short posts on the tools this site ships and the plumbing behind them.
· mcp · ai · workflow · networking
The current generation of AI assistants can hold the context, reason about failure modes, and call tools in parallel — three things that turn network diagnostics from a twenty-tab browser session into a five-line chat thread. Here is a concrete workflow.
· mcp · claude · ai · dns
Claude Desktop supports remote MCP servers, which means any tool a server advertises becomes a first-class capability inside your chat. drwho.me's MCP endpoint ships ten domain-dossier checks; here is how to wire it up.
· ip · networking · geolocation · asn
IP geolocation is a series of inferences from public routing data. City-level accuracy is the best you should expect; rural and mobile IPs are much worse. This post walks through what ASN, ISP, and org fields actually represent and when each is trustworthy.
· tls · ssl · certificates · security
A certificate outage is never unlucky — it is the predictable outcome of not knowing what you have deployed. This post covers what to inspect on a live TLS certificate and the surprises that only show up in the final week.
· cors · http · browsers · api
CORS preflight is the OPTIONS request a browser sends before a "non-simple" cross-origin fetch to verify the server allows the real request. This post explains what triggers a preflight, what the server must return, and the five failure modes you will actually encounter.
· security · http · headers · csp · hsts
A focused tour of the HTTP response headers that protect modern web applications — HSTS, Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, Permissions-Policy — with the minimum-viable value for each and the common misconfigurations to avoid.
· redirects · http · seo · performance
Long redirect chains bleed SEO link equity, eat mobile latency, and mask misconfiguration. This post walks through how browsers and crawlers handle redirects, what counts as too many hops, and how to trace a chain end-to-end.
· email · spf · dkim · dmarc · deliverability
If your transactional email keeps landing in spam, the problem is almost always an authentication stack that is incomplete or misaligned. This checklist walks SPF, DKIM, and DMARC in the order you should configure them, with verification checks at each step.
· dkim · email · dns · cryptography
DKIM signatures are signed by a key identified by a selector, but the selector is not documented anywhere your receivers can find. This post explains how selectors work, why discovery is hard, and which selectors the common senders use.
· spf · email · dns · deliverability
RFC 7208 caps SPF evaluation at ten DNS lookups. Exceed that and your SPF record returns PermError, which DMARC treats as a hard fail. This post covers why the limit exists, how include chains explode the count, and three practical fixes.
· dmarc · email · spf · dkim · deliverability
DMARC is the email-authentication policy layer that tells receiving mail servers what to do when an SPF or DKIM check fails. This post covers the record format, policy levels, reporting, and how to verify your setup in thirty seconds.
· dns · doh · cloudflare · privacy
Classical DNS is plaintext UDP — anyone on the path can read or forge your queries. DoH moves resolution over HTTPS, encrypting the transport. Here is how Cloudflare's endpoint works and why the JSON format matters for browser-side tools.
· vercel · edge · http-headers · nextjs
Behind a CDN the socket address is always the edge node. The real client IP travels in x-forwarded-for — here is how to read it safely in a Next.js 15 route handler.