I often had my hands up in despair whenever i tried performing Zone transfers on DNS servers. System administrators have become a lot more mature in dealing with the company’s IT infrastructure these days. Mis-configurations of critical DNS servers are therefore, a rarity.
So, I was surprised to find that the Primary DNS server of Network Solutions(203.124.141.118), a leading provider of Network Services to be promiscuous. In simple terms, anyone with a knowhow to work with the nslookup tool can get the entire zone record for Network Solutions’ domain ! Wow….
[Zone Records for Network Solutions,India]
The data contained in the DNS zone is often sensitive in nature. This makes the job of a computer hacker that much easier as they don’t have to resort to the time consuming methods for Information Gathering. It makes that much easier for people with malicious intents to carry out targeted attacks.
What really worries me is the fact that if the awareness about such trivial Security issues is missing in Security Solutions provider like Network solutions,India; the security level of their clients can very much be imagined.
DNS zone transfers are of course,a necessary and critical aspect of how DNS works, and can not be turned off completely. But DNS zone transfers should only be allowed between Primary and Secondary DNS servers. I wonder why an Organization would risk putting their confidential Information to the prying eyes of Crackers. A call from my side to the Network Solution’s New Delhi office evoked no response! May be this post will …..
Scribbles of a Chaotic Mind 