Zone transfer

The DNS zone transfer attack also known as AXFR attack because of the query that is usually performed.

This attack takes advantage of one of the many ways that administrators can syncronize their primary name server to the secondary name server.

when a client sends a specially crafter message to the DNS server containing the AXFR flags If the primary server is misconfigured it will send an entire copy of the zone record to the requester. This may display the topology of the entire zone

Low Level

The client sends a query with the opcode 0 with the special query type of 252 over the TCP connection to the server. this will return the zone information if the server is misconfigured

Perform

You can perfom zone transfers using the tool named dig.

dig axfr @dns-server domain.name

replace dns-server with authorative dns server

Mitigation

Configure the DNS server to only respond to zone transfers from authenticated IP adresses. The instructions for this are in the manual of any DNS product.

Feedback

Was this page helpful?

Yes No

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.