Date: Fri, 30 Jun 2000 08:17:23 -0700 From: "Kevin Oberman" <oberman@es.net> To: cjclark@alum.mit.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [Totally Off Topic] Zone Xfers from ISP Message-ID: <200006301517.e5UFHNn18721@ptavv.es.net> In-Reply-To: Your message of "Thu, 29 Jun 2000 23:22:48 PDT." <20000629232248.E653@dialin-client.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I have long felt that limiting zone transfers was security through obscurity and mostly a waste of time. On the other hand, our DNS server are a service to our customers, so we block transfers on request but default to open access. Remember, there is nothing in a zone transfer that is not available by "normal" RRs and walking the reverse tree will provide a pretty good list of node names with minimal effort. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006301517.e5UFHNn18721>