RE: SRV records etc
This is, of course, *not* what SRV records were intended for. In my experience, most of these proof of domain ownership idiots will also offer TXT records as an alternative. Speaking of SRV misuse/misapplication, Microsoft's use of SRV records as a generic domain-remapping mechanism for Exchange Autodiscover (so people can cheap out on their SSL certs, usually not realizing that, in the absence of ubiquitous DNSSEC, they are downgrading their security by doing so, TNSTAAFL) falls into the same category. Semantically, PTR records could have served the same function more compactly/efficiently, but would have the same security-downgrade issue. (Despite misconceptions to the contrary, the use of PTR records is *not* limited to reverse mappings). - Kevin -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Lightner, Jeff Sent: Wednesday, February 11, 2015 8:40 AM To: comp-protocols-dns-b...@isc.org Subject: RE: SRV records etc SRV definitely still required for some applications. Some cloud based application providers have you add them to verify you own the domain to which they're tying their services so you don't use them to hijack other people's domains. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin Sent: Tuesday, February 10, 2015 9:14 PM To: comp-protocols-dns-b...@isc.org Subject: Re: SRV records etc In article mailman.1603.1423618610.26362.bind-us...@lists.isc.org, Kevin Oberman rkober...@gmail.com wrote: HINFO is getting pretty rare. The security issues are pretty obvious and its advantages are rather limited. I thought they were deprecated ages ago, but I can't find anything official about that. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SRV records etc
In article mailman.1608.1423662027.26362.bind-us...@lists.isc.org, Lightner, Jeff jlight...@dsservices.com wrote: SRV definitely still required for some applications. Some cloud based application providers have you add them to verify you own the domain to which they're tying their services so you don't use them to hijack other people's domains. I was talking about HINFO, not SRV. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin Sent: Tuesday, February 10, 2015 9:14 PM To: comp-protocols-dns-b...@isc.org Subject: Re: SRV records etc In article mailman.1603.1423618610.26362.bind-us...@lists.isc.org, Kevin Oberman rkober...@gmail.com wrote: HINFO is getting pretty rare. The security issues are pretty obvious and its advantages are rather limited. I thought they were deprecated ages ago, but I can't find anything official about that. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: SRV records etc
SRV definitely still required for some applications. Some cloud based application providers have you add them to verify you own the domain to which they're tying their services so you don't use them to hijack other people's domains. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin Sent: Tuesday, February 10, 2015 9:14 PM To: comp-protocols-dns-b...@isc.org Subject: Re: SRV records etc In article mailman.1603.1423618610.26362.bind-us...@lists.isc.org, Kevin Oberman rkober...@gmail.com wrote: HINFO is getting pretty rare. The security issues are pretty obvious and its advantages are rather limited. I thought they were deprecated ages ago, but I can't find anything official about that. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SRV records etc
On Tue, Feb 10, 2015 at 4:35 PM, Mike Hoskins (michoski) micho...@cisco.com wrote: -Original Message- From: John j...@klam.ca Date: Tuesday, February 10, 2015 at 7:29 PM To: bind-users@lists.isc.org bind-users@lists.isc.org Subject: SRV records etc How useful are SRV records? Are they worth installing? What are their benefits, and pitfalls? Similar question about HINFO. In my limited experience, this is a question about requirements... In the past I had to support applications which made extensive use of SRV for service discovery. It was a requirement, it worked well in testing, so we considered it useful and happily supported it. :-) SRV records are almost essential for some applications. I can't imagine not supporting them. HINFO is getting pretty rare. The security issues are pretty obvious and its advantages are rather limited. -- Kevin Oberman, Network Engineer, Retired E-mail: rkober...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SRV records etc
In article mailman.1603.1423618610.26362.bind-us...@lists.isc.org, Kevin Oberman rkober...@gmail.com wrote: HINFO is getting pretty rare. The security issues are pretty obvious and its advantages are rather limited. I thought they were deprecated ages ago, but I can't find anything official about that. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SRV records etc
-Original Message- From: John j...@klam.ca Date: Tuesday, February 10, 2015 at 7:29 PM To: bind-users@lists.isc.org bind-users@lists.isc.org Subject: SRV records etc How useful are SRV records? Are they worth installing? What are their benefits, and pitfalls? Similar question about HINFO. In my limited experience, this is a question about requirements... In the past I had to support applications which made extensive use of SRV for service discovery. It was a requirement, it worked well in testing, so we considered it useful and happily supported it. :-) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users