How to find a DNS Zone Transfer Misconfiguration manually using CMD in Windows and Terminal Console in Linux -
Before starting with the article, I want to describe the DNS zone transfer misconfiguration flaw in a web server. A misconfigured DNS Zone Transfer will lead to leaks of user names and relevant IP addresses. And it can also lead to a leak of confidential data online. The misconfigured DNS Zone Transfer can be defined in 2 types 1. AXFR - Full Duplex DNS Zone Transfer and 2. IXFR - Partial Duplex DNS Zone Transfer.Caution:
I'm not responsible for any cyber attacks that may happen with the help of DNS Zone Transfer, do it at your own risk.To track a misconfigured DNS Zone Transfer, I'm going to use nslookup
in Microsoft Windows:
- Open up CMD, type "nslookup -type=ns<URL>" and press enter.
- The nslookup reveals the name servers of the respective URL, note down the nameservers for better learning.
- Just type nslookup to go into the command mode of nslookup.
- Then type "server <name server>" and press enter
- Then type "set type=any" to get the queries regarding the complete DNS zone transfer information.
- Then type "ls -d <URL>", if the domain is having DNS Zone Transfer Misconfiguration, then it will show up.
In Penetration testing Linux distributions or basic Debian Linux Distributions you will find a tool called host
to find DNS Zone Transfer:
- Type "host -t axfr <URL><nameserver>" and press enter to find full query of full DNS Zone Transfer Misconfiguration.
- Type "host -t ixfr<URL><nameserver>" and press enter to find query of Partial Duplex DNS Zone Transfer Misconfiguration.
The below image shows how a misconfigured DNS zone transfer can be spotted on a web server.
Image: DNS Zone Transfer Misconfiguration Vulnerability Spotted in IIT Dharwad
's Webserver.*Note: This vulnerability will lead to leakage of hostnames and the associated IP Addresses, which could lead to a further target of the organization and also sometimes it may lead to leakage of confidential data of the firm, who developed and maintaining this server.