Last modified: 2014-05-22 19:01:44 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T51953, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 49953 - wikimedia.org allows anyone to do AXFR
wikimedia.org allows anyone to do AXFR
Status: RESOLVED INVALID
Product: Wikimedia
Classification: Unclassified
DNS (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-21 11:34 UTC by Jimmy Xu
Modified: 2014-05-22 19:01 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jimmy Xu 2013-06-21 11:34:39 UTC 
$ dig @ns0.wikimedia.org wikimedia.org axfr
[...]
;; XFR size: 1038 records (messages 13, bytes 27468)

The same for wikipedia.org, wmflabs.org, etc.

I'm not sure if this is intended but generally this would get frowned upon or something.
Comment 1 Alex Monk 2013-06-21 11:53:26 UTC 
If I understand correctly, if this is a valid issue then it's a security one, so moving to the security area. Feel free to move it back if I'm wrong.
Comment 2 Chris Steipp 2013-06-21 17:19:26 UTC 
At this time, we make all of our dns configurations public, so this is actually intentional. Our ops director (CT) just confirmed it again with me.

I'll make this bug public, in case anyone else is curious about it.

Thanks for the report Jimmy. I'd much rather close it wontfix instead of not knowing about it.
Comment 3 Jimmy Xu 2013-09-27 13:18:44 UTC 
Not sure what've changed, but now transfers no longer work.

; <<>> DiG 9.9.2-P2 <<>> @ns0.wikimedia.org wikimedia.org axfr
; (1 server found)
;; global options: +cmd
; Transfer failed.

Checked the server admin log and got nothing, so popping up here for some ideas :)
Comment 4 Faidon Liambotis 2013-09-27 13:32:08 UTC 
The new software that we use doesn't support AXFRs at all. All the zone files are in a public git (and gerrit) repository now, though:
https://git.wikimedia.org/summary/?r=operations/dns
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links