From owner-freebsd-security Fri Jul 10 04:59:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA29759 for freebsd-security-outgoing; Fri, 10 Jul 1998 04:59:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.aussie.org (hallam.lnk.telstra.net [139.130.54.166]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA29729 for ; Fri, 10 Jul 1998 04:59:09 -0700 (PDT) (envelope-from maillist@oaks.com.au) Received: from bigbox (frankenputer.aussie.org [203.29.75.73]) by mail.aussie.org (8.9.0/8.9.0) with SMTP id VAA15030 for ; Fri, 10 Jul 1998 21:58:29 +1000 (EST) Message-Id: <199807101158.VAA15030@mail.aussie.org> From: "Hallam Oaks P/L list account" To: "freebsd-security@FreeBSD.ORG" Date: Fri, 10 Jul 1998 21:59:07 +1000 Reply-To: "Hallam Oaks P/L list account" X-Mailer: PMMail 98 Standard (2.01.1600) For Windows NT (4.0.1381;3) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: DNS zone xfers from random(?) sites Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org G'Day all; I hope that asking this question doesn't reveal too much of my ignorance of DNS-related issues ;) I've been primary DNS for a few domains for about two or three years now. Right now my machine hosts about six primary DNS entries. Each of the primaries is backed by two secondaries. So far so good. Recently (a few months ago) I added a new domain - mgr.org.au - and have since started noticing a pattern of zone transfers that I do not explicitly recall seeing before on any of my other domains. Basically, what seems to be random sites around the world (e.g. Israel, Singapore, France) are downloading the zone file, even where they are not secondaries to this domain. I am not seeing this pattern on other domains (one or two of them perhaps, but not so many in such a short time). I do not recognise the sites that are requesting the transfers. While I could of course block them from doing this I am curious as to whether or not anyone can offer up any suggestion as to _why_ this may be happening, and if there is any legitimate explanation for it. The domain in question is for a local (Melbourne, Australia) FM radio station (which is not even broadcasting at the moment) and I can hardly see it having any interest to people in, say, France or Singapore. If there's a legitimate purpose for it I'll just let it continue. I know it's possible to do manual zone transfers (heck, I've done it myself) but I can't figure out why so many different sites ... Any info appreciated. regards, -- Chris Hallam Oaks P/L To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message