Allow domain to be used as a subdomain throughout the panel

youds

Verified User
Joined
Jul 11, 2008
Messages
490
Location
Lancashire, UK
Hi

As featured here https://www.directadmin.com/features.php?id=925 it is possible to block the use of domains not owned by the user as a point of security. However, is it possible to allow domain a, b and c to be used throughout as system wide domain names?

Without this I don't see this as being much of a feature, more a security hole.

Kind regards
 
it is possible to block the use of domains not owned by the user as a point of security.
No, it's to block the use of SUBdomains where the main domain is not owned by the user.

It's no security hole.

Suppose a user has registered at dyndns.org. Now he does not own dyndns.org but he can register for example user.dyndns.org and that is a subdomain.
If he wants to run a website on it and receive mail etc. he needs a web and mailserver. He can use a directadmin account for that.
You as hoster can choose to either allow or not allow this by blocking or not blocking non-owned subdomains.
If you block it, the subdomain will not be created because the user does not own the dyndns.org main domain.

Same if the user gets a subdomain from a friend and want to use it on his own hosting account and so on.

So it's a feature.
 
Hi

To follow up as this is a feature, would it not be "sane" to allow subdomains on a per-domain basis. Say if you supply domain 1 as a retail domain (with free subdomain support) and then they buy and you get their domain for free as other users?

My primary objective would be to have DirectAdmin allow subdomains on the given conf value? Rather than just 0/1. Whatever works is my end game.
 
Hi sorry my post disappeared.

Would it be possible, for instance, to allow per-domain sub-domain access across a system wide level with a "Allow other users to create subdomains" tick box on the manage user page.

I'll look at appropriating more time to DA when I'm ready with my services.

Kind regards
 
To follow up on the security hole. What if a website uses cross site access to its subdomains, which would not be flagged in the browser and someone notices and does the unthinkable. I am very aware of XSS attacks in my daily job function and as it is a "different domain" it is not from a "different source".

I would suggest that the admin has capability to control this from the interface, or through an internal script?

Kind regards
 
Back
Top