giggigteam
New Member
- Messages
- 11
- Reaction score
- 0
- Points
- 1
Hey guys,
After listening to my faviorate internet podcast HAK5 they were discussing Zone Transfer vunerabilitys on the web, I decided to test if my site is secure. To my horror it was not, and I suspect that other sites are insecure. From a linux terminal it is possible to run the command
"dig -t AXFR mysite.com @ns1.x10hosting.com"
And see publically all of the sites DNS infomation. Is it possible to disable this through cpanel? If not I think that the server admins need to restrict zone transfers to internal name servers only and not allow the public internet access to this infomation. Please can someone fix this before it becomes exploted!
Thanks
UPDATE: For all those interested the above command simply says to ns1.x10hosting.com hey I am another name server please send me all the info you have got on mysite.com, this infomation should only be sent to official nameservers for x10 hosting e.g. ns2.x10hosting.com and not made public
After listening to my faviorate internet podcast HAK5 they were discussing Zone Transfer vunerabilitys on the web, I decided to test if my site is secure. To my horror it was not, and I suspect that other sites are insecure. From a linux terminal it is possible to run the command
"dig -t AXFR mysite.com @ns1.x10hosting.com"
And see publically all of the sites DNS infomation. Is it possible to disable this through cpanel? If not I think that the server admins need to restrict zone transfers to internal name servers only and not allow the public internet access to this infomation. Please can someone fix this before it becomes exploted!
Thanks
UPDATE: For all those interested the above command simply says to ns1.x10hosting.com hey I am another name server please send me all the info you have got on mysite.com, this infomation should only be sent to official nameservers for x10 hosting e.g. ns2.x10hosting.com and not made public
Last edited: