Practice DNS Zone Transfers with DigiNinja

DNS servers use zone transfers to replicate databases across servers. This allows administrators to make changes on one server and then push these changes to the others rather than manually updating all of them. Most DNS servers only allow zone transfers to trusted peers due to the valuable information they reveal. However, when doing reconnaissance it’s still worthwhile for penetration testers and other security professionals to check if zone transfers are allowed. allows security practitioners to practice zone transfers with the domain

How to Start a Zone Transfer

First you need to find the domain’s DNS servers. We can do that with the dig command like so:

dig +short ns <domain>

This gives the following output:

Now that we know what the domain’s DNS servers are we can use dig to request a zone transfer:

Alternatively we could also use the host command to initiate a zone transfer:

host -t <domain> <DNS server>

The zone transfer gives us a lot of information!

The output from the dig zone transfer command.
The output from the host zone transfer command.

Try it yourself and see what kind of information you can glean from perusing the zone transfer data. Can you determine which is primary name server and who the contact for it is? What about the mail servers?

Further Reading

For more information on how to read the information gathered from a zone transfer please visit Digi.Ninja :

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s