SRV records etc
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Wed Feb 11 16:38:53 UTC 2015
This is, of course, *not* what SRV records were intended for. In my experience, most of these "proof of domain ownership" idiots will also offer TXT records as an alternative.
Speaking of SRV misuse/misapplication, Microsoft's use of SRV records as a generic domain-remapping mechanism for Exchange Autodiscover (so people can cheap out on their SSL certs, usually not realizing that, in the absence of ubiquitous DNSSEC, they are downgrading their security by doing so, TNSTAAFL) falls into the same category. Semantically, PTR records could have served the same function more compactly/efficiently, but would have the same security-downgrade issue. (Despite misconceptions to the contrary, the use of PTR records is *not* limited to reverse mappings).
- Kevin
-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Lightner, Jeff
Sent: Wednesday, February 11, 2015 8:40 AM
To: comp-protocols-dns-bind at isc.org
Subject: RE: SRV records etc
SRV definitely still required for some applications. Some cloud based application providers have you add them to verify you own the domain to which they're tying their services so you don't use them to hijack other people's domains.
-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Barry Margolin
Sent: Tuesday, February 10, 2015 9:14 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: SRV records etc
In article <mailman.1603.1423618610.26362.bind-users at lists.isc.org>,
Kevin Oberman <rkoberman at gmail.com> wrote:
> HINFO is getting pretty rare. The security issues are pretty obvious
> and its advantages are rather limited.
I thought they were deprecated ages ago, but I can't find anything official about that.
--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list