DNS Zone Transfers


Summary

The DNS (bind) program allows zone transfers which enables a remote user to 'know' all of the hosts supported by the DNS.

The problem

Arbitrary zone transfers give the malicious user a good roadmap of the hosts that are in a given domain. This could provide a list of the active systems to attack.

Fix

Reconfigure the bind (or named) configurration file (/etc/named.conf or /etc/boot.named) so that zone transfers are only allowed to supporting DNS systems.