I am trying to evaluate the risks of allowing users to modify PTR records. 90% of them don't have a clue what a PTR record is but in my case giving access to colocation customers some of the could cause harm with the ptr records. Correct me if I'm wrong but a user can enter free form the in-addr.arpa address for their domain. Thus if the user manages domain foo.com which should point to 1.2.3.4 and my domain is bar.com pointing to 5.6.7.8 it would be quite trivial for the user of foo.com to munge the 8.7.6.5.in-addr.arpa by simply adding extra PTR records outside his control.
I have been thinking about this for a bit and prior to using vegadns when new domains were created the SLD (foo.com or foo.co.uk) used an = record which automatically created a PTR record. With that in mind I came up with this really strange solution (read: there is probably an easier way and I'm all ears!). When creating writing the data file check for A records that are an exact match of the zone (in order to include foo.co.uk) and create them with the = data type. Additionally make the PTR record a restricted record type that is granted to specific users. If this seems like a good solution I will gladly work on a patch. -Ryan
