[dns-operations] [hello at axfrcheck.com: AXFR Securit - alert - XXXXXX.fr]
Stephane Bortzmeyer
bortzmeyer at nic.fr
Sun May 29 08:35:35 UTC 2016
We received this since, apparently, they send email to every email
address in the changed: attribute of the whois output :-( (I'm not
involved in the management of this domain name.)
Does anyone know these people who spread FUD about AXFR-enabled
domains?
----- Forwarded message from AXFR Check Team <hello at axfrcheck.com> -----
Date: Sun, 29 May 2016 07:22:38 +0000 (UTC)
From: AXFR Check Team <hello at axfrcheck.com>
To: [many unrelated email addresses]
Subject: AXFR Securit - alert - XXXXXX.fr
Dear XXXXXX.fr DNS Provider,
Our research team found some security issue in some of your DNS server
configurations. These misconfigured DNS are very vulnerable, and easy
to abuse.
Here are some of potential affected DNS for example:
ns.XXXXXX.fr
Affected domains actually:
1
About DNS Zone Transfer AXFR Requests May Leak Domain Information:
https://www.us-cert.gov/ncas/alerts/TA15-103A
Check affected DNS and domains on AXFR CHECK API
http://api.axfrcheck.com/api/provider/XXXXXX.fr
You can fix the problem if you disbale AXFR transfer on your dns
servers.
For example:
BIND:
allow-transfer {"none";};
PowerDNS:
disable-axfr=yes
If you need help to configure the setting correctly, reply to this
email, and we will help you.
Who we are?
[1]axfrcheck.com
If we helped you, or you want to support our work, please [2]DONATE us,
to help the web a more secure place!
Regards,
Zoltan Vigh
Twitter: [3]@ptzool
LinkedIn: [4]https://hu.linkedin.com/in/zvigh
AXFR Check Team
References
1. http://axfrcheck.com/
2. http://axfrcheck.com/
3. https://twitter.com/ptZool
4. https://hu.linkedin.com/in/zvigh
----- End forwarded message -----
More information about the dns-operations
mailing list