[dns-operations] DNS zone transfers are now illegal in North Dakota?

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Thu Jan 17 20:01:37 UTC 2008


On Thu, Jan 17, 2008 at 02:07:43PM +0000, Paul Vixie wrote:
> if i were an expert witness for either side, i'd argue as follows.
> 
> negative: since zone transfer is not necessary for normal internet access
> to the spammer's servers, there is no reason for mr. ritz to fetch the zone
> other than to violate the spammer's privacy.  this is no different from port
> knocking.  by analogy, just because i leave my car unlocked and my keys on
> the seat doesn't mean i invite unknown third parties to drive my car around.

	er, "... violate the spammer's PRIVACY."  ????

	if the data is IN a zone file, kind of by definition its
	not private.  get the data in bulk (via *XFR) or as a stream
	(via QUERY)... the data is there so that it can be retreieved. **

	or am I misunderstanding the DNS again?

--bill

** NSEC v NSEC3 debates all over agin.



More information about the dns-operations mailing list