Coming mid-July
Cybrary Reimagined.
People first, Security first.
Coming mid-July.
Cybrary Reimagined.
Celebrate Cybersecurity Awareness Month with our buy 2, get 1 offer!
People first, Security first.
Valid until October 31. Elevate your skills today!
Start for free
dns-transfer

How to find a DNS Zone Transfer Misconfiguration manually using CMD in Windows and Terminal Console in Linux -Before starting with the article, I want to describe the DNS zone transfer misconfiguration flaw in a web server. A misconfigured DNS Zone Transfer will lead to leaks of user names and relevant IP addresses. And it can also lead to a leak of confidential data online. The misconfigured DNS Zone Transfer can be defined in 2 types 1. AXFR - Full Duplex DNS Zone Transfer and 2. IXFR - Partial Duplex DNS Zone Transfer.Caution: I'm not responsible for any cyber attacks that may happen with the help of DNS Zone Transfer, do it at your own risk.To track a misconfigured DNS Zone Transfer, I'm going to use nslookup in Microsoft Windows:

  1. Open up CMD, type "nslookup -type=ns<URL>" and press enter.
  2. The nslookup reveals the name servers of the respective URL, note down the nameservers for better learning.
  3. Just type nslookup to go into the command mode of nslookup.
  4. Then type "server <name server>" and press enter
  5. Then type  "set type=any" to get the queries regarding the complete DNS zone transfer information.
  6. Then type "ls -d <URL>", if the domain is having DNS Zone Transfer Misconfiguration, then it will show up.

In Penetration testing Linux distributions or basic Debian Linux Distributions you will find a tool called host to find DNS Zone Transfer:

  • Type "host -t axfr <URL><nameserver>" and press enter to find full query of full DNS Zone Transfer Misconfiguration.
  • Type "host -t ixfr<URL><nameserver>" and press enter to find query of Partial Duplex DNS Zone Transfer Misconfiguration.

The below image shows how a misconfigured DNS zone transfer can be spotted on a web server.

facebook-downloaded-open-image

Image: DNS Zone Transfer Misconfiguration Vulnerability Spotted in IIT Dharwad's Webserver.*Note: This vulnerability will lead to leakage of hostnames and the associated IP Addresses, which could lead to a further target of the organization and also sometimes it may lead to leakage of confidential data of the firm, who developed and maintaining this server.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs