Zone file access (was: Re: Possible login/password grabbing ploy)

Brad_Horak · May 13, 1998, 9:16pm

Here's this week's response from a request for zone file access sent to
hostmaster@internic.net:

Dear Customer,

Thank you for contacting Network Solutions, Inc., InterNIC
Registration Services.

We cannot give you access to our database for all records, other than what is
in our whois database, is confidential and not available to the public.

Best Regards,
II
Network Solutions, Inc.

--Brad Horak
Systems Research Center
Digital Equipment Corporation

Paul_A_Vixie · May 15, 1998, 7:28am

> Dear Customer,
>
> Thank you for contacting Network Solutions, Inc., InterNIC
> Registration Services.
>
> We cannot give you access to our database for all records, other than
> what is in our whois database, is confidential and not available to the
> public.
>
> Best Regards,
> II
> Network Solutions, Inc.

Network Solutions has never actually asked me to stop allowing full outbound
zone transfers of all InterNIC TLD's from F.ROOT-SERVERS.NET. According to
my logs, "dig @192.5.5.241 xxx axfr > xxx.zone" is a rather popular command:

[dns1.pa:alpha] wc -l xfer.log*
      1702 xfer.log
       306 xfer.log.0
      5560 xfer.log.1
      3219 xfer.log.2
     16859 xfer.log.3
     12066 xfer.log.4
     39712 total
[dns1.pa:alpha] ls -l xfer.log*
-rw-r--r-- 1 root system 162968 May 15 00:22 xfer.log
-rw-r--r-- 1 root system 29856 May 7 17:00 xfer.log.0
-rw-r--r-- 1 root system 546016 May 6 22:01 xfer.log.1
-rw-r--r-- 1 root system 325942 Apr 15 21:05 xfer.log.2
-rw-r--r-- 1 root system 1724302 Apr 6 19:08 xfer.log.3
-rw-r--r-- 1 root system 1194194 Feb 28 11:35 xfer.log.4

If NSI should ask me to restrict outbound zone transfers, then I would of
course immediately ask the IANA whether to comply with that request. And
so now you all know why BIND-8's first development priority was to stop
forking for outbound zone transfers -- I can export the COM zone 50 times
in parallel (and I sometimes do) without changing the runtime profile of
F.ROOT-SERVERS.NET.

Jon_Lewis · May 17, 1998, 12:34am

Thanks to Paul, I can now do the scans of the com, net and org domains and
add to my list of projects "cleaning up lame delegations". It's
unfortunate that NSI wants to control access to this data. Doing a zone
transfer rather than ftping a gzipped file wasted huge amounts of
bandwith...both mine and Pauls.

$ gzip -l com.zone.gz
compressed uncompr. ratio uncompressed_name
47530626 209099660 77.2% com.zone