[geeks] How to block an entire domain?
Phil Stracchino
phil.stracchino at speakeasy.net
Thu Oct 11 07:26:45 CDT 2007
Patrick Giagnocavo wrote:
> On Oct 11, 2007, at 7:31 AM, Geoffrey S. Mendelson wrote:
>> Someone else suggested that I stop DNS lookups for the domain, and
>> I did.
>> However, I'm still interested in finding out how I could traverse a
>> DNS "tree" and get all the IP address that belong to hosts in the
>> domain and subdomains.
>
> You used to be able to do this about 6-7 years ago, then it was
> considered to be a security hole and BIND's config was changed, or
> they changed something in the code that unless it was specifically
> allowed, all such requests were denied.
Yeah, few sites allow unrestricted AXFR these days.
--
Phil Stracchino CDK#2
Renaissance Man, Unix ronin, Perl hacker, Free Stater
phil.stracchino at speakeasy.net alaric at caerllewys.net
Landline: 603-429-0220 Mobile: 603-320-5438
It's not the years, it's the mileage.
More information about the geeks
mailing list