On Sat, Dec 19, 1998 at 01:22:07AM +0000, Alex Bligh wrote:
Perhaps this is dumb, but how about authentication by ensuring the TCP connection from the whois comes from the server in question. IE you can whois FOO-HST to see which domains are served by FOO-HST only from FOO-HST. Mildly inconvenient, but stops random people pulling off everyones lists. I can't currently think of an OS that supports DNS servers but not whois.
The problem with this, is if there is some sort of network problem or you are trying to determine what domains are still looking at an old nameserver you took down. I don't see why authentication is such a necessity-- why is it a secret what domains a given nameserver serves? It would be easy enough to pull the information down by exhaustive search. Mike -- Michael P. Lyle Security Architect Exodus Communications, Inc.