Multiple domains on shared nameserver

Consider the following hypothetical situation: A webhosting company has a single nameserver (bound to two IPs, of course) on which it places zones for all sites hosted on the server. Customer 1 has a site "www.domain.tld" hosted on the server, and has "domain.tld" delegated to the nameserver. Cracker 2 asks to create a site "sub.domain.tld" on the same server.

If the server doesn't check for shared domain suffixes, it would go ahead and create the zone files for
"sub.domain.tld", and by virtue of Customer 1's delegation of "domain.tld" to the same nameserver, the DNS would resolve.

The solution, presumably -- at least, I can't think of any other -- is to check, before creating new zone files, that the longest domain suffix shared with another zone is either owned by the same customer OR is a "public domain suffix" (eg, .com, .net, .org, .co.uk, .dhs.com, etc.).

Is there any other solution? And if not, is there any simple mechanism for determining if a shared domain suffix is "public"?

 

 

 

 

Top