Content DNS Security


#1

Hi,
I’m sure this is straightforward, but there was no note I could see on the docs re security for Content DNS. Obviously Bytemark don’t have a record of each customer’s domains, so it’s not possible to decide who’d have the ability to edit what domain. As such, anyone would be able to upload some domain to the system.
Now if the content dns servers aren’t connected to the recursive DNS servers (I assume this is right?) there’s no issue there. The only issue would be if I then set the DNS records on the domain to use Bytemark’s content dns servers, which I haven’t at present.
In this case, is it just a case of whoever uploads first will gain ‘ownership’ of the domain name on Bytemark’s servers? If so, that’s sufficient for me, but it’d be good to know that explicitly.
Thanks,
Kevin


#2

Hi Kevin, yes that’s exactly what happens - first come, first served. We can alter it later when (e.g.) someone wants to move a domain between DNS accounts.


#3

Hi Kevin,

That is exactly how the security works. The first account to upload data for a particular domain grabs permission for it. Any data supplied subsequently by other accounts will be ignored.

Since a customer might have one account per machine, this can cause problems for customers wanting to move domains between their accounts. This is a manual process that should be requested via support.

Regarding the split between content and caching (recursive) DNS servers, this is the only way it can be done to avoid DNS cache poisoning.

Best wishes,

Patrick


#4

Thanks, that makes perfect sense. Just checking to be sure before moving my domains over.