[dns-operations] Stunning security discovery: AXFR may leak information

Mike Hoskins (michoski) michoski at cisco.com
Tue Apr 14 14:48:19 UTC 2015

-----Original Message-----
From: Paul Wouters <paul at nohats.ca>
Date: Tuesday, April 14, 2015 at 10:20 AM
To: Mark Jeftovic <markjr at easydns.com>
Cc: "dns-operations at dns-oarc.net" <dns-operations at dns-oarc.net>
Subject: Re: [dns-operations] Stunning security discovery: AXFR may leak

>On Tue, 14 Apr 2015, Mark Jeftovic wrote:
>> Joke all you want. This is worse than heartbleed.
>Well, no. heartbleed could leak private (key) data. AXFR only leaks that
>which you are already willing to give to any stranger who knows what
>question to ask or who asks 6 billion questions :P

Yeah, when I read the AXFR announce my first thought was "wow, CERT must
be bored!"  Seemed like old news.  That said, open resolvers and BCP38
should also be old news...but a lot of people don't get it or don't care.
Perhaps it was meant as more of a community broadcast to raise awareness
of something DNS geeks take for common knowledge.  Otherwise, would have
been better sent on April 1st.

More information about the dns-operations mailing list