TXT records in reverse domains
Dave Sparro
dsparro at gmail.com
Wed May 21 15:42:52 UTC 2008
Cherney John-CJC030 wrote:
> For these zones, I do have allow-updates and allow-transfer restricted.
> The only way to discover if a zone has a text record in it, besides
> knowing about it ahead of time, is to get a full zone transfer and parse
> through it, right? There isn't a way to pull out all of the text records
> of a zone with some type of wild-card, is there? Given that I've
> restricted transfers to trusted hosts, is there anything else I
> could/should do?
>
What about brute force?
If you're talking IPv4, the in-addr.arpa name space can be walked in a few
billion queries.
If you're willing to assume that some bad guy has access to a 100,000 zombie
bot net, how long do you think it would take him to find your TXT records?
--
Dave
More information about the bind-users
mailing list