How to check zone transfer vulnerability on DNS?

What is DNS zone transfer?

Actually, DNS zone transfer is also known as AXFR or DNS query which refers to DNS transaction. It is the most available technique to replicate the DNS database and transfer traffic by replicating the DNS server. This method uses the AXFR protocol to perform actions. By using the vulnerability a hacker can get all host information of your DNS server. As the DNS is referred to as an internet phone book there is always risk behind the DNS zone transfer vulnerability. If a hacker is able to get access to your server (DNS) control he can listen to all the traffic and sniff and then may redirect all the server traffic. DNS zone transfer also is known as DNS hijacking.

Today I will show the process of Zone-Transfer vulnerability and how to perform the attack on a DNS.

#1. We will use Kali Linux operating system to perform this task.

#2. Open terminal and (Ctrl+Alt+T) then type the following command.

#3. fierce -dns host-name.com  [This will try using a brute force method to find out the vulnerabilities.]

#4. Alternatively, you can use the IP address instead of a domain name for getting the IP address then use terminal and use command ping hostname then you will get the IP address and finally, you can use the above command like this fierce -dns 111.111.111.111. And this will also use the brute force method.

#5. Now type the command host  hostname.com in the place of hostname.com type your targeted hostname.

#6. Type command nslookup  then  set q = ns [For getting the name server lookup].

#7. Now enter your targeted domain name.

#8. Now type set q =mx [For getting the MX record].

#9. Another way is you can use some online tools free of cost and some of those are very useful i observed. Like https://hackertarget.com/zone-transfer/  https://www.ultratools.com/tools/zoneFileDump  http://www.geektools.com/digtool.php  https://pentest-tools.com/network-vulnerability-scanning/dns-zone-transfer-check

#10. Another alternative way is using this command dig @dns1.server.com domain.com axfr.

Here I’ve attached a sample screenshot of failure test. If you want more details about this with full screenshot please let me know in the comment section.

DNS Zone transfer or AXFR vulnerability prevention.

There is no authentication is required in AXFR, so anyone can ask a DNS server for the copy of entire sone using any client software. This means that unless some kind of protection is introduced, an attacker can get a list of all hosts for a domain, which gives them a lot of potential attack vectors.

For the prevention of this AXFR vulnerability, the DNS server should be configured to only allow zone transfers from trusted IP addresses. The following is an example of how this can be accomplished in the BIND DNS server.

%d bloggers like this: