Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Beta Forum » Beta Archive
  Previous topic | Next topic 
Author Message
gregg
 Post subject: AXFR from linode?
PostPosted: Tue May 06, 2008 2:32 pm 
Offline
Senior Newbie

Joined: Thu Mar 29, 2007 12:16 pm
Posts: 9
Location: burlington, nc
should this be open? it seems i can zone transfer from any dns manager hosted site.

Code:
dig axfr linode.com. @ns2.linode.com
Top
   
Reply with quote  
bdonlan
 Post subject: Re: AXFR from linode?
PostPosted: Tue May 06, 2008 2:37 pm 
Offline
Senior Member

Joined: Tue Jan 22, 2008 2:10 am
Posts: 103
gregg wrote:
should this be open? it seems i can zone transfer from any dns manager hosted site.

Code:
dig axfr linode.com. @ns2.linode.com

You really shouldn't have secret information in DNS anyway...
Top
   
Reply with quote  
nabber00
 Post subject:
PostPosted: Tue May 06, 2008 8:03 pm 
Offline
Junior Member

Joined: Sun Dec 02, 2007 1:17 am
Posts: 27
Website: http://www.nabber.org
There are security implications of having this on:

http://en.wikipedia.org/wiki/DNS_zone_transfer#Security
Top
   
Reply with quote  
bdonlan
 Post subject:
PostPosted: Tue May 06, 2008 10:36 pm 
Offline
Senior Member

Joined: Tue Jan 22, 2008 2:10 am
Posts: 103
Sure, but you can also get hosts by scanning a network randomly. If you're relying on people not knowing you have a host foo.bar.com, then something's wrong with your security model.

And DoS issues are really more for linode's staff to worry about :)
Top
   
Reply with quote  
kbrantley
 Post subject:
PostPosted: Fri May 09, 2008 2:41 pm 
Offline
Senior Member

Joined: Fri Sep 21, 2007 4:12 pm
Posts: 78
When the DNS service went live, caker stated that he knew about it and was going to switch it around so that only the hosts with NS records in the zone could AXFR it off.

Looks like he just simply forgot, or more likely, ran out of time :)
Top
   
Reply with quote  
salvix
 Post subject:
PostPosted: Mon Jan 05, 2009 5:11 am 
Offline

Joined: Tue Dec 16, 2008 11:56 pm
Posts: 1
Any updates on this? Is it in the TO-DO list or will it simply not be implemented?
Top
   
Reply with quote  
jtaylorj
 Post subject:
PostPosted: Thu Mar 12, 2009 8:33 pm 
Offline

Joined: Tue Jan 20, 2009 1:37 am
Posts: 1
Website: http://www.jtlabs.net/
An interesting article regarding DNS zone transfers. Makes a good point about security through obscurity.

http://articles.techrepublic.com.com/51 ... 58056.html

I submitted a friendly support ticket about it ;-) . Maybe it'll serve as a reminder?

- JT
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Beta Forum » Beta Archive


Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group