On Thu, Feb 10, 2022 at 04:55:24PM +0000, Subramanian, Karthikeyan via
dns-operations wrote:
> Records are not vulnerable or any Stale record.
As others mentioned, "vulnerability" is not really a property of a DNS
zone data, but "state" presumably means one of:
* The name no longer exists, and ought to be removed from the zone
* The address is not the right address for the name
* A PTR record points to the wrong or a non-existent name
* There is no longer any host at that IP address.
...
In corporate networks with DNS managed at arm's length by a separate
team, it is not uncommon for users to request addition of DNS records,
but neglect to request their deletion or to fail to keep them up to
date.
Avoiding low data quality is then a combination of:
* Periodic audits to check that the zone data is accurate
and still needed.
* Self-service tooling that lowers to barriers for users to
keep the data current and correct (adding and removing names they
are authorised to control) and ideally incentives for them to
keep care...
--
Viktor.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
