From owner-freebsd-questions Fri Jun 30 0:29:59 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.netcologne.de (mail2.netcologne.de [194.8.194.103]) by hub.freebsd.org (Postfix) with ESMTP id 0825E37C388 for ; Fri, 30 Jun 2000 00:29:56 -0700 (PDT) (envelope-from pherman@frenchfries.net) Received: from bagabeedaboo.security.at12.de (dial-195-14-226-187.netcologne.de [195.14.226.187]) by mail2.netcologne.de (8.9.3/8.9.3) with ESMTP id JAA19245; Fri, 30 Jun 2000 09:29:51 +0200 (MET DST) Received: from localhost (localhost.security.at12.de [127.0.0.1]) by bagabeedaboo.security.at12.de (8.10.2/8.10.2) with ESMTP id e5U7Tdp00520; Fri, 30 Jun 2000 09:29:39 +0200 (CEST) Date: Fri, 30 Jun 2000 09:29:39 +0200 (CEST) From: Paul Herman To: cjclark@alum.mit.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [Totally Off Topic] Zone Xfers from ISP In-Reply-To: <20000629232248.E653@dialin-client.earthlink.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 29 Jun 2000, Crist J. Clark wrote: > How widespread is the practice of restricting zone transfers from > registered DNS servers? Pretty wide spread, but so is the practice of wide open DNSes. Here in Germany, a local ISP does it. Many universities do it as well. I personaly think it isn't so bad. It can definately make an insecure network even less secure (like having outdated-linux-version.victim.com, or wu-imap.victim.com), but if you already run a tight ship, then I don't think it would create any new headaches. > Before we go marching, well, phoning anyway, in to the ISPs with loose > rules ranting about their insecure DNS config, I want to find out if > they are going to laugh and say that's how everybody does it. DNS Then they probably think their network is secure. :) -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message