Home 0P3N Blog Find a DNS Zone Transfer Misconfiguration
Ready to Start Your Career?
Create Free Account
Arjun C Shekars profile image
By: Arjun C Shekar
December 29, 2016

Find a DNS Zone Transfer Misconfiguration

By: Arjun C Shekar
December 29, 2016
Arjun C Shekars profile image
By: Arjun C Shekar
December 29, 2016
dns-transferHow to find a DNS Zone Transfer Misconfiguration manually using CMD in Windows and Terminal Console in Linux -Before starting with the article, I want to describe the DNS zone transfer misconfiguration flaw in a web server. A misconfigured DNS Zone Transfer will lead to leaks of user names and relevant IP addresses. And it can also lead to a leak of confidential data online. The misconfigured DNS Zone Transfer can be defined in 2 types 1. AXFR - Full Duplex DNS Zone Transfer and 2. IXFR - Partial Duplex DNS Zone Transfer.Caution:  I'm not responsible for any cyber attacks that may happen with the help of DNS Zone Transfer, do it at your own risk.To track a misconfigured DNS Zone Transfer, I'm going to use nslookup in Microsoft Windows:
  1. Open up CMD, type "nslookup -type=ns<URL>" and press enter.
  2. The nslookup reveals the name servers of the respective URL, note down the nameservers for better learning.
  3. Just type nslookup  to go into the command mode of nslookup.
  4. Then type "server <name server>" and press enter
  5. Then type  "set type=any" to get the queries regarding the complete DNS zone transfer information.
  6. Then type "ls -d <URL>", if the domain is having DNS Zone Transfer Misconfiguration, then it will show up.
In Penetration testing Linux distributions or basic Debian Linux Distributions you will find a tool called host to find DNS Zone Transfer:
  • Type "host -t axfr <URL><nameserver>" and press enter to find full query of full DNS Zone Transfer Misconfiguration.
  • Type "host -t ixfr<URL><nameserver>" and press enter to find query of Partial Duplex DNS Zone Transfer Misconfiguration.
The below image shows how a misconfigured DNS zone transfer can be spotted on a web server.facebook-downloaded-open-imageImage: DNS Zone Transfer Misconfiguration Vulnerability Spotted in IIT Dharwad's Webserver.*Note: This vulnerability will lead to leakage of hostnames and the associated IP Addresses, which could lead to a further target of the organization and also sometimes it may lead to leakage of confidential data of the firm, who developed and maintaining this server.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry