[treysis]

And then they have a certificate. What are they going to do with it? It's still not installed on your server.

[yzmtf2008]

Suddenly whatever.has-a.name is pointing to a different IP address and that server has the cert installed. Oops.

[treysis]

So same trust you put in any 3rd party DNS service. But I agree there's less contractual bindings to this service than an account somewhere that you even might pay some money for it.

[yzmtf2008]

I guess the point of all this discussion is "don't trust a random guy on the Internet that offers to host DNS for you", but also we place way too much trust on DNS.