Wow I hear for the first time that some TLD registrar would explicitelly allow zone transfer of the whole zone... talking about the Swedish TLD mentioned in the article.
I strongly disagree, this is 100% vulnerability, you're leaking private DNS records - aka if the name server is also used for private records these are effectively exposed.
Lol... just some context for others - it's a Soviet Union (https://en.wikipedia.org/wiki/.su). So not really gTLD but ccTLD... :D Apparently created 15 months before collapse of the CCCP
Wow I hear for the first time that some TLD registrar would explicitelly allow zone transfer of the whole zone... talking about the Swedish TLD mentioned in the article.
This really works
dig @zonedata.iis.se se axfr
maybe controversial take, but zone transfers are not vulnerability, there's nothing really private in that
I strongly disagree, this is 100% vulnerability, you're leaking private DNS records - aka if the name server is also used for private records these are effectively exposed.
There's NO REASON to have zone transfer enabled.
>There's NO REASON to have zone transfer enabled.
There are absolutely reasons to have zone transfer enabled -- to transfer the zones from primary/authoritative DNS servers to secondary DNS servers.
Zone transfers should, however, be limited to just the secondary DNS servers and not open to the world.
TIL: there's .su gtld
Lol... just some context for others - it's a Soviet Union (https://en.wikipedia.org/wiki/.su). So not really gTLD but ccTLD... :D Apparently created 15 months before collapse of the CCCP