Unapproved AXFR?

[Jim Reid]

>>>>> "Barry" == Barry Margolin <barmar at bbnplanet.com> writes:

    Barry> If you name machines after users, projects, etc. then zone
    Barry> transfers can divulge proprietary information.  Most
    Barry> companies have a policy that the employee directory can't
    Barry> be distributed to outsiders; if the DNS database is almost
    Barry> equivalent, it makes sense not to distribute it, either.

True. But that's why most large organisations use split DNS so that
their public face can be kept discrete (and discreet!) from whatever
they do internally. The non-sensitive data can go on the outside and
the company-confidential stuff stays on the inside. This is a policy
issue anyway. It's not support for a technical argument in facour of
restricting zone transfers. If data is supposed to be private, it
shouldn't be in a public data service like the DNS!