January 21, 2020

Find a DNS Zone Transfer Misconfiguration

Arjun C Shekar
Share
dns-transfer

How to find a DNS Zone Transfer Misconfiguration manually using CMD in Windows and Terminal Console in Linux -Before starting with the article, I want to describe the DNS zone transfer misconfiguration flaw in a web server. A misconfigured DNS Zone Transfer will lead to leaks of user names and relevant IP addresses. And it can also lead to a leak of confidential data online. The misconfigured DNS Zone Transfer can be defined in 2 types 1. AXFR - Full Duplex DNS Zone Transfer and 2. IXFR - Partial Duplex DNS Zone Transfer.Caution: I'm not responsible for any cyber attacks that may happen with the help of DNS Zone Transfer, do it at your own risk.To track a misconfigured DNS Zone Transfer, I'm going to use nslookup in Microsoft Windows:

  1. Open up CMD, type "nslookup -type=ns<URL>" and press enter.
  2. The nslookup reveals the name servers of the respective URL, note down the nameservers for better learning.
  3. Just type nslookup to go into the command mode of nslookup.
  4. Then type "server <name server>" and press enter
  5. Then type  "set type=any" to get the queries regarding the complete DNS zone transfer information.
  6. Then type "ls -d <URL>", if the domain is having DNS Zone Transfer Misconfiguration, then it will show up.

In Penetration testing Linux distributions or basic Debian Linux Distributions you will find a tool called host to find DNS Zone Transfer:

  • Type "host -t axfr <URL><nameserver>" and press enter to find full query of full DNS Zone Transfer Misconfiguration.
  • Type "host -t ixfr<URL><nameserver>" and press enter to find query of Partial Duplex DNS Zone Transfer Misconfiguration.

The below image shows how a misconfigured DNS zone transfer can be spotted on a web server.

facebook-downloaded-open-image

Image: DNS Zone Transfer Misconfiguration Vulnerability Spotted in IIT Dharwad's Webserver.*Note: This vulnerability will lead to leakage of hostnames and the associated IP Addresses, which could lead to a further target of the organization and also sometimes it may lead to leakage of confidential data of the firm, who developed and maintaining this server.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More