Security Basics mailing list archives
RE: DNS Records
From: Charlie Winckless <CharlieW () netarch com>
Date: Wed, 18 Jun 2003 17:27:18 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Zone transfers happen on 53/TCP, rather than the 53/UDP that is used for typical lookups. As such, if your DNS server is behind a firewall you have the option of layered security. You can configure your DNS server as below -- to only allow zone transfers from known servers (those which serve as secondarys for the domains that that server is authoritative for at a minimum) and only allow 53/TCP connections from those systems. Just in case. :) - -- Charlie
Hi Fred, Yes, it's possible. But depends on how the DNS server is configured. It's necessary that DNS server is allowing zone transfers. To get the records, install another DNS server and initiate a zone transfer to the other DNS server. It's a best pratice to allow zone transfers only to known servers. Regards, Marco Araujo MCSE Recife/PE - BrasilFrom: "Fred Dirkse - OIC Group, Inc." <lists () oicgroup net> To: <security-basics () securityfocus com> Subject: DNS Records Date: Tue, 17 Jun 2003 16:26:27 -0500 Is it possible to point to a DNS server and somehow get ALLrecords from it(ie - return all the domain records that server isauthoratative for)?If so, how? and how could one stop it from happening if so? Regards, Fred ---------------------------------------------------------------------------Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader bytop analysts!The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secureremote access inabout an hour, with no client, server changes, or ongoingmaintenance.Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------_________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus -------------------------------------------------------------- ------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm -------------------------------------------------------------- --------------
-----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPvD1VMrtF6HAen5cEQKUcgCfRZh26zXFG6X813qWwocEF+lQlc8AoO18 fJaXLKrTkSn1wSKrgEcrSw6d =/xl7 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: DNS Records, (continued)
- Re: DNS Records Tim Greer (Jun 18)
- Re: DNS Records Alberto Cozer (Jun 18)
- RE: DNS Records dave kleiman (Jun 18)
- Re: DNS Records Tim Greer (Jun 18)
- Re: DNS Records ATD (Jun 24)
- RE: DNS Records Brian Kirby (Jun 18)
- Re: DNS Records Anders Reed Mohn (Jun 19)
- RE: DNS Records dave (Jun 20)
- Re: DNS Records Anders Reed Mohn (Jun 19)
- RE: DNS Records Ben Collins (Jun 18)
- Re: DNS Records Marco Araujo (Jun 18)
- RE: DNS Records Charlie Winckless (Jun 19)
- RE: DNS Records David Gillett (Jun 24)