mailing list archives
RE: zone transfers, a spammer's dream?
From: "Marcin Pacyna" <mpacyna () nexvision com>
Date: Mon, 13 Dec 2004 12:01:03 -0500
I've forwarded this to CIRA (the .ca registry) and I've been told that this
has been fixed.
From: Lode Vermeiren [mailto:lode () linu cx]
Sent: December 7, 2004 5:39 PM
To: bugtraq () securityfocus com
Subject: zone transfers, a spammer's dream?
while doing some experiments with dig using a .fm domain I made a small
typo. Much to my surprise the whole fm zone was transferable by anyone.
It's obvious this is a fabulous source for dictionary spammers who just
mail to generic addresses at as much domains as they can possibly find.
(info () example com, sales () example com, ...)
Intrigued by the .fm zone, I did a quick scan to see which other top
level domains allowed zone transfers. It was no surprise to me that some
small zones of developing countries were open, but one top level domain
immediately caught my eye: getting the complete .ca zone (Canada), 48 Mb
in total, serving 471.686 domains is as easy as doing 'dig axfr ca
Some zones weren't transferable at the master nameservers, but were
transferable at slave servers.
Other publicly transferable zones: (quick and dirty count, divide by +/-
3 to get the number of domains, as this lists multiple name servers per
wc -l *.zone
This does not include some second level domains like net.** and org.**,
as my quick and dirty script didn't check these.
After a much too long introduction here comes my questions: is this
deliberate? I can understand that Chad has bigger things to worry about
than 24 domains getting on yet another spam list, but why Canada makes
nearly half a million domains as easy to grab as this really is a
mystery to me.
What do you think?
lode () linu cx