TLD Survey:Risks

• Closed to Zone Transfer (AXFR & IXFR)

  • Pro

    • Security?

      • Otherwise, people might find out information to allow them to attack you more easily
    • Prevent resource exhaustion

      • BIND 8 does fork()/exec() for each outgoing AXFR

        • Many copies of large zone being copied can take up lots of memory
      • BIND 9 is threaded, handles zone transfers internally

        • Can be effective denial-of-service attack on real secondaries

Previous slide

Next slide

Back to first slide

View graphic version