14. Security Considerations
The authors believe this RR to not cause any new security problems. Some problems become more visible, though.
- The ability to specify ports on a fine-grained basis obviously changes how a router can filter packets. It becomes impossible to block internal clients from accessing specific external services, slightly harder to block internal users from running unauthorized services, and more important for the router operations and DNS operations personnel to cooperate.
- There is no way a site can keep its hosts from being referenced as servers. This could lead to denial of service.
- With SRV, DNS spoofers can supply false port numbers, as well as host names and addresses. Because this vulnerability exists already, with names and addresses, this is not a new vulnerability, merely a slightly extended one, with little practical effect.