Secondary and TLD not updating
Dan at spore.ath.cx
Dan at spore.ath.cx
Tue Nov 18 01:02:59 UTC 2008
Just because individual records are public doesn't mean you should allow just anyone to configure their nameserver as a slave to your domain.
There's no benefit to allowing transfers to just anybody except for the allowance it makes for the laziness of admins.
Weigh that against the risks of DoS attacks, and the sucking up of previous upload bandwidth by domain transfers out. Each such transfer could well use many many queries worth of bandwidth.
Its one more potential vulnerability with no particular benefit. Sounds like a poor trade to me.
------Original Message------
From: Res
Sender: bind-users-bounces at lists.isc.org
To: Jefferson Ogata
Cc: bind-users at lists.isc.org
Subject: Re: Secondary and TLD not updating
Sent: Nov 17, 2008 4:20 PM
On Mon, 17 Nov 2008, Jefferson Ogata wrote:
> On 2008-11-17 14:25, Holger Honert wrote:
>> Chris Thompson schrieb:
>>> On Nov 17 2008, Res wrote:
>>>> Ack! allow-transfer should never be any
>>>
>>> What, never? Why not?
>>>
>> Security issue! You really want everyone to download your zone(s)?
>
> I couldn't care less. If the security of my systems were the least bit
> dependent on keeping DNS records secret, I would kinda suck as an admin,
> wouldn't I?
does your employer know this is your attitude? he/she might take a
different stand :) I know you'd no longer be working for me, if that was
your take on how things should be.
--
Res
If you are not part of the solution, then you are part of the problem!
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list