[dns-operations] Stunning security discovery: AXFR may leak information
Mike Hoskins (michoski)
michoski at cisco.com
Tue Apr 14 14:48:19 UTC 2015
-----Original Message-----
From: Paul Wouters <paul at nohats.ca>
Date: Tuesday, April 14, 2015 at 10:20 AM
To: Mark Jeftovic <markjr at easydns.com>
Cc: "dns-operations at dns-oarc.net" <dns-operations at dns-oarc.net>
Subject: Re: [dns-operations] Stunning security discovery: AXFR may leak
information
>On Tue, 14 Apr 2015, Mark Jeftovic wrote:
>
>> Joke all you want. This is worse than heartbleed.
>
>Well, no. heartbleed could leak private (key) data. AXFR only leaks that
>which you are already willing to give to any stranger who knows what
>question to ask or who asks 6 billion questions :P
Yeah, when I read the AXFR announce my first thought was "wow, CERT must
be bored!" Seemed like old news. That said, open resolvers and BCP38
should also be old news...but a lot of people don't get it or don't care.
Perhaps it was meant as more of a community broadcast to raise awareness
of something DNS geeks take for common knowledge. Otherwise, would have
been better sent on April 1st.
More information about the dns-operations
mailing list