Tag zone-transfer

Zone transfers in The Netherlands

There are many things told about zone transfers and why it is important to restrict the use of zone transfers. The DNS zone can contain sensitive information like DKIM keys or information about the internal infrastructure. And because of this I actually thought it was not so common anymore. A while ago I ran into a nameserver with an insecure zone transfer (AXFR) setting. Allowing zone transfers for the whole world will also allow the bad guys extract useful information from a zone that can be used to create a map of the network infrastructure.