[dns-operations] AXFR "policy"
SM
sm at resistor.net
Thu Mar 31 22:02:32 UTC 2011
Hi Florian,
At 09:34 30-03-2011, Florian Weimer wrote:
>Is this the case where a zone file transfer was allegedly used in
>preparation of a security breach?
Yes.
>The following paragraph tries to make the case that a public offering
>of zone transfers does not actually consent to any use by third
>parties. This position is not completely without merit, but the
>arguments put forth are incorrect.
[snip]
>Incorrect, for both "administrative domain" and "DNS domain". The
>"DNS domain" part is clear from actual domain data. Some large DNS
>operators use out-of-zone name servers exclusively.
Yes.
>So most of these arguments are slightly off target or factually
>incorrect. On the other hand, in practice, zones open for transfer
Probably.
Regards,
-sm
More information about the dns-operations
mailing list