debian.org DNSs allow unrestricted zone transfers

To: debian-security@lists.debian.org
Subject: debian.org DNSs allow unrestricted zone transfers
From: "Abel Martín" <abel.martin.ruiz@gmail.com>
Date: Tue, 15 May 2007 13:56:40 +0200
Message-id: <915136920705150456u29311c79ra4aa91237f067f9d@mail.gmail.com>

Hi,

I thought zone transfers should only be possible between DNSs which
have records for the same domain, so why are debian.org DNSs (raff,
rietz, klecker) allowing zone transfers? Maybe I'm paranoid, but I
think there are security issues related to this, including the
possibility of suffering DoS attacks (it serves 254 records). Is there
an explanation for this?

You can check this with:
dig -t axfr debian.org @raff.debian.org

Regards,
Abel

Reply to:

Follow-Ups:
- Re: debian.org DNSs allow unrestricted zone transfers
  - From: martin f krafft <madduck@debian.org>
- Re: debian.org DNSs allow unrestricted zone transfers
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: security mirror out of date: 128.101.240.212
Next by Date: Re: debian.org DNSs allow unrestricted zone transfers
Previous by thread: Re: [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities
Next by thread: Re: debian.org DNSs allow unrestricted zone transfers
Index(es):
- Date
- Thread