How to disable record listing ?
Stefan Probst
stefan.probst at opticom.v-nam.net
Tue Aug 1 11:19:19 UTC 2000
At 10:54 01.08.00 +0100, Jim Reid wrote:
-------------------------
> >>>>> "Stefan" == Stefan Probst <stefan.probst at opticom.v-nam.net>
writes:
>
> Stefan> Since they are not operating any firewall, split zones etc.,
> Stefan> "Split DNS" wouldn't be an option, as far as I understand.
>
> It's not necessary to run a firewall to implement split DNS. The two
> things tend to go together as part of a security policy though.
If they don't run a firewall and split zones, then how should a split DNS
help them for their purpose?
>
> Stefan> And in this case they are right as far as I understand:
> Stefan> Restrict zone transfers at the master AND at all slaves,
> Stefan> i.e. at the ISP in this case.
>
> Nope. Restricting zone transfers does not in any way whatsoever
> conceal that sensitive information.
Of course, it would not conceal it. It would not make it impossible, but
only much more difficult to get a complete subdomain list, i.e. their
complete customer list.
Cheers,
Stefan
More information about the bind-users
mailing list