[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] approved AXFR

Subject: Re: [cobalt-security] approved AXFR
From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Jan 2002 14:09:08 +0000 (GMT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

> A few weeks ago I sent an email to this group enquiring about "approved
> AXFR". I received a couple of replies which basically told me not to worry.
> I would be grateful, if anybody could shed some extra light on this.

It's basically as the guy at the .ie registry said.  DNS records are
generally held in zone files, which detail all the hosts within a
particular domain along with a few other odds and end - there's plenty of
documentation knocking around.

In the default RaQ config, anyone is allowed to connect to the DNS server
and request a copy of this file - it's up to you whether or not you view
the contents of the zone file to be private information or not, but it's
not really any kind of attack in itself.

If you're happy editing your BIND config you can configure it to deny
these requests in future.

I'm quite impressed that you got such a detailed reply from the registry
folks, considering it wasn't a registry related issue!

Regards,

John

References:
- [cobalt-security] approved AXFR
  - From: Achieve Website Design

Prev by Date: [cobalt-security] approved AXFR
Next by Date: Re: [cobalt-security] approved AXFR
Previous by thread: [cobalt-security] approved AXFR
Next by thread: Re: [cobalt-security] approved AXFR

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index