[dns-operations] DNS zone transfers are now illegal in North Dakota?
Mark Andrews
Mark_Andrews at isc.org
Fri Jan 18 20:12:36 UTC 2008
> At 3:33 +0000 1/18/08, bmanning at vacation.karoshi.com wrote:
>
> > but i'd really like to hear a credible answer for the
> > apparent assertion that zone data is private.
>
> In the sense of a credible answer and not the ultimate show stopper:
>
> If I have this right - in the US, the Federal Communications
> Commission has a provision for unlisted telephone numbers. Telephone
> companies are looking to make use of DNS. Although you can dial an
> unlisted number, it isn't to be discoverable. In this situation, the
> zone data is to remain private even though it is in DNS.
In that case the data isn't added into the compolation of
data that is made public. Telcos do provide telephone books
in both paper and machine readable forms.
If you don't want the collection to be disclosed to the public
you secure it.
Google for "BIND HOWTO". The first entry has "Basic Security"
which show how to do it.
http://www.langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-6.html
I'd like to know if the servers still allow AXFR.
> I know that in the prehistoric Intel 80286 age we felt that zone
> transfers were free and open. Just because we said so then doesn't
> make it so today. Requirements change.
And the software met those requirements by providing controls
to the operator which allow them to set policy. Almost all
examples of how to configure a nameserver on the net talk about
access control.
Another place where AXFR is expected, though not necessarially
to all the public, but definitely to a ISP's own customers in
in supporting RFC 2317 style delegations.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations
mailing list