Unapproved AXFR?

[Greg Schaffer]

>
> If there is anyone out there who can give me a good and sound
> technical reason for blocking zone transfers in the general case,
> please let me know. I struggle with the feeling that I want to limit

Well, here's a thought:  Suppose you have an institution that included one
TXT record per A record identifying the user's name, location, office,
and/or title.  You could use this information to easily determine the IP of
the CEO's machine, and start trying to hack.

You could of course do this without a full zone transfer; on a case by case
basis you could gleen this information one IP at a time from nslookup.  But
the idea, as I see it, is to make it harder for a hacker, not strictly
prevent an intrusion.  An analogy:  a house has deadbolts and a monitored
security system, whereas another has no security system and is left
unlocked.  Sure, if someone wanted to they could break into *either* house,
but the second one is a lot easier.  If the rewards are the same, which
house would be broken into?

I know this isn't the black/white answer you are looking for...

Greg



-- Binary/unsupported file stripped by Listar --
-- Type: text/x-vcard
-- File: schaffer.vcf
-- Desc: Card for Greg Schaffer