I was playing around with migrating/releasing domains and hit an interesting situation.
I released a domain that had previously been configured with a resolver, but noted this did not update the information in the registry regarding ownership and resolver. So the domain continued to resolve.
Of course, as the domain is unowned it could easily be registered by anyone and the resolution changed. This feels to me to be a bit of a security concern.
It’s easy enough to check if the domain is still registered as part of client-side resolution, but should this be something that is mandated for compliant clients? Highlighted as best practice? Or just ignored as too esoteric to worry about?