AXFR from linode?

should this be open? it seems i can zone transfer from any dns manager hosted site.

dig axfr linode.com. @ns2.linode.com

6 Replies

@gregg:

should this be open? it seems i can zone transfer from any dns manager hosted site.

dig axfr linode.com. @ns2.linode.com


You really shouldn't have secret information in DNS anyway…

There are security implications of having this on:

http://en.wikipedia.org/wiki/DNSzonetransfer#Security

Sure, but you can also get hosts by scanning a network randomly. If you're relying on people not knowing you have a host foo.bar.com, then something's wrong with your security model.

And DoS issues are really more for linode's staff to worry about :)

When the DNS service went live, caker stated that he knew about it and was going to switch it around so that only the hosts with NS records in the zone could AXFR it off.

Looks like he just simply forgot, or more likely, ran out of time :)

Any updates on this? Is it in the TO-DO list or will it simply not be implemented?

An interesting article regarding DNS zone transfers. Makes a good point about security through obscurity.

http://articles.techrepublic.com.com/51 … 58056.html">http://articles.techrepublic.com.com/5100-10878_11-1058056.html

I submitted a friendly support ticket about it ;-) . Maybe it'll serve as a reminder?

  • JT

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct