Yes it is possible if you allow any host(ip address) to do zone transfers. Most name server daemons allow you to specify what hosts you want to allow to request transfers, and block all others. You can also block TCP port 53, and only allowing UDP port 53 with an ACL or Firewall ruleset. I do both.
Brian -----Original Message----- From: Fred Dirkse - OIC Group, Inc. [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: DNS Records Is it possible to point to a DNS server and somehow get ALL records from it (ie - return all the domain records that server is authoratative for)? If so, how? and how could one stop it from happening if so? Regards, Fred ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
