HOWTO – DNS Zone Transfers

May 7, 2013
By

Post to Twitter Post to Facebook Post to Reddit

As part of reconnaissance Domain Name Service (DNS) servers can provide the bad guys with pertinent data to further their attack. One of the key methods for extracting this information are zone transfers. With just a few quick commands a DNS server will gladly cough up a sensitive list of sub-domains if it isn’t configured correctly.

In the world of DNS “nslookup” and “dig” are the two main tools for interrogating servers. Nslookup is older and a bit more limited but useful in a pinch. Dig, on the other hand, seems to be the goto DNS tool of choice. The example below demonstrates using each of these tools.

First, extract the name servers for the target site. In the commands below we are using Google as an example.

nslookup -type=ns google.com
dig ns google.com

Next, choose one of the name servers and attempt to run a zone transfer on it.

nslookup
> server ns1.google.com
> set type=any
> ls -d google.com
dig axfr @ns1.google.com google.com

Of course the result for Google should return a “Transfer failed” error … hopefully.

But what if you want to show off and don’t happen to know of a convenient site to demonstrate zone transfers on? That’s where Robin “@DigiNinja” Wood comes in with a very useful resource he setup called ZoneTransfer.me. Just run the above commands against that site to see it in action.

#####

If you’d like to see a specific NIP Tip just let us know… Today’s post pic is from Microsoft.com. See ya!

Tags: , , , , ,

7 Responses to HOWTO – DNS Zone Transfers

  1. novainfosec (@novainfosec) on May 7, 2013 at 9:01 am

    NIP Tip – DNS Zone Transfers https://t.co/MbnSxABGm6

  2. CSec (@csec) on May 7, 2013 at 12:00 pm

    NIP Tip – DNS Zone Transfers: [nova#infosec.com] As part of reconnaissance Domain Name Service (DNS) servers can… http://t.co/vL8yqDwdcx

  3. novainfosec (@novainfosec) on May 3, 2014 at 12:29 am

    Best Of: HOWTO – DNS Zone Transfers http://t.co/q4JvS0YJbz

  4. novainfosec (@novainfosec) on September 16, 2014 at 2:14 am

    Best Of: HOWTO – DNS Zone Transfers http://t.co/q4JvS1fMdz

  5. novainfosec (@novainfosec) on December 2, 2014 at 8:11 pm

    Best Of: HOWTO – DNS Zone Transfers http://t.co/q4JvS1xnlD

  6. novainfosec (@novainfosec) on February 11, 2015 at 1:08 am

    Best Of: HOWTO – DNS Zone Transfers http://t.co/q4JvS0Ybm1

  7. novainfosec (@novainfosec) on February 11, 2015 at 1:08 am

    Best Of: HOWTO – DNS Zone Transfers http://t.co/q4JvS0Ybm1

Leave a Reply

Your email address will not be published. Required fields are marked *


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.