Misconfigured DNS

Kevin Stange kstange at
Thu Nov 7 13:34:20 EST 2013

It's not like this is a major disclosure issue, because there are no
hosts in our zone that are "secret.  However, preventing access to
larger responses like AXFR does help reduce the chance that someone will
use our server for DNS reflection attacks on other hosts.  Disabling
AXFR outside of master/slave is also generally considered a best practice.

If there are no objections and no one else beats me to this, I can go
ahead and resolve this problem in a day or so.

On 11/07/2013 12:13 PM, Adrian Birsan wrote:
> Hello,
> I would like to report a misconfigured DNS. Please check attached file
> containing details regarding the issue.
> The NS allows zone transfer to any host, as you can see i was able to
> query the NS about, and your NS pop up all its infos.
> In order to fix this, you must change "allow zone transfer" settings
> from "any" to "" to not allow any zone transfer, or to any of
> your back up NS only. So the other people won't see all the information
> about your hosts!
> Looking forward reading you!
> regards
> Adrian
> _______________________________________________
> security mailing list
> security at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the security mailing list