Find a DNS Zone Transfer Misconfiguration

December 29, 2016 | Views: 14324

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

How to find a DNS Zone Transfer Misconfiguration manually using CMD in Windows and Terminal Console in Linux –

Before starting with the article, I want to describe the DNS zone transfer misconfiguration flaw in a web server. A misconfigured DNS Zone Transfer will lead to leaks of user names and relevant IP addresses. And it can also lead to a leak of confidential data online. The misconfigured DNS Zone Transfer can be defined in 2 types 1. AXFR – Full Duplex DNS Zone Transfer and 2. IXFR – Partial Duplex DNS Zone Transfer.

Caution:  I’m not responsible for any cyber attacks that may happen with the help of DNS Zone Transfer, do it at your own risk.

To track a misconfigured DNS Zone Transfer, I’m going to use nslookup in Microsoft Windows:

  1. Open up CMD, type “nslookup -type=ns<URL>” and press enter.
  2. The nslookup reveals the name servers of the respective URL, note down the nameservers for better learning.
  3. Just type nslookup  to go into the command mode of nslookup.
  4. Then type “server <name server> and press enter
  5. Then type  “set type=any” to get the queries regarding the complete DNS zone transfer information.
  6. Then type “ls -d <URL>“, if the domain is having DNS Zone Transfer Misconfiguration, then it will show up.

In Penetration testing Linux distributions or basic Debian Linux Distributions you will find a tool called host to find DNS Zone Transfer:

  • Type “host -t axfr <URL><nameserver>” and press enter to find full query of full DNS Zone Transfer Misconfiguration.
  • Type “host -t ixfr<URL><nameserver>” and press enter to find query of Partial Duplex DNS Zone Transfer Misconfiguration.

The below image shows how a misconfigured DNS zone transfer can be spotted on a web server.


Image: DNS Zone Transfer Misconfiguration Vulnerability Spotted in IIT Dharwad‘s Webserver.
*Note: This vulnerability will lead to leakage of hostnames and the associated IP Addresses, which could lead to a further target of the organization and also sometimes it may lead to leakage of confidential data of the firm, who developed and maintaining this server.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. great Arjun

  2. Great information. Thank for shared.

  3. Great keep going Arjun

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?