RE: DNS Records

[Charlie Winckless <CharlieW () netarch com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Zone transfers happen on 53/TCP, rather than the 53/UDP that 
is used for typical lookups.

As such, if your DNS server is behind a firewall you have
the option of layered security.

You can configure your DNS server as below -- to only allow
zone transfers from known servers (those which serve as 
secondarys for the domains that that server is authoritative
for at a minimum) and only allow 53/TCP connections from
those systems.

Just in case. :)

- -- Charlie

> Hi Fred,
>
> Yes, it's possible.
> But depends on how the DNS server is configured.
> It's necessary that DNS server is allowing zone transfers.
> To get the records, install another DNS server and initiate a 
> zone transfer 
> to the other DNS server.
> It's a best pratice to allow zone transfers only to known servers.
>
> Regards,
>
> Marco Araujo
> MCSE
> Recife/PE - Brasil
>
>
>
>
>
> > From: "Fred Dirkse - OIC Group, Inc." <lists () oicgroup net>
> > To: <security-basics () securityfocus com>
> > Subject: DNS Records
> > Date: Tue, 17 Jun 2003 16:26:27 -0500
> >
> > Is it possible to point to a DNS server and somehow get ALL 
> records from it
> > (ie - return all the domain records that server is 
> authoratative for)?
> > If so, how? and how could one stop it from happening if so?
> >
> > Regards,
> > Fred
> >
> >
> > -------------------------------------------------------------
> --------------
> > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by 
> top analysts!
> > The Gartner Group just put Neoteris in the top of its Magic
> > Quadrant, while InStat has confirmed Neoteris as the leader in
> > marketshare.  
> >
> > Find out why, and see how you can get plug-n-play secure 
> remote access in
> > about an hour, with no client, server changes, or ongoing 
> maintenance.
> > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> > -------------------------------------------------------------
> ---------------
> >
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE* 
> http://join.msn.com/?page=features/virus
>
>
> --------------------------------------------------------------
> -------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by 
> top analysts!
> The Gartner Group just put Neoteris in the top of its Magic
> Quadrant, while InStat has confirmed Neoteris as the leader in
> marketshare.
>      
> Find out why, and see how you can get plug-n-play secure 
> remote access in
> about an hour, with no client, server changes, or ongoing
> maintenance. 
>           
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------
> --------------

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPvD1VMrtF6HAen5cEQKUcgCfRZh26zXFG6X813qWwocEF+lQlc8AoO18
fJaXLKrTkSn1wSKrgEcrSw6d
=/xl7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------