It's a free text field.

So what? Most DNS related fields are free text fields. You could put anything in them, if you don't want it to work.

that the collection of world's best militaries just forgot, and have continuously forgotten for years, how the web works?

Even the best people can make mistakes. But we're not talking about the best people, we're talking about NATO.

• 2009
• 2011
• 2012
• 2022
• 2023 (twice!).

And they're just the ones I found in 30s of googling.

The evidence has nothing to do with CDN and everything to do with following the trail of ownership of the kill list domain to servers controlled by NATO, including a period back in 2015 when the kill list was literally hosted inside the nato.int network. Unless you think that NATO's IT department are so incompetent that they allowed Ukrainian hackers to break into their servers and upload files and didn't notice for a year?

Anyway, there is no evidence that Ukrainian web devs hacked into NATO's web servers and uploaded their files, but there is evidence that the Ukrainians were using servers inside the NATO domain for file storage. Nothing to do with CDN. They are irrelevant. The only comment made about CDNs was that some of the domains registered had "cdn" in their name and so might have been used for CDN.

If I make a cdn hosted site and make your saidit user page appear in that field. Which is a free text field. Then you'll have to stand by the entire content of the page I make, right?

You can put anything you like in a CDN field if you don't want it to work. If you want it to actually work you have to put in an actual CDN server.

But if you want to host files in a domain that I control, you either need to break in, or you need permission. CDN is a red herring. It is irrelevant.