[dns-operations] Stunning security discovery: AXFR may leak information

Andrew Sullivan ajs at anvilwalrusden.com
Tue Apr 14 19:00:33 UTC 2015

On Tue, Apr 14, 2015 at 08:47:04PM +0200, Marjorie wrote:
> So the prevalence of AXFR-enabled DNS servers is still quite high. I
> would guess this is the result of using default configuration settings
> from older Bind versions

What do you mean "older"?  The 9.10 BIND ARM says this:

> allow-transfer Specifies which hosts are allowed to receive zone
> transfers from the server. allow- transfer may also be specified in
> the zone statement, in which case it overrides the options allow-
> transfer statement. If not specified, the default is to allow
> transfers to all hosts.


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list