-----Original Message----- From: Paul Wouters <p...@nohats.ca> Date: Tuesday, April 14, 2015 at 10:20 AM To: Mark Jeftovic <mar...@easydns.com> Cc: "dns-operati...@dns-oarc.net" <dns-operati...@dns-oarc.net> Subject: Re: [dns-operations] Stunning security discovery: AXFR may leak information
>On Tue, 14 Apr 2015, Mark Jeftovic wrote: > >> Joke all you want. This is worse than heartbleed. > >Well, no. heartbleed could leak private (key) data. AXFR only leaks that >which you are already willing to give to any stranger who knows what >question to ask or who asks 6 billion questions :P Yeah, when I read the AXFR announce my first thought was "wow, CERT must be bored!" Seemed like old news. That said, open resolvers and BCP38 should also be old news...but a lot of people don't get it or don't care. Perhaps it was meant as more of a community broadcast to raise awareness of something DNS geeks take for common knowledge. Otherwise, would have been better sent on April 1st. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
