lib/iterate: do not trust in-bailiwick CNAME targets
The *.name CNAME
or DNAME
can be misused for in-bailiwick cache poisoning.
See https://tools.ietf.org/id/draft-weaver-dnsext-comprehensive-resolver-00.html
Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.
The *.name CNAME
or DNAME
can be misused for in-bailiwick cache poisoning.
See https://tools.ietf.org/id/draft-weaver-dnsext-comprehensive-resolver-00.html