-----Ursprungliche Nachricht----- Von: Max Lindner [mailto:ml@lofl.de] Betreff: Re: [suse-security] ipchains-log
whats so bad about other people can accessing my zone files? I thought the should do this in order to resolve the Hostname... Or is there only a risk when you have 'internal' zone files on this NS (that's not the case...)?
Well, normally noone should need to get the total content of your zone-files. Especially if you define subdomains and/or different hosts wihtin your domain, this person could get the info about all the machines in your domain. Maybe he could use this info to look for holes. For resolving hostnames, noone needs your zone-files. resolving is done by the responsible nameserver, normally your one.As I see, you live in Germany. Here is only one server known to try to get all the zone-files. This server does statistics for the RIPE and is within the domain uni-bielefeld.de, if I remember correct. If you get other zone-transfer-requests, this _could_ be a sign for someone trying to get as much info as possible. No bad idea to ask what he needs this info for... and if the answer is not reasonable, disable unallowed zone-transfers. HTH --- Stephan -------------------------------------------- Stephan M. Ott // OKDesign oHG Internet-Providing und Netzwerkmanagement smo@okdesign.de ..... http://www.okdesign.de fon. +49 961 3814139 .. fax. +49 961 3814140 mobil 0171-8351130 ... oder ... 0171-7858064 --------------------------------------------