-----Original Message----- From: Paul Wouters <[email protected]> Date: Tuesday, April 14, 2015 at 10:20 AM To: Mark Jeftovic <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [dns-operations] Stunning security discovery: AXFR may leak information
>On Tue, 14 Apr 2015, Mark Jeftovic wrote: > >> Joke all you want. This is worse than heartbleed. > >Well, no. heartbleed could leak private (key) data. AXFR only leaks that >which you are already willing to give to any stranger who knows what >question to ask or who asks 6 billion questions :P Yeah, when I read the AXFR announce my first thought was "wow, CERT must be bored!" Seemed like old news. That said, open resolvers and BCP38 should also be old news...but a lot of people don't get it or don't care. Perhaps it was meant as more of a community broadcast to raise awareness of something DNS geeks take for common knowledge. Otherwise, would have been better sent on April 1st. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
