[dns-operations] sibling glue
Florian Weimer
fw at deneb.enyo.de
Tue Jun 23 19:04:25 UTC 2015
* Tony Finch:
> A question for those who know more about registry rules than me...
Practically speaking, a registry-style zone operator must filter out
sibling glue, or there will be domain hijacks. The zone operator does
not know the structure of the reselling chain and cannot determine if
two zones are run by the same entity and can therefore properly
cross-glued.
I don't know if this is done consistently. Probably not.
By the way, has anyone reviewed OpenStack Designate for such issues?
(It's supposed to support multiple tenants.)
More information about the dns-operations
mailing list