In the aftermath of Tuesday's mysterious zone transfers from netcraft.co.uk, and following up on a suggestion from Russ Sutherland, I changed my named.boot to admit zone transfers only from my own network and from the official U of T secondaries: xfrnets 128.100.104.0&255.255.255.0 xfrnets 128.100.100.128&255.255.255.255 128.100.102.201&255.255.255.255 xfrnets 128.100.1.1&255.255.255.255 128.100.2.2&255.255.255.255 xfrnets 16.1.0.19&255.255.255.255 204.123.2.18&255.255.255.255 These are, in order: - my network - dense.utcc snort.utcc - two different addresses for bay.cs - uucp-gw-2.pa.dec.com uucp-gw-1.pa.dec.com Since doing that, I have also received (and my named has rejected) zone transfer requests from these systems: 128.100.102.28 stamp.utcc 128.100.102.252 gated.gw 128.100.100.3 ugw.utcc 128.100.100.1 gpu.utcc Why are these systems doing zone transfers? Are they valid secondaries worth declaring in my NS records, or is there some other reason for the zone transfers, or is it just pointless hackery that I should ignore (and continue to refuse)? (I can guess some of the answers for some of the systems, but it seems worthwhile to have the official answers displayed in public.)