Learn

Plain-English walk-throughs of the concepts behind each section of a CertGrade scan. No prior knowledge assumed. Each article is built around the same idea as the scanner itself: show what's actually happening, explain the tradeoffs, name the legitimate reasons configurations end up the way they are.

Available articles

• How DNS actually works

  What happens between typing a URL and getting a response — the stub resolver, the recursive resolver, root and TLD nameservers, authoritative servers, TTL and caching, Traffic Manager / GSLB, and how anycast differs from DNS-level routing.

Coming soon

Topics queued for the next batch of writing:

• How TLS works — the handshake, certificates, cipher suites, the chain of trust, and why TLS 1.3 was such a big deal.
• HTTP security headers — what each header actually does, why they're hard to deploy, and the failure modes when you don't have them.
• Email security (SPF, DKIM, DMARC, MTA-STS) — why email spoofing is still easy in 2026 and what each record locks down.
• Certificate Transparency — public logs, mis-issuance detection, and what crt.sh actually shows you.

Suggest topics or specific points you'd like covered by opening an issue on the project's GitHub.