martin f krafft wrote:
also sprach Giacomo A. Catenazzi <cate@debian.org> [2007.05.15.1646 +0200]:my theory: that information should be public, or at least if itthe theory: zone transfer of a DNS gives internal information about structure and IPs of internal machines.were, the network should not be unsafer because of it.I think a simple scan could give the same information, and anyway the name of debian machines is listed also on the web.i see no attack vector.
I agree with you. The "the theory" should be readed: "security book write this, but ..." Without zone transfer, you simplify the detection of net-scans, but an attacker could use a lot of machines, a lot of time (few packet per day), and eventually use automatic reponse as vector for an DoS. So I agree with you. ciao cate PS: on my machines, I see that only switch.ch try to transfer zones from my domains (I think for statistics, but nothing on the net).