CNAME records in place of A records

Kevin East kevin.east at theeasts.net
Fri Nov 6 10:44:04 UTC 2020


Are you using A records in a domain you own and pointing at their IPs? I'm
not aware of any security vulnerability exploiting A vs CNAME.  If they are
hosting on a domain they own vs one you own, the use of a CNAME would allow
them to change the A record IP without less impact to you, it would also
allow them to remove the A record and effectively stop traffic targeting
the host via a resolved IP.

On Fri, Nov 6, 2020, 4:08 AM Dovid Bender <dovid at telecurve.com> wrote:

> Hi,
>
> Sorry if this is a bit OT. Recently several different vendors (in
> completely different fields) where they white label for us asked us to
> remove A records that we have going to them and replace them with CNAME
> records. Is there anything *going around* in the security aranea  that has
> caused this?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201106/4c27faae/attachment.html>


More information about the NANOG mailing list