| Author |
Message |
gregg
Joined: 29 Mar 2007
Posts: 9
Location: burlington, nc
|
| Posted: Tue May 06, 2008 1:32 pm Post subject: AXFR from linode? |
|
|
should this be open? it seems i can zone transfer from any dns manager hosted site.
Code: dig axfr linode.com. @ns2.linode.com |
|
| Back to top |
|
bdonlan
Joined: 22 Jan 2008
Posts: 59
|
| Posted: Tue May 06, 2008 1:37 pm Post subject: Re: AXFR from linode? |
|
|
gregg wrote: should this be open? it seems i can zone transfer from any dns manager hosted site.
Code: dig axfr linode.com. @ns2.linode.com
You really shouldn't have secret information in DNS anyway... |
|
| Back to top |
|
nabber00
Joined: 02 Dec 2007
Posts: 24
|
| Posted: Tue May 06, 2008 7:03 pm Post subject: |
|
|
There are security implications of having this on:
http://en.wikipedia.org/wiki/DNS_zone_transfer#Security |
|
| Back to top |
|
bdonlan
Joined: 22 Jan 2008
Posts: 59
|
| Posted: Tue May 06, 2008 9:36 pm Post subject: |
|
|
Sure, but you can also get hosts by scanning a network randomly. If you're relying on people not knowing you have a host foo.bar.com, then something's wrong with your security model.
And DoS issues are really more for linode's staff to worry about :) |
|
| Back to top |
|
kbrantley
Joined: 21 Sep 2007
Posts: 18
|
| Posted: Fri May 09, 2008 1:41 pm Post subject: |
|
|
When the DNS service went live, caker stated that he knew about it and was going to switch it around so that only the hosts with NS records in the zone could AXFR it off.
Looks like he just simply forgot, or more likely, ran out of time :) |
|
| Back to top |
|
| |
