[dns-operations] AXFR "policy"

SM sm at resistor.net
Thu Mar 31 22:02:32 UTC 2011


Hi Florian,
At 09:34 30-03-2011, Florian Weimer wrote:
>Is this the case where a zone file transfer was allegedly used in
>preparation of a security breach?

Yes.

>The following paragraph tries to make the case that a public offering
>of zone transfers does not actually consent to any use by third
>parties.  This position is not completely without merit, but the
>arguments put forth are incorrect.

[snip]

>Incorrect, for both "administrative domain" and "DNS domain".  The
>"DNS domain" part is clear from actual domain data.  Some large DNS
>operators use out-of-zone name servers exclusively.

Yes.

>So most of these arguments are slightly off target or factually
>incorrect.  On the other hand, in practice, zones open for transfer

Probably.

Regards,
-sm 




More information about the dns-operations mailing list