TXT records in reverse domains

[Cherney John-CJC030]

Very true. I've been thinking about this a bit, too. Given that the
information I plan to put in the TXT records is no more significant than
the information in the PTR records (info on IP Addresses and hostnames),
I should be OK. I need to make sure I resist the urge to put passwords
and credit card numbers in there. :)

Thanks!
jwc

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Dave Sparro
Sent: Wednesday, May 21, 2008 11:43 AM
Cc: bind-users at isc.org
Subject: Re: TXT records in reverse domains

Cherney John-CJC030 wrote:

> For these zones, I do have allow-updates and allow-transfer
restricted.
> The only way to discover if a zone has a text record in it, besides 
> knowing about it ahead of time, is to get a full zone transfer and 
> parse through it, right? There isn't a way to pull out all of the text

> records of a zone with some type of wild-card, is there? Given that 
> I've restricted transfers to trusted hosts, is there anything else I 
> could/should do?
> 

What about brute force?
If you're talking IPv4, the in-addr.arpa name space can be walked in a
few billion queries.

If you're willing to assume that some bad guy has access to a 100,000
zombie bot net, how long do you think it would take him to find your TXT
records?

--
Dave