MediumCheck or Attack Name: iquery
The Inverse Query (iquery) feature supported on some DNS servers should not be used. An attacker can use this feature to obtain a zone transfer. Zone transfers identify every machine registered with your DNS server and can be used by attackers to better understand your network. The zone transfer occurs even if you've disabled zone transfers on your DNS server.
Configure your DNS server to disable inverse queries.
For more information on inverse queries, see RFC 1035, "Domain Names - Implementation and Specification" available from ftp://ftp.isi.edu/in-notes/rfc1035.txt.
Request for Comment document RFC 1035, Domain Names - Implementation and Specification, ftp://ftp.isi.edu/in-notes/rfc1035.txt
Acme Byte & Wire LLC, Securing Your Name Server, http://www.acmebw.com/securing/index.htm
