|
|
|
|
|
|
by agwa
969 days ago
|
|
|
That can help with the ongoing maintenance of your records, but doesn't help you when you're adding the record in the first place. As pointed out by singron at https://news.ycombinator.com/item?id=38069760 a malicious service provider (SP1) could give you a DNS record that was really issued by a different service provider (SP2). When you publish the DNS record, you're actually authorizing SP1's account at SP2 to use your domain. With non-opaque records, you can be sure of what you're publishing. |
|
|