[dns-operations] Stunning security discovery: AXFR may leak information

Edward Lewis edward.lewis at icann.org
Tue Apr 14 19:15:01 UTC 2015


On 4/14/15, 14:47, "Marjorie" <marjorie at id3.net> wrote:

>The bottom line is that unrestricted AXFR is generally evil,

I'd go with "generally unwise".  There are folks that believe it is fine
to allow access to their zones and I have no reason to say they are
foolish.  Folks who are not concerned with the minutia of operating their
DNS server most likely would not want to allow the access and the tools
they use should meet their likely expectations.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4604 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150414/4f3d7d68/attachment.bin>


More information about the dns-operations mailing list