[Owasp-leaders] Zone transfer

Jeff Williams jeff.williams at owasp.org
Thu Jun 10 18:25:28 EDT 2010

I sent a message to Larry - anyone willing to put together a wiki page on
the subject so it's ready?  We should be able to pull from the (extensive
shall we say) discussion on the list.


-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Rogan Dawes
Sent: Wednesday, June 09, 2010 8:29 AM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Zone transfer

On 2010/06/09 2:26 PM, Victor Chapela wrote:
> I agree completely with promoting proper risk management.
> I suggest we add three or four A records to the DNS, that when
> transfered, state this point. These records could be:
> "zone-transfers-intentionally-left-on",
> "our-DNS-information-has-been-classified-as-public",
> and
>  Finally, we could have zone-transfer.owasp.org pointing to a page
> that explains our risk management philosophy. This page could be
> titled "Why do we leave our DNS zone transfer on?"
> Regards, Victor Chapela

Hehe, I like that approach.

If anyone is actually looking at the results from doing the AXFR, they 
will avoid making a fool of themselves.

Otherwise . . .

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the OWASP-Leaders mailing list