RE: SRV records etc

Wed, 11 Feb 2015 08:40:58 -0800 

This is, of course, *not* what SRV records were intended for. In my experience, 
most of these "proof of domain ownership" idiots will also offer TXT records as 
an alternative.

Speaking of SRV misuse/misapplication, Microsoft's use of SRV records as a 
generic domain-remapping mechanism for Exchange Autodiscover (so people can 
cheap out on their SSL certs, usually not realizing that, in the absence of 
ubiquitous DNSSEC, they are downgrading their security by doing so, TNSTAAFL) 
falls into the same category. Semantically, PTR records could have served the 
same function more compactly/efficiently, but would have the same 
security-downgrade issue. (Despite misconceptions to the contrary, the use of 
PTR records is *not* limited to reverse mappings).

                                                                        - Kevin

-----Original Message-----
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Lightner, Jeff
Sent: Wednesday, February 11, 2015 8:40 AM
To: comp-protocols-dns-b...@isc.org
Subject: RE: SRV records etc

SRV definitely still required for some applications.   Some cloud based 
application providers have you add them to verify you own the domain to which 
they're tying their services so you don't use them to hijack other people's 
domains.

-----Original Message-----
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin
Sent: Tuesday, February 10, 2015 9:14 PM
To: comp-protocols-dns-b...@isc.org
Subject: Re: SRV records etc

In article <mailman.1603.1423618610.26362.bind-us...@lists.isc.org>,
 Kevin Oberman <rkober...@gmail.com> wrote:

> HINFO is getting pretty rare. The security issues are pretty obvious 
> and its advantages are rather limited.

I thought they were deprecated ages ago, but I can't find anything official 
about that.

--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to