[dns-operations] Querying version.bind illegal?

Phil Regnauld regnauld at nsrc.org
Thu May 23 13:58:30 UTC 2013

Vitalie Cherpec (vitalie) writes:
> Hi,
> I've developed a DNS checking tool (http://www.dnsinspect.com/).
> After 5 years of running it without any issues, I've received today a
> compliant through my ISP from a big company in a foreign country.
> They pretend that my VPS is attacking their infrastructure while
> querying their DNS server's version and this request can be regarded
> as cyber-terror attack (my tool tries only to warn users exposing the
> DNS software version).
> I've blacklisted their DNS servers from being queried in the future,
> but I would like to know if querying version.bind is illegal (in
> some countries)?

	Hi Vitalie,

	That will all depend on the legislation in each country. I'm sure
	folks here have different stories to tell about what is and isn't
	legal at home.

	If this were a repeated and automated querying (say, using some company's
	web server as a target in Nagios to verify connectivity outside your
	network, or even doing regular polling for statistics purposes), you could
	argue that it's not very polite if you're not a customer of said ISP and
	you didn't ask for permission beforehand [1]

	In your case, it looks like your service will only query the servers of
	the ISP mentioned in relation to the zones being submitted via the web
	interface - correct ?

	In this case, they're probably just complaining because $BIGCOMPANY
	complained to their ISP, or ISP has some agreement with $BIGCOMPANY
	to show their teeth and gets paid for it. I wouldn't worry too much,
	but either way, you probably did the right thing in adding them to the
	exception list.

	[1] Of course, in the case of an automated measurement project, you can't
	realistically go and ask permission from everyone beforehand, but you
	may still want to have an informational page explaining what the service
	does and why the queries are benign.


More information about the dns-operations mailing list