Zone Transfer Problem

Thu Feb 15 17:40:39 UTC 2001

>>>>> "Dirk" == Dirk Schulten <dirk.schulten at intrex-systems.com> writes:

    >> Well it's also your problem if your ISP's vulnerable name
    >> servers host your DNS data. What if the servers were penetrated
    >> and your zone's MX records or website address got pointed
    >> elsewhere?

    Dirk> I've never though of it this way, but only at security
    Dirk> reasons to get a leak into our servers and retrieving
    Dirk> information instead of manipulating them.

    Dirk> Thinking of it the other way: Why should anyone redirect our
    Dirk> emails or websites as this is nothing you will not recognize
    Dirk> very quickly.

Who knows why people commit these sorts of anti-social acts? Maybe
they do it for fun or revenge? Or perhaps they have business reasons
for hijacking your mail or website or just mount a denial-of-service
attack that lasts long enough to cause serious trouble.

    Dirk> They don't affect our servers or the information on them.
    Dirk> Only the problem with the emails is a very difficult one.

Maybe, but I suggest you do an audit. Start by figuring what could go
wrong to your business if your name servers told lies.

    Dirk> I wouldn't go too far with pointing out that our ISP's
    Dirk> server is vulnerable as I cannot retrieve the version number
    Dirk> of that bind release.

    Dirk> The only thing I know is, that I was told that the server
    Dirk> release is really quite old and that is some sort of bind 4.

That tends to suggest that it's a very old version of BIND4. [The
Chaosnet TXT version thing has been around since 4.9.3 I think and
that release was obsolete years ago.] If they are running BIND4, they
are vulnerable unless they're running 4.9.8 which was released at the
end of last month. See www.isc.org or www.cert.org for more details.
Personally speaking, if an ISP is so clueless that they still run
BIND4 years after it has been declared dead, I would not give them my
business. If they can't keep their DNS software reasonably up to date
and in good order, where else are they falling down?