23rd
Don't Wildcard Your Domains to Google
As pdp points out on GNUCITIZEN, domain admins need to make sure they don’t get carried away when outsourcing to Google apps. It’s tempting to put something like this in your DNS:
*.example.org. IN CNAME ghs.google.com.
Don’t do it! While it’s nice to have docs.example.org and mail.example.org and all that pointing to big-G with just one line, it also means that some prankster could use Blogspot to set up blog.example.org and hijack one of your subdomains.
Google will hopefully fix this particular exploit (by requiring proof of domain ownership in Blogspot) but other services may be vulnerable.
This problem is by no means limited to Google; use wildcard DNS with extreme caution. If nothing else, having kiddieporn.example.org resolving to your organization’s servers is a PR nightmare waiting to happen.