[dns-operations] Stunning security discovery: AXFR may leak information
Andrew Sullivan
ajs at anvilwalrusden.com
Tue Apr 14 19:00:33 UTC 2015
On Tue, Apr 14, 2015 at 08:47:04PM +0200, Marjorie wrote:
> So the prevalence of AXFR-enabled DNS servers is still quite high. I
> would guess this is the result of using default configuration settings
> from older Bind versions
What do you mean "older"? The 9.10 BIND ARM says this:
> allow-transfer Specifies which hosts are allowed to receive zone
> transfers from the server. allow- transfer may also be specified in
> the zone statement, in which case it overrides the options allow-
> transfer statement. If not specified, the default is to allow
> transfers to all hosts.
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the dns-operations
mailing list