Re: debian.org DNSs allow unrestricted zone transfers
martin f krafft wrote:
also sprach Abel Martín <email@example.com> [2007.05.15.1356 +0200]:
I thought zone transfers should only be possible between DNSs
which have records for the same domain, so why are debian.org DNSs
(raff, rietz, klecker) allowing zone transfers? Maybe I'm
paranoid, but I think there are security issues related to this,
including the possibility of suffering DoS attacks (it serves 254
records). Is there an explanation for this?
Where is the attack vector? I can DoS those servers in other ways
the theory: zone transfer of a DNS gives internal information about
structure and IPs of internal machines.
I think a simple scan could give the same information, and
anyway the name of debian machines is listed also on the