[dns-operations] Stunning security discovery: AXFR may leak information

Jelte Jansen jelte.jansen at sidn.nl
Tue Apr 14 15:38:20 UTC 2015

On 04/14/2015 04:48 PM, Mike Hoskins (michoski) wrote:
> Yeah, when I read the AXFR announce my first thought was "wow, CERT must
> be bored!"  Seemed like old news.  That said, open resolvers and BCP38
> should also be old news...but a lot of people don't get it or don't care.
> Perhaps it was meant as more of a community broadcast to raise awareness
> of something DNS geeks take for common knowledge.  Otherwise, would have
> been better sent on April 1st.

some DNS geeks even enable open AXFR on purpose, btw. Open AXFR is not
necessarily a security hole or data leak.

Of course perhaps it may feel that way for people that think they can
hide stuff by not telling people what (not) to ask.


More information about the dns-operations mailing list