Security of Custom DNS API


#1

I think the Custom DNS API is a great feature, and I recently made use of it from one of my home Linux servers with a cron entry like this:

SORRY. As a new user, the forum software won't allow me to paste my crontab entry.

However, I feel that granting admin privilege to dynamic@mydomain.com is a security concern. If someone discovers the crontab entry, they can gain full access to my mailinabox. They could delete all the domain’s email, delete all the accounts, or copy all the data to another computer. Perhaps MIAB should define a user with restricted privileges to handle DNS updates.


#2

Unrestricted access to just DNS could be used to compromise a whole domain anyway, so while I understand your point, I don’t think it will provide enough additional protection to be worth the time and complexity of implementing it at this time.