[dns-operations] Stunning security discovery: AXFR may leak information

Mike Hoskins (michoski) michoski at cisco.com
Tue Apr 14 21:15:07 UTC 2015

-----Original Message-----
From: Mark Andrews <marka at isc.org>
Date: Tuesday, April 14, 2015 at 3:57 PM
To: Edward Lewis <edward.lewis at icann.org>
Cc: "dns-operations at dns-oarc.net" <dns-operations at dns-oarc.net>
Subject: Re: [dns-operations] Stunning security discovery: AXFR may
leak	information

>Basically all blocking axfr does is give you a false sense of
>security for typical zones.

Sort of like curtains on your windows, or car alarms...yet many have
those, arguably for good reason.  At the very least, you probably don't
want to be the only person on your block that doesn't.  You should of
course understand that those things alone do not provide complete
security, and have the choice to use them or not.

Alas, I think we are nitpicking personal preferences of knowledgeable
operators (of which there could be no end) vs the advisory...the latter of
which I think we all agree was kinda lame.  :-)

More information about the dns-operations mailing list