[dns-operations] AXFR "policy"

SM sm at resistor.net
Thu Mar 31 22:02:32 UTC 2011

Hi Florian,
At 09:34 30-03-2011, Florian Weimer wrote:
>Is this the case where a zone file transfer was allegedly used in
>preparation of a security breach?


>The following paragraph tries to make the case that a public offering
>of zone transfers does not actually consent to any use by third
>parties.  This position is not completely without merit, but the
>arguments put forth are incorrect.


>Incorrect, for both "administrative domain" and "DNS domain".  The
>"DNS domain" part is clear from actual domain data.  Some large DNS
>operators use out-of-zone name servers exclusively.


>So most of these arguments are slightly off target or factually
>incorrect.  On the other hand, in practice, zones open for transfer



More information about the dns-operations mailing list