TXT records in reverse domains
Cherney John-CJC030
John.Cherney at motorola.com
Thu May 22 14:49:48 UTC 2008
Very true. I've been thinking about this a bit, too. Given that the
information I plan to put in the TXT records is no more significant than
the information in the PTR records (info on IP Addresses and hostnames),
I should be OK. I need to make sure I resist the urge to put passwords
and credit card numbers in there. :)
Thanks!
jwc
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Dave Sparro
Sent: Wednesday, May 21, 2008 11:43 AM
Cc: bind-users at isc.org
Subject: Re: TXT records in reverse domains
Cherney John-CJC030 wrote:
> For these zones, I do have allow-updates and allow-transfer
restricted.
> The only way to discover if a zone has a text record in it, besides
> knowing about it ahead of time, is to get a full zone transfer and
> parse through it, right? There isn't a way to pull out all of the text
> records of a zone with some type of wild-card, is there? Given that
> I've restricted transfers to trusted hosts, is there anything else I
> could/should do?
>
What about brute force?
If you're talking IPv4, the in-addr.arpa name space can be walked in a
few billion queries.
If you're willing to assume that some bad guy has access to a 100,000
zombie bot net, how long do you think it would take him to find your TXT
records?
--
Dave
More information about the bind-users
mailing list