Zone Transfer
Last updated
Last updated
DNS Zone Transfer is the process of copying DNS records from one DNS server (primary) to another (secondary) to ensure data synchronization and redundancy. It ensures that both servers have the same DNS information for reliability and availability.
Full Zone Transfer (AXFR): Copies the entire DNS zone file from the primary to the secondary server.
Incremental Zone Transfer (IXFR): Only transfers the changes or updates made since the last transfer, reducing data overhead.
If unauthorized parties gain access to zone transfer data, they could potentially view the entire DNS record, exposing internal network details like subdomains and server information. This can give attackers a holistic view of an organization's network layout and lead to security vulnerabilities.
In simple terms, it’s like copying DNS records from one server to another for backup, but it needs to be secured to prevent data leaks.
It is a publicly available domain set up for zone transfer testing. Security professionals can use it to experiment if a DNS server is vulnerable to unauthorized zone transfers, allowing them to retrieve DNS records like SOA, MX, A, and NS.
dnsenum is an active reconnaissance tool used for DNS enumeration. It automates the process of gathering DNS information and includes features like:
Automatic Zone Transfer: It attempts to perform zone transfers from the target domain by querying the primary DNS nameserver. Zone transfers, if enabled, allow the tool to retrieve all DNS records for the domain.
Bruteforce: It can bruteforce subdomains to discover hidden or less obvious entries not listed in public DNS records.
If zone transfer is enabled on one of the nameservers, dnsenum will successfully extract all DNS records from the server, including A, MX, NS, SOA, and others, providing a complete view of the domain's internal network layout. This is valuable for identifying subdomains, internal servers, and sensitive configurations that can aid in further reconnaissance or attacks.
dig (Domain Information Groper) is a powerful command-line tool used for querying DNS records. It's commonly used by system administrators and security professionals to retrieve DNS information such as A, MX, NS, and other records. dig can also be used to perform a zone transfer, which attempts to copy all DNS records from a DNS server to gather comprehensive information about the target domain.
To perform a zone transfer, you need to query the target's authoritative name server and request the transfer. This will only succeed if the server is misconfigured or allows unauthorized transfers.
axfr
: Specifies that you are requesting a full zone transfer.
@nsztm1.digi.ninja
: The authoritative DNS server you are querying.
zonetransfer.me
: The domain for which you are requesting a zone transfer.
Fierce, a DNS reconnaissance tool designed to locate non-contiguous IP space.
What exactly is non-contiguous IP space? It refers to ranges of IP addresses that aren’t sequential or adjacent, making them more challenging to discover and manage during recon activities.
It’s highly effective in performing: DNS Enumeration, Subdomain Enumeration, Zone Transfers