[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian.org DNSs allow unrestricted zone transfers

martin f krafft wrote:
also sprach Abel Martín <abel.martin.ruiz@gmail.com> [2007.05.15.1356 +0200]:
I thought zone transfers should only be possible between DNSs
which have records for the same domain, so why are debian.org DNSs
(raff, rietz, klecker) allowing zone transfers? Maybe I'm
paranoid, but I think there are security issues related to this,
including the possibility of suffering DoS attacks (it serves 254
records). Is there an explanation for this?

Where is the attack vector? I can DoS those servers in other ways

the theory: zone transfer of a DNS gives internal information about
structure and IPs of internal machines.

I think a simple scan could give the same information, and
anyway the name of debian machines is listed also on the


Reply to: