[dns-operations] Querying version.bind illegal?

John Kristoff jtk at cymru.com
Thu May 23 14:59:22 UTC 2013

On Thu, 23 May 2013 16:39:13 +0300
Vitalie Cherpec <vitalie at penguin.ro> wrote:

> I've blacklisted their DNS servers from being queried in the future,
> but I would like to know if querying version.bind is illegal (in
> some countries)?

I don't know that any one person could adequately answer that.  It
would help to get the buy-in from parties within your organization and
network (admin, local legal representative).  I, along with others, have
been probing DNS servers and other things for years. Thankfully I've
seen very few aggressive complaints. The most aggressive have been
little more than bluster.

A few things I have found that have helped:

  * Probe slowly and non-sequentially
  * Respond respectfully to all complaints
  * Don't hide, don't be anonymous
  * Provide verifiable contact detail
  * Public discussion like this that gets indexed doesn't hurt
  * Being known enough or working for someone well known doesn't hurt

Most people, if they follow up at all, tend to appreciate a response,
especially an offer for a phone call, and are satisfied that the
activity is both harmless and useful.

ObProbingHistory: When I first started probing the entire v4 address
space while at Ultra, I had gave a few communities a heads up.  One was
a so-called private group with a mailing list that clearly stipulates
list posts are not to be shared publicly.  Unfortunately for me a well
known and generally respected national CERT team soon after posted
details on their public blog.  Brief panic ensued, we shut it down for
fear of community reprisal only to start it back up not long after
heads cooled.  That was in 2007, practically every available v4 address
has seen a few DNS messages from me over the years ever since.  :-)


More information about the dns-operations mailing list