Re: [cobalt-users] Remote DNS/MX Records <Security>

[flash22@xxxxxxx]

On Tue, 30 Jan 2001, Craig Napier wrote:

> I'm curious if anyone knows of any outright problems in allowing users to 
> control their own DNS/MX records while hosting their domain's on your 
> systems? I seem to be getting more and more users wanting to control their 
> own DNS/MX records through all these little add-ons they get from these 
> registers nowadays... Is allowing this practice a good or bad idea <and 
> why>..?

 They can corrupt your own nameserver records if they collide ns records,
they can setup a domain with no reference to you and spam the net, and
your isp will get all the complaints instead of you because noone will be
able to easily figure out who hosts them, they will probably not
understand how to do it properly and will blame you when their web site
doesn't work properly, they will call you on the phone 20 times trying 
to figure out how to do it properly and you will end up doing it for
them enyway..bind on the raq runs as root ...so you weaken
security whenever you release control over any aspect of it...if they loop
MX records it's your mail server that gets bombed...

Only good reason that comes to mind is that reasonably advanced users can
do something themselves that would take you about 2 minutes to do...

ok, i'm a little pessamistic on users in general, i'll admit, but it has
to do a little with some who call me up and yell when the internet dies,
when their unrelated internal mail server blows it's cookies...when they
download the latest greatest virus...these are not people i'd let anywhere
near something as critical to the server as dns ;0

10cents...