Private IP address in public DNS

Some people will say no public DNS records should ever disclose private IP addresses….with the thinking being that you are giving potential attackers a leg up on some information that might be required to exploit private systems. Personally, I think that obfuscation is a poor form of security, especially when we are talking about IP … Read more

Do SPF Records For Primary Domain apply to subdomains?

You need to have separate SPF records for each subdomain you wish to send mail from. The following was originally posted on openspf.org, which used to be a great resource for this kind of thing. Latest link http://www.open-spf.org/FAQ/The_demon_question/ The Demon Question: What about subdomains? If I get mail from pielovers.demon.co.uk, and there’s no SPF data … Read more

Multiple data centers and HTTP traffic: DNS Round Robin is the ONLY way to assure instant fail-over?

When I use the term “DNS Round Robin” I generally mean in in the sense of the “cheap load balancing technique” as OP describes it. But that’s not the only way DNS can be used for global high availability. Most of the time, it’s just hard for people with different (technology) backgrounds to communicate well. … Read more

Is a CNAME to CNAME chain allowed?

From RFC 1034 – Domain names – concepts and facilities: Domain names in RRs which point at another name should always point at the primary name and not the alias. This avoids extra indirections in accessing information. For example, the address to name RR for the above host should be: 52.0.0.10.IN-ADDR.ARPA IN PTR C.ISI.EDU rather … Read more