Skip to content

Latest commit

 

History

History
 
 

zone-configs

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
canary.etcd.io.yaml
canary.etcd.io.yaml
 
 
canary.k8s-e2e.com.yaml
canary.k8s-e2e.com.yaml
 
 
canary.k8s.dev.yaml
canary.k8s.dev.yaml
 
 
canary.k8s.io.yaml
canary.k8s.io.yaml
 
 
canary.kubernetes.dev.yaml
canary.kubernetes.dev.yaml
 
 
canary.kubernetes.io.yaml
canary.kubernetes.io.yaml
 
 
canary.x-k8s.io.yaml
canary.x-k8s.io.yaml
 
 
etcd.io._0_base.yaml
etcd.io._0_base.yaml
 
 
etcd.io._1_canary.yaml
etcd.io._1_canary.yaml
 
 
k8s-e2e.com._0_base.yaml
k8s-e2e.com._0_base.yaml
 
 
k8s-e2e.com._1_canary.yaml
k8s-e2e.com._1_canary.yaml
 
 
k8s.dev._0_base.yaml
k8s.dev._0_base.yaml
 
 
k8s.dev._1_canary.yaml
k8s.dev._1_canary.yaml
 
 
k8s.io._0_base.yaml
k8s.io._0_base.yaml
 
 
k8s.io._1_canary.yaml
k8s.io._1_canary.yaml
 
 
k8s.io._1_do.yaml
k8s.io._1_do.yaml
 
 
k8s.io._2_aws.yaml
k8s.io._2_aws.yaml
 
 
kubernetes.dev._0_base.yaml
kubernetes.dev._0_base.yaml
 
 
kubernetes.dev._1_canary.yaml
kubernetes.dev._1_canary.yaml
 
 
kubernetes.io._0_base.yaml
kubernetes.io._0_base.yaml
 
 
kubernetes.io._1_canary.yaml
kubernetes.io._1_canary.yaml
 
 
x-k8s.io._0_base.yaml
x-k8s.io._0_base.yaml
 
 
x-k8s.io._1_canary.yaml
x-k8s.io._1_canary.yaml
 
 

README.md

IMPORTANT

In order to avoid "dangling" NS delegations, it is really important that any NS records not be included in the "base" files. These files also serve as canary configs, and any NS record in them becomes another level of delegation, which can be attacked or hijacked.

E.g. if example.com._0_base.yaml includes an NS record for foo, that creates a foo.example.com zone. We use the same config for canary.example.com which means it ALSO creates a foo.canary.example.com delegation, which we do not claim.

All NS records must go in non-canaried files.