Question about zone transfers
Kevin Darcy
kcd at daimlerchrysler.com
Thu Oct 18 01:06:06 UTC 2001
mburr at programmer.net wrote:
> I realize that it's common for one to get a zone transfer request from
> some script kiddie that's trying gain knowledge about your zone, but
> I've been getting frequent zone transfer requests from some legitimate
> corporate dns servers that to my knowledge have never been designated
> as slaves to our dns server. What is the readers experience with
> such situations? Is it worth contacting the individuals responsible
> for the guilty servers? Could there be some obscure legitimate causes?
> Thanks kindly for any advice. Mike.
If the information is common knowledge, and the zone-transfer load on
your master is at an acceptable level, why do you care? I have dozens of
boxes pulling zone transfers from my main "master" box. They're just
"stealth slaves" trying to optimize bandwidth and performance by having a
local copy of the zone(s) in question. Of course, the downside is that
the "rogue" stealth slaves won't see changes promptly, given that their
admins haven't asked me to add them to my "also-notify" lists, but then
that's their loss for not going through "official" channels to become a
stealth slave...
- Kevin
More information about the bind-users
mailing list