[dns-operations] DNS zone transfers are now illegal in North Dakota?

Paul Vixie paul at vix.com
Thu Jan 17 14:07:43 UTC 2008

if i were an expert witness for either side, i'd argue as follows.

negative: since zone transfer is not necessary for normal internet access
to the spammer's servers, there is no reason for mr. ritz to fetch the zone
other than to violate the spammer's privacy.  this is no different from port
knocking.  by analogy, just because i leave my car unlocked and my keys on
the seat doesn't mean i invite unknown third parties to drive my car around.

positive: since every name server implementation published since 1989 has
had the means to restrict zone transfer to authorized parties, and since the
spammer did not avail himself of this feature, mr. ritz could reasonably
assume that the spammer was willing to participate in internet research and
surveys that use zone transfers to gather data.

More information about the dns-operations mailing list