Why do we offer this check for insecure DNS servers?

The goal of this project and website is to make people aware of how common poorly configured nameservers are. It seems like administrators normally just tighten the authoritative, aka primary, nameserver but pay very little attention to the slave server(s).

We've found really big sites, sites like Universities, Internet Service Proviers and bigger webhotels, sites with up to half a million DNS records! All leaving their nameservers wide open for anyone to transfer their entire zone configuration.

This itself is not a security problem, since each and every host within a network should be secure and up to date. Hiding a system by giving it a hard to guess hostname is really bad practice and can cause a lot of problems in situations where a nameserver is compromised. Also, it's not a very smart move handing all the information over to a potential attacker just like that and you might actually be able to create another layer of security by simply hiding it.

Why not just contact the owners of the affected servers?

This would require a lot of work from our side to find and report all affected nameservers. Instead, we decided to write a tool where administrators can test their own systems.

Why show the entire zone-file of a leaking nameserver?

Mainly, beacuse it's impossible to verify what user is the administrator of which DNS server. Also, some administrators actually want to have their systems open and leaking information. Because of this, we also want to offer a way for administrators to know what information is public and available through their systems.

At the end of the day, anyone can do what we do. There's no magic behind it.