[dns-operations] Stunning security discovery: AXFR may leak information

Peter Koch pk at denic.de
Tue Apr 14 15:20:01 UTC 2015

On Tue, Apr 14, 2015 at 10:23:26AM +0200, Stephane Bortzmeyer wrote:
> https://www.us-cert.gov/ncas/alerts/TA15-103A
> http://haxpo.nl/haxpo2015ams/sessions/all-your-hostnames-are-belong-to-us/

this latest wave started on golem.de <http://www.golem.de/news/dns-axfr-nameserver-verraten-geheim-urls-1504-113278.html>
and Heise around, well, April, 1st.

While repeatedly gathering data about the prevalence and maintaining
awareness can be considered a good thing, the level of substance in
advisories and articles is likely to raise concerns. Without any details
regarding the number of servers affected (as opposed to number of domains)
and the reasons behind it - deliberation, negligence, defaults - as well
as the structure of those domains(*) I fail to see why an "alert" level
might have been reached. I'd also expect "split DNS" in whatever exact
nomenclature to appear on the mitigation path.

(*) Millions of zones out there provide little more than MX, A, and - hopefully -
    AAAA for "www" and the apex.


More information about the dns-operations mailing list