Bugtraq mailing list archives
Re: Full zone information disclosure on top level domain name servers
From: Jim Reid <jim () rfc1035 com>
Date: Sun, 20 Oct 2002 13:25:15 +0100
"Mans" == =?ISO-8859-1?Q?M=E5ns Nilsson?= <ISO-8859-1> writes:
>> Many of top level domain (TLD) DNS servers do not implement any >> restrictions on AXFR query. Mans> And this is not a problem from an information disclosure Mans> point of view. If you believe you have a security problem Mans> when AXFR is possible for a given zone, you obviously have a Mans> very serious security problem in the rest of your systems Mans> since you so desperately need to hide them. Indeed. And you have an even bigger security problem if you think that preventing zone transfers will deny access to data that's entered into the public DNS. This approach isn't even a credible attempt at security by obscurity, which we should all realise is no security at all. It's fuzzy and misplaced feeling of security though half-hearted and ineffective obscurity. BTW, many TLD registries restrict zone transfers for reasons other than the operational ones Mans mentioned. For example, it reduces cybersquatting by stupid/evil people who would like to have a copy of the TLD zone file to see what domain names they can register. EU data protection legislation is another.
Current thread:
- Full zone information disclosure on top level domain name servers Max (Oct 18)
- <Possible follow-ups>
- Re: Full zone information disclosure on top level domain name servers Måns Nilsson (Oct 19)
- Re: Full zone information disclosure on top level domain name servers Jim Reid (Oct 21)