[dns-operations] Postures was Re: Stunning security discovery: AXFR may leak information
edward.lewis at icann.org
Wed Apr 15 12:35:48 UTC 2015
On 4/15/15, 7:42, "George Michaelson" <ggm at apnic.net> wrote:
>So on that basis: the FTP rule passes: we have open FTP, why would we
It's your call, it's local policy. I've worked in environments where the
name servers answering queries did not implement the AXFR mechanism.
"Generally unwise" can mean that knowledgeable operators will have a
reason to allow it.
(By the same token, why would one use NSEC3 for signed zones when the zone
is available over FTP?)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4604 bytes
Desc: not available
More information about the dns-operations