Unapproved AXFR?
Bill Manning
bmanning at ISI.EDU
Tue Dec 14 17:49:24 UTC 1999
% % seen an answer to my question: is there a _technical_ reason to limit
% % zone transfers (except for server overload)?
% %
% % If you name machines after users, projects, etc. then zone transfers can
% % divulge proprietary information. Most companies have a policy that the
% % employee directory can't be distributed to outsiders; if the DNS database
% % is almost equivalent, it makes sense not to distribute it, either.
%
% That, like the two reasons I gave, is not a technical justification, its
% administrative/policy.
%
% All computer security is. It's a way to use technology to implement
% policy.
But we are not talking about computer security here, we are
talking about the DNS for the Internet. It's a public database
instantiated on computer hardware. It is reasonable/prudent to
protect the hardware and applications from tampering. Restricting
the ability to troubleshoot problems and bring stability to the
network is counterproductive.
--bill
More information about the bind-users
mailing list