View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions AXFR from linode?
Log in to Ask a Question

AXFR from linode?

beta

should this be open? it seems i can zone transfer from any dns manager hosted site.

dig axfr linode.com. @ns2.linode.com

6 Replies

@gregg:

should this be open? it seems i can zone transfer from any dns manager hosted site.

dig axfr linode.com. @ns2.linode.com


You really shouldn't have secret information in DNS anyway…

There are security implications of having this on:

http://en.wikipedia.org/wiki/DNSzonetransfer#Security

Sure, but you can also get hosts by scanning a network randomly. If you're relying on people not knowing you have a host foo.bar.com, then something's wrong with your security model.

And DoS issues are really more for linode's staff to worry about :)

When the DNS service went live, caker stated that he knew about it and was going to switch it around so that only the hosts with NS records in the zone could AXFR it off.

Looks like he just simply forgot, or more likely, ran out of time :)

Any updates on this? Is it in the TO-DO list or will it simply not be implemented?

An interesting article regarding DNS zone transfers. Makes a good point about security through obscurity.

http://articles.techrepublic.com.com/51 … 58056.html">http://articles.techrepublic.com.com/5100-10878_11-1058056.html

I submitted a friendly support ticket about it ;-) . Maybe it'll serve as a reminder?

  • JT

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct