Subdomains Registered By Different Users
Subdomains Registered By Different Users
I just noticed that if one domain is set to VestaCP's nameservers, any user could register a subdomain to that domain.
For example, user 1 has domain.com registered to their account, user 2 could register sub.domain.com without any protection / authentication. This then means that a customer to a site could visit the trusted site, but could then visit an untrusted subdomain, owned by a different user.
Is their any protection available such as locking domain to a single account or anything of the sort?
For example, user 1 has domain.com registered to their account, user 2 could register sub.domain.com without any protection / authentication. This then means that a customer to a site could visit the trusted site, but could then visit an untrusted subdomain, owned by a different user.
Is their any protection available such as locking domain to a single account or anything of the sort?
Re: Subdomains Registered By Different Users
This is needed security. Domains added by a account, should only be available for said account. Any other user would need to add a domain, or use a IP.
Also, some domain registers don't allow subdomains without extra support. For example I have a couple .oil domains which I cannot make subdomains on unless I pay for the domain (it's currently free), but I could force subdomains via CNAME, but that would be in violation of my ToS with my domains host. So anyone on my system that could make a domain, could get me into legal trouble.
And subsequently, involving VestaCP in unneeded legal trouble, as here in the United States the definition of a User Account is a secure, and private platform.
A further example is the CDT's Data Protection Regulation which will soon be going into effect in the European Union and specifically protects users personal data and assets such as TLD and FQDN, where this too would be in violation of the Data Protection Regulation.
Also, some domain registers don't allow subdomains without extra support. For example I have a couple .oil domains which I cannot make subdomains on unless I pay for the domain (it's currently free), but I could force subdomains via CNAME, but that would be in violation of my ToS with my domains host. So anyone on my system that could make a domain, could get me into legal trouble.
And subsequently, involving VestaCP in unneeded legal trouble, as here in the United States the definition of a User Account is a secure, and private platform.
A further example is the CDT's Data Protection Regulation which will soon be going into effect in the European Union and specifically protects users personal data and assets such as TLD and FQDN, where this too would be in violation of the Data Protection Regulation.