Vulnerability Disclosure Policy
How to responsibly disclose security issues related to PublicDNS.nl.
Scope
This policy covers PublicDNS.nl and related infrastructure operated under the same domain, unless explicitly excluded. Third-party services (such as hosting, analytics or advertising platforms) are generally out of scope.
How to report
If you believe you have found a security vulnerability, please:
- Do not publicly disclose the details until we have had a reasonable opportunity to investigate and fix the issue.
- Provide a clear and concise description, including steps to reproduce, affected URLs or hosts, and any proof-of-concept code or screenshots.
- Send your report to security@publicdns.nl or the contact channels listed in our security.txt.
What we ask from you
- Act in good faith and avoid unnecessary disruption or data loss.
- Do not access, modify or delete data that does not belong to you, beyond what is strictly necessary to demonstrate the issue.
- No social engineering, phishing or physical attacks.
- No spam, DDoS or excessive automated traffic.
What you can expect from us
- We will acknowledge your report as soon as reasonably possible.
- We will investigate and triage the issue.
- We will keep you informed about the resolution status where possible.
- If appropriate, we may credit you on our Hall of Fame page, with your consent.
Legal
As long as you act in good faith, respect this policy and limit your actions to what is necessary to demonstrate the vulnerability, we will treat your research as a responsible disclosure and not initiate legal action against you solely based on your report.