Is this a DNS security hole?

[Barry Margolin]

In article <c6v4qq$1q2j$1 at sf1.isc.org>,
 Kevin Darcy <kcd at daimlerchrysler.com> wrote:

> The mycompany.com zone cannot contain a testing.victim.com A record. If 
> the GUI says that, then it is lying.

That's not what he's doing.  He's registering testing.victim.com as a 
nameserver host.  Registrars have to allow this so that glue records 
will be put in the TLD zones.

In the old days of one registrar, this problem was prevented by only 
allowing the owner of victim.com to register hostnames with that domain 
suffix.  I don't know how it's supposed to be dealt with now -- if the 
OP is correct, apparently it isn't.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***