Disallow search for CNAME in particular #113089
-
Select Topic AreaProduct Feedback BodyContext: GitHub Pages are using CNAME files inside a repo containg a given domain name and an A record that points the particular domain name to GitHub's IP addresses. Suggestion While GitHub point to the risk of wildcard A records for domains in its documentation (https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages) I think it is not known or obvious to everyone that wildcard records allow it to easly takeover foreign subdomains. Although the web UI and the API somehow limit code search, it is still possible to search for "CNAME" at GitHub and therefore easily find possible targets to take over sub domains. That's why I suggest that it shouldn't be possible to search for this exact keyword "CNAME" at all. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Thanks for the feedback, but there are valid reasons to search for |
Beta Was this translation helpful? Give feedback.
Thanks for the feedback, but there are valid reasons to search for
CNAME
in code, so we can't disallow it.