 利用国外主机解析域名