DNS cookbook - do complete zone transfer from remote DNS server.

Linux
Notes:

For security reason zone transfer should only be allowed from specific and trusted IPs, as the information in it can be used to gain insight into the domain/network structure before breaking in.
Zone transfer is always done over the TCP , even if the reply is less than UDP limit of 512 byte, so port 53/TCP should be open to the DNS server.

And the command itself:

$ dig AXFR example.com

To ask for incremental zone transfer, that is only changes ( just to test this feature is enabled or not) :

$ dig ixfr  example.com

Windows

Windows>nslookup
Default Server:  dns1-adc.netvision.net.il
Address:  194.90.0.1

> ls -d yurisk.info
[dns1-adc.netvision.net.il]
*** Can't list domain yurisk.info: BAD ERROR VALUE
The DNS server refused to transfer the zone yurisk.info to your computer. If this
is incorrect, check the zone transfer security settings for yurisk.info on the DNS
server at IP address 194.90.0.1.

DNS, DNS-cookbook

yurisk.info

Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

DNS cookbook - do complete zone transfer from remote DNS server.

Advertisements

yurisk.info

Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

DNS cookbook - do complete zone transfer from remote DNS server.

Previous post

Advertisements