netiquette & zone transfers
Lincoln Yeoh
lyeoh at pop.jaring.nospam.my
Thu Mar 23 18:02:27 UTC 2000
On 22 Mar 2000 10:46:41 -0800, Barry Margolin <barmar at bbnplanet.com> wrote:
>In article <38d8d347.538453 at nntp.jaring.my>,
>Lincoln Yeoh <lyeoh at pop.jaring.nospam.my> wrote:
>>Just wondering, how do you tell whether you are authorised to transfer
>>zones or not? I mean if ls -d works, aren't you authorised to do it? e.g.
>It's like a door that says "Authorized entry only." If no one ever told
>you that you're authorized, you can usually assume that you're not.
Ah but the point is - there's nothing that says "authorized entry only".
Anyway, when I find doors open in risky situations I usually notify the
owners to close em.. But DNS zone transfers? Nah.
>>it's a service which the dns admin was generous to provide. Zone transfers
>>should be off by default, then if they are on, it means it's allowed.
>
>Unfortunately, BIND allows them by default.
Fortunately it's not the IE of DNS yet.. But if they aren't careful...
>authorized to transfer their own domains; everyone else is unauthorized,
>but we don't enforce this (we would have to contact all the customers and
>find out if they're running their own slaves so that we could set up access
>lists).
Well, a secret shared is not a secret ;). It's likely that even with access
controls at your end, the typical customer would probably leak out all the
info at their end.
I suppose it could come under the various computer laws - unauthorised
access to info. However, if we paint with such a broad brush then Microsoft
and a whole bunch would be guilty as well. e.g. M'softs registration
wizards, so on and so forth.
Plus also nosey people like me :). But I think there is a difference
between a good neighbour and a snoop.
I think I'll just have to use the rule: Love thy neighbour as thyself.
Coz we're all neighbours - everyone is just a few hops/seconds away.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @people at uu.net
pop.jaring.my @
*******************************
More information about the bind-users
mailing list