Customer-Controlled DNS: Security Issues?
What security issues arise when hosting customers are allowed to manage DNS for their domains? Assume that customers have granular control of NS, MX, A, CNAME and PTR records for their own domain names only. [ie. A customer cannot change DNS for host's domains or other customers' domains.] However, for the sake of completeness, assume that no other restrictions are in place. So, for example, a hosting customer may create PTR records for the host's private IPs and CNAME records for any URL inside or outside of the host's network. What are the potential pitfalls to the host for granting such freedom?
Any input is very much appreciated.
Dave
