CNAME records in place of A records
kevin.east at theeasts.net
Fri Nov 6 10:44:04 UTC 2020
Are you using A records in a domain you own and pointing at their IPs? I'm
not aware of any security vulnerability exploiting A vs CNAME. If they are
hosting on a domain they own vs one you own, the use of a CNAME would allow
them to change the A record IP without less impact to you, it would also
allow them to remove the A record and effectively stop traffic targeting
the host via a resolved IP.
On Fri, Nov 6, 2020, 4:08 AM Dovid Bender <dovid at telecurve.com> wrote:
> Sorry if this is a bit OT. Recently several different vendors (in
> completely different fields) where they white label for us asked us to
> remove A records that we have going to them and replace them with CNAME
> records. Is there anything *going around* in the security aranea that has
> caused this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG