nanog mailing list archives
Re: CNAME records in place of A records
From: Kevin East <kevin.east () theeasts net>
Date: Fri, 6 Nov 2020 04:44:04 -0600
Are you using A records in a domain you own and pointing at their IPs? I'm not aware of any security vulnerability exploiting A vs CNAME. If they are hosting on a domain they own vs one you own, the use of a CNAME would allow them to change the A record IP without less impact to you, it would also allow them to remove the A record and effectively stop traffic targeting the host via a resolved IP. On Fri, Nov 6, 2020, 4:08 AM Dovid Bender <dovid () telecurve com> wrote:
Hi, Sorry if this is a bit OT. Recently several different vendors (in completely different fields) where they white label for us asked us to remove A records that we have going to them and replace them with CNAME records. Is there anything *going around* in the security aranea that has caused this?
Current thread:
- CNAME records in place of A records Dovid Bender (Nov 06)
- Re: CNAME records in place of A records Jun Tanaka (Nov 06)
- Re: CNAME records in place of A records Ray Orsini (Nov 06)
- Re: CNAME records in place of A records Dovid Bender (Nov 06)
- Re: CNAME records in place of A records Matthias Luft via NANOG (Nov 06)
- Re: CNAME records in place of A records Alain Hebert (Nov 06)
- Re: CNAME records in place of A records Dovid Bender (Nov 06)
- Re: CNAME records in place of A records Kevin East (Nov 06)
- Re: CNAME records in place of A records Sabri Berisha (Nov 06)
- Re: CNAME records in place of A records Doug Barton (Nov 06)
- Re: CNAME records in place of A records Matt Palmer (Nov 08)
- Re: CNAME records in place of A records Rob McEwen (Nov 08)
- Re: CNAME records in place of A records Mark Andrews (Nov 08)
- Re: CNAME records in place of A records Matt Palmer (Nov 08)
- Re: CNAME records in place of A records Mark Andrews (Nov 08)
- Re: CNAME records in place of A records Rob McEwen (Nov 08)
- Re: CNAME records in place of A records Arne Jensen (Nov 09)