netiquette & zone transfers

[Lincoln Yeoh]

On 22 Mar 2000 10:46:41 -0800, Barry Margolin <barmar at bbnplanet.com> wrote:

>In article <38d8d347.538453 at nntp.jaring.my>,
>Lincoln Yeoh <lyeoh at pop.jaring.nospam.my> wrote:
>>Just wondering, how do you tell whether you are authorised to transfer
>>zones or not? I mean if ls -d works, aren't you authorised to do it? e.g.

>It's like a door that says "Authorized entry only."  If no one ever told
>you that you're authorized, you can usually assume that you're not.

Ah but the point is - there's nothing that says "authorized entry only".
Anyway, when I find doors open in risky situations I usually notify the
owners to close em.. But DNS zone transfers? Nah.

>>it's a service which the dns admin was generous to provide. Zone transfers
>>should be off by default, then if they are on, it means it's allowed.
>
>Unfortunately, BIND allows them by default.

Fortunately it's not the IE of DNS yet.. But if they aren't careful...

>authorized to transfer their own domains; everyone else is unauthorized,
>but we don't enforce this (we would have to contact all the customers and
>find out if they're running their own slaves so that we could set up access
>lists).

Well, a secret shared is not a secret ;). It's likely that even with access
controls at your end, the typical customer would probably leak out all the
info at their end.

I suppose it could come under the various computer laws - unauthorised
access to info. However, if we paint with such a broad brush then Microsoft
and a whole bunch would be guilty as well. e.g. M'softs registration
wizards, so on and so forth. 

Plus also nosey people like me :). But I think there is a difference
between a good neighbour and a snoop.

I think I'll just have to use the rule: Love thy neighbour as thyself. 

Coz we're all neighbours - everyone is just a few hops/seconds away. 

Cheerio,
Link.
****************************
Reply to:     @Spam to
lyeoh at      @people at uu.net
pop.jaring.my @ 
*******************************