[dns-operations] Querying version.bind illegal?
regnauld at nsrc.org
Thu May 23 13:58:30 UTC 2013
Vitalie Cherpec (vitalie) writes:
> I've developed a DNS checking tool (http://www.dnsinspect.com/).
> After 5 years of running it without any issues, I've received today a
> compliant through my ISP from a big company in a foreign country.
> They pretend that my VPS is attacking their infrastructure while
> querying their DNS server's version and this request can be regarded
> as cyber-terror attack (my tool tries only to warn users exposing the
> DNS software version).
> I've blacklisted their DNS servers from being queried in the future,
> but I would like to know if querying version.bind is illegal (in
> some countries)?
That will all depend on the legislation in each country. I'm sure
folks here have different stories to tell about what is and isn't
legal at home.
If this were a repeated and automated querying (say, using some company's
web server as a target in Nagios to verify connectivity outside your
network, or even doing regular polling for statistics purposes), you could
argue that it's not very polite if you're not a customer of said ISP and
you didn't ask for permission beforehand 
In your case, it looks like your service will only query the servers of
the ISP mentioned in relation to the zones being submitted via the web
interface - correct ?
In this case, they're probably just complaining because $BIGCOMPANY
complained to their ISP, or ISP has some agreement with $BIGCOMPANY
to show their teeth and gets paid for it. I wouldn't worry too much,
but either way, you probably did the right thing in adding them to the
 Of course, in the case of an automated measurement project, you can't
realistically go and ask permission from everyone beforehand, but you
may still want to have an informational page explaining what the service
does and why the queries are benign.
More information about the dns-operations