Can Domain Subzone Names be Found?
Jim Reid
jim at mpn.cp.philips.com
Mon Aug 23 09:16:49 UTC 1999
>>>>> "Jim" == Jim <jim at mediaodyssey.com> writes:
Jim> For convenience I've created names for a few devices on our
Jim> network which have public IP addresses, such as managed
Jim> switches and routers. For example: 'switch1.mydomain.com'.
Jim> Is there any way (besides guessing) that these names could be
Jim> found through querying of my DNS servers?
Zone transfers of your forward zone?
Jim> Since some of the names are
Jim> suggestive of the equipment function and even make/model, I'd
Jim> just as soon they not be visible.
So don't make them visible! If you want to keep names and addresses
away from the public, don't put them on public display. Use split
DNS. Present to the outside world a minimal version of your domain:
probably little more than the names and addresses of your mail and web
servers. Put the real version of your domain on the inside - ie on
your local net - and only make it available to the local users.
BTW if you're using "descriptive names", don't have to be a rocket
scientist to come up with guesses like cisco1 or cisco-2, etc. And
what purpose is served by not letting people know the names and
addresses of these devices? Do you think this makes things more
secure?
More information about the bind-users
mailing list