Top 5 Commands to Test DNS Zone Transfer in 2 minutes
DNS is referred to as an internet directory, just like a phone directory. It helps in resolving domain names into corresponding IP addresses.
DNS zone transfer is a method of copy DNS-related databases across different DNS servers. It is a type of DNS transaction. Vulnerability in DNS configuration led to the release of sensitive data by responding to global Asynchronous Transfer Full Range (AXFR) requests. This technique may reveal new subdomains that are helpful to increase the attack surface of the target.
Below are the Top 5 Commands to Test Zone Transfer. It is very easy and just a matter of writing one or two-line commands to test DNS zone transfer.
- stands for domain information groper
- DNS lookup utility
- Use for troubleshooting DNS problems
- can also be used to test zone transfer
#dig +short ns <url> #dig axfr <url> @<name-server>
- Perl script
- Recon tool
- pre-installed on Kali Linux
- Can be used to test zone transfer
#fierce -dns <domain>
- DNS lookup tool
- Convert names to IP addresses and vice versa
- One line command used to test zone transfer
#host -t axfr <test-url> <name-server>
Use below command to try zone transfer by one of name server
host -l <test-url> <name-server>
- stands for "name server lookup"
- DNS recon tool
- Used by network administrators
- preinstalled on Windows machines
>nslookup >server <name-server> >set type=any >ls -d <test-url>
- DNS recon script preinstalled on Kali Linux
- Able to check ns records for a zone transfer
#dnsrecon -d zonetransfer.me -t axfr
How to mitigate DNS zone transfer vulnerability?
To mitigate this vulnerability, DNS servers should be configured by trusted IP addresses.
You can also use transaction signatures (TSIG) for zone transfers. This helps in preventing IP spoofing efforts.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.