From owner-freebsd-questions Thu Jun 29 23:24:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from penguin.prod.itd.earthlink.net (penguin.prod.itd.earthlink.net [207.217.120.134]) by hub.freebsd.org (Postfix) with ESMTP id 931E837B6FB for ; Thu, 29 Jun 2000 23:24:20 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from dialin-client.earthlink.net (pool0338.cvx20-bradley.dialup.earthlink.net [209.179.251.83]) by penguin.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id XAA16425 for ; Thu, 29 Jun 2000 23:24:17 -0700 (PDT) Received: (from cjc@localhost) by dialin-client.earthlink.net (8.9.3/8.9.3) id XAA00948 for freebsd-questions@freebsd.org; Thu, 29 Jun 2000 23:22:50 -0700 (PDT) Date: Thu, 29 Jun 2000 23:22:48 -0700 From: "Crist J. Clark" To: freebsd-questions@freebsd.org Subject: [Totally Off Topic] Zone Xfers from ISP Message-ID: <20000629232248.E653@dialin-client.earthlink.net> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG How widespread is the practice of restricting zone transfers from registered DNS servers? I've always restricted detailed DNS info from internal domains, but only recently dug a bit deeper into the more sparse records we put into the outside world. I would say I was quite surprised to find that some ISP servers, who are the secondaries to our master, are wide open for transfers. Others were pretty well locked down. Before we go marching, well, phoning anyway, in to the ISPs with loose rules ranting about their insecure DNS config, I want to find out if they are going to laugh and say that's how everybody does it. DNS records are public. Transfers are a free giveaway, but all info in the record is accessible by one means or another. What is the "standard of service?" -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message