[dns-operations] subzone delegation best practice

Michele Neylon - Blacknight michele at blacknight.com
Wed Sep 26 14:32:47 UTC 2018 

Doug

Our issues were primarily "web" related.

Up until a couple of years ago anyone who signed up for a shared hosting account with ourselves was assigned a "temporary" subdomain off our main domain name. Unfortunately even when they had their own domains people kept referencing the placeholder and when their sites got infected or compromised .. 

So now we've moved the new signups to a secondary domain which is only used for the purpose of providing the placeholders. If any of them get compromised and blacklisted our main site won't be impacted.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/ 
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

On 26/09/2018, 15:30, "dns-operations on behalf of Doug Barton" <dns-operations-bounces at dns-oarc.net on behalf of dougb at dougbarton.email> wrote:

    Can you say more about that, Michele? Is this e-mail stuff you're 
    talking about?
    
    On 09/26/2018 05:23 AM, Michele Neylon - Blacknight wrote:
    > We’ve had some “interesting” issues with subdomains getting compromised 
    > and some vendors deciding to blacklist *.ourbrand.tld
    > 
    > So based on our experience I’d avoid it ☺
    > 
    > Letting a 3^rd party use a separate domain OR a subdomain of a secondary 
    > domain name makes more sense for us at least
    > 
    > Regards
    > 
    > Michele
    > 
    > --
    > 
    > Mr Michele Neylon
    > 
    > Blacknight Solutions
    > 
    > Hosting, Colocation & Domains
    > 
    > https://www.blacknight.com/
    > 
    > https://blacknight.blog/
    > 
    > Intl. +353 (0) 59  9183072
    > 
    > Direct Dial: +353 (0)59 9183090
    > 
    > Personal blog: https://michele.blog/
    > 
    > Some thoughts: https://ceo.hosting/
    > 
    > -------------------------------
    > 
    > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
    > 
    > Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
    > 
    > *From: *dns-operations <dns-operations-bounces at dns-oarc.net> on behalf 
    > of Sue Steffen <lilycrown at gmail.com>
    > *Date: *Tuesday 25 September 2018 at 19:33
    > *To: *"dns-operations at lists.dns-oarc.net" 
    > <dns-operations at lists.dns-oarc.net>
    > *Subject: *[dns-operations] subzone delegation best practice
    > 
    > I would like to get the opinions of this list concerning subzone 
    > delegations to 3rd parties.
    > 
    > We have a very recognizable zone name, xyz.com <http://xyz.com>, We have 
    > many publicly facing URL's and the usual email protection records DKIM, 
    > SPF, DMARC.  We are very concerned about protecting our brand.
    > 
    > We also have a multitude of 3rd party vendors providing various niche 
    > services.    These vendors want to have subzones delegated to them so 
    > they can manage their own email-related records an such.  Most of them 
    > we have setup with their own domains to use on our behalf ( like 
    > xyz-them.com <http://xyz-them.com>, xyz-those.com 
    > <http://xyz-those.com>, etc).   We constantly get requests to use a 
    > subzone off of our main zone for these vendors (like them.xyz.com 
    > <http://them.xyz.com>, those.xyz.com <http://those.xyz.com>).
    > 
    > Is it preferable to have 3rd parties use an entirely separate zone, thus 
    > protecting the reputation of our primary zone?  I worry about a mistake 
    > by a vendor causing our main zone to be blacklisted.
    > 
    > Or is it preferable to use subzones off of the main zone, thus giving 
    > the public comfort that they are clicking a link or receiving an email 
    > from a valid xyz.com <http://xyz.com> site?
    > 
    > How does your firm handle 3rd party delegations?
    > 
    > Thanks for your thoughts,
    > 
    > Sue Steffen
    _______________________________________________
    dns-operations mailing list
    dns-operations at lists.dns-oarc.net
    https://lists.dns-oarc.net/mailman/listinfo/dns-operations
    dns-operations mailing list
    https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list