[Owasp-leaders] Zone transfer

Christian Heinrich christian.heinrich at owasp.org
Fri Apr 9 23:06:31 EDT 2010


Rogan,

The SOA Record of owasp.org indicates that ns1.secure.net is the Primary NS
and ns2.secure.net (the three octet of its IP Address is different i.e.
"124" and "125") as the secondary NS in the NS Record i.e.

*cmlh$ nslookup
> set type=soa
> owasp.org
Server:        10.176.66.71
Address:    10.176.66.71#53

Non-authoritative answer:
owasp.org
    origin = ns1.secure.net
    mail addr = hostmaster.secure.net
    serial = 2007080369
    refresh = 86400
    retry = 7200
    expire = 2592000
    minimum = 86400

Authoritative answers can be found from:
> set type=ns
> owasp.org
Server:        10.176.66.71
Address:    10.176.66.71#53

Non-authoritative answer:
owasp.org    nameserver = ns1.secure.net.
owasp.org    nameserver = ns2.secure.net.

Authoritative answers can be found from:
ns2.secure.net    internet address = 192.220.125.10
ns1.secure.net    internet address = 192.220.124.10
>
*
On Sat, Apr 10, 2010 at 7:01 AM, Rogan Dawes <rogan at dawes.za.net> wrote:

> The only valid reason to allow zone transfers is to allow secondary NS
> to obtain updates from the primary NS.
>
> Now, if you don't know who all the secondary NS are, then "allowing all"
> is the only way to maintain a functional NS infrastructure (other than
> making all NS primary rather than secondary, that is).
>
> Basically, if the Primary NS provider is not also providing secondary
> NS, then they pretty much HAVE to allow zone transfers.
>
>
-- 
Regards,
Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100410/df5a33ab/attachment.html 


More information about the OWASP-Leaders mailing list