|
|
|
|
|
|
by pjbrunet
4127 days ago
|
|
|
That doesn't really refute the article. Anyone with access to the DNS server could change the email records for a few minutes to intercept mail. A hacker wouldn't have to wait for propagation in that case. And who would notice? This has me thinking, it would be nice to get alerted if a) my DNS records change at registrar level and more importantly if b) my DNS records change at the DNS host level. I think DNS hosts should offer a waiting period option or approval system (with warning alert) for changing email records. Obviously you want website records to change instantly for failover, but I don't want a hacker changing email records in the middle of the night without anyone knowing. I use Linode and DNSMadeEasy and I don't remember either service sending me a notification when an email record was changed. Also, seems like you could sell a 3rd party service to monitor DNS hosts. (I didn't bother to Google if that service exists already.) I'm assuming "dnshistory.org" only pings once per day--pretty much useless info from a security standpoint. |
|
|