Zone transfers

What is it?

Zone transfers are processes where a DNS server shares information from its database with another DNS server. This mechanism is most commonly used to replicate DNS data across multiple servers, ensuring consistent information and high availability.

There are two types of zone transfers:

AXFR (Full Zone Transfer): This type of transfer copies the entire DNS database from a master server to a secondary (slave) server. As it involves copying the whole zone file, AXFR is more bandwidth-consuming, and it may not be efficient for large zones or frequent updates.
IXFR (Incremental Zone Transfer): Unlike AXFR, IXFR only transfers the changes made to the DNS database since the last transfer. It's much more bandwidth-efficient when there are frequent, small changes to a DNS zone.

Attackers can potentially exploit unrestricted zone transfers to map a network's infrastructure, potentially revealing information about hostnames, IP addresses, and other details. As such, it is important to restrict zone transfers to trusted DNS servers only.

Checklist

Is DNS/53 TCP open?

Exploitation

# attempt a zone transfer
dig axfr @ip <domain>
dig axfr @nsztm1.digi.ninja zonetransfer.me

PreviousDNS NextContent discovery / recon

Last updated 1 year ago