how to list ALL zones of my master server
David Botham
dns at botham.net
Mon Sep 30 19:55:28 UTC 2002
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Fred Viles
> Sent: Thursday, September 26, 2002 6:52 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: how to list ALL zones of my master server
>
> Joseph S D Yao <jsdy at center.osis.gov> wrote in
> news:amvgg4$ei8n$1 at isrv4.isc.org:
>
> >...
> > The answer, of course, is that this "meta" zone information is
> > not something that BIND passes on.
>
> Actually it does (or can). I'm thinking of the NOTIFY message. In
> theory, a slave could treat a NOTIFY for an unknown domain coming
> from a trusted master as a signal to automatically add a new slave
> zone.
I would be careful with such automation. Someone could easily forge
NOTIFY packets to cause your slave to start loading zones. Each zone
would presumably fail due to the fact that the master would not have any
idea what the slave was talking about when the slave attempts its first
zone transfer. However, the potential to have tremendous amounts of fun
telling your slave server to load a couple of million (or hundred
million) zones could be fairly tempting to any number of pre-teen
hackers.
>
> While I doubt we'll see such a feature added to BIND, one could
> implement it externally with a log processing robot.
>
> - Fred
More information about the bind-users
mailing list