stream-dns icon indicating copy to clipboard operation
stream-dns copied to clipboard
verified publisher icon CleverCloud

Enhance the filter on axfr request

Open NotBad4U opened this issue 6 years ago • 3 comments

Overview

A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.

Impact

A remote unauthenticated user may observe internal network structure, learning information useful for other directed attacks.

Solution

The DNS server whether or not to allow AXFR request, which looks like all or nothing. We can improve this by allowing the DNS server to respond only to zone transfer (AXFR) requests from known IP addresses.

NOTE: enhancement of #20 but not necessary at this time.

NotBad4U avatar Jul 08 '19 12:07 NotBad4U

Heyllo. I guess it's still up for grabs ? :)

JulienBe avatar Dec 02 '19 19:12 JulienBe

Hello @JulienBe , I apologize for the delay of my response. I was a little busy last week by another project. In regards to this issue, I removed temporarily the AXFR feature to made the refactoring more simple. I'm goind to add this feature again soon and add the filter at the same time. I'll add soon new feature/issue to this project and ping you, if you're still interested to contribute to this project, on good first issue. Sorry again in the delay of my response.

NotBad4U avatar Dec 09 '19 14:12 NotBad4U

Ok, thanks for the update ! :) And don't worry for the delay. And another thanks for the ping !

JulienBe avatar Dec 11 '19 08:12 JulienBe