Unapproved AXFR?

Lars-Johan Liman liman at sunet.se
Tue Dec 14 19:14:35 UTC 1999


olmy at thistledown.org:
> Since this thread is considering the traditional security concerns
> of allowing transers as an administrative concern, rather than a
> technical one, I'll throw this out as a possible technical concern:

(AH! At last a real technical argument! :-)

> Let's assume for a moment that, by allowing zone transfers, there
> will eventually be one or more name servers that have, in fact,
> transfered one or more of your authoritative zones. Since you
> haven't configured that zone with associated NS entries for the
> server in question, they will not be receiving DNS Notify
> announcements from you as to changes. Further, since that name
> server actually has a copy of your zone, TTL will not expire out
> cached entries on that server.

> By this time, you no longer have any control over how current the
> information is that is being hosted for YOUR zone on that server.
> They may continue to transfer up to date information, they may not.   
> There's no reason to assume malice, it might just be oversight or 
> ignorance. But this might be an ISP's name server that thousands or 
> tens of thousands of users use: possibly with stale and out-of-date 
> information that you can't really do much about.

> Let me know if I missed anything, but this would seem like a valid 
> technical concern.

Hmm, well, yes, but with a decaying seriousness. :-)

As you say, as long as they have configured their slave server
correctly and my server allows transfers, they will pick up the zone
periodically, according to the refresh timer, and will, with
reasonable time delay, have correct data, which, hopefully, is no
disaster.

It becomes a (possibly serious) concern for a period of time (which
can be quite enough to cause bad trouble - agreed!), if I move my
server to a new addres, so that their server doesn't pick up the zone
any more. It will continue to be a problem until the expiration timer
kicks in, and their server stops serving that zone, and "badness" will
trickle off. Of course it's _really_ bad if the if their slave server
doesn't honour the expiration timer for some reason ... :-(

To me, this is definitely a risk to take into consideration,
especially if you're running zones on which serious business depends.

				Cheers,
				  /Liman


More information about the bind-users mailing list