CNAME records in place of A records

Kevin East kevin.east at
Fri Nov 6 10:44:04 UTC 2020

Are you using A records in a domain you own and pointing at their IPs? I'm
not aware of any security vulnerability exploiting A vs CNAME.  If they are
hosting on a domain they own vs one you own, the use of a CNAME would allow
them to change the A record IP without less impact to you, it would also
allow them to remove the A record and effectively stop traffic targeting
the host via a resolved IP.

On Fri, Nov 6, 2020, 4:08 AM Dovid Bender <dovid at> wrote:

> Hi,
> Sorry if this is a bit OT. Recently several different vendors (in
> completely different fields) where they white label for us asked us to
> remove A records that we have going to them and replace them with CNAME
> records. Is there anything *going around* in the security aranea  that has
> caused this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list