[dns-operations] Querying version.bind illegal?
Jared Mauch
jared at puck.nether.net
Thu May 23 14:21:37 UTC 2013
On May 23, 2013, at 10:09 AM, Phil Regnauld <regnauld at nsrc.org> wrote:
> Jared Mauch (jared) writes:
>>
>> Looking at a.2.C, it could apply to anything a DNS server replies with. Then again, it's a server so meant to be a public item, so I wouldn't be concerned.
>
> That's a tricky assumption - it really depends what you
> were querying *for* on the server: a query like server.bind,
> while being a well established way of querying for the software
> and version of a DNS server, does not mean you are allowed to
> probe for that specific information in the eyes of the owner.
>
> IANAL, and I do agree with you about not being concerned, but I'm
> always cautious when giving advice to other people :)
Apparently some folks will attempt to say that having Wget as your user-agent is evidence you are a "hacker" and criminal fetching data on a server exposed to the internet.
http://arstechnica.com/security/2013/05/reporters-use-google-find-breach-get-branded-as-hackers/
BTW: Can someone find the Qwest email addresses on this list and remove them? I keep getting the wonderful Centurylink autoresponder saying their address isn't valid anymore sending mail to me and not honoring the Errors-to: etc
- Jared
More information about the dns-operations
mailing list