EH-Net

I came across an article written by DigiNinja (http://www.digininja.org/projects/zonetransferme.php) in which he explains what DNS Zone Transfer is and how information gleaned from misconfiguration might be used.  He registered a domain name and set configurations deliberately in order to demonstrate to clients the dangers of DNS Zone Transfer.

I guess that most sites won't allow this so it may not be of use in a day to day pen test but the article, and accompanying site, might help others to learn details of what DNS Zone Transfer is and the pitfalls of misconfiguration.

I have found that many valid DNS hosts block the zone transfers from unauthorized systems.  My old company had publically accessible DNS hosted on Windows boxes and it also blocked the ability to drop the requests.  Considering the DNS servers were the same for external and internal, I wanted to make sure that was in place.  For giggles I even tried with my own host and the servers are configured as such. 

Windows 2008 DNS disables unauthorized zone transfers by default.  Now if you can pop a box that is authorized for this, well then you certainly can utilize the attack.  Then again most likely the only systems authorized are other DNS servers.  Its a nice golden egg if you find an open DNS server so never hurts to try.

I was listening to the ISD Podcast #560 (http://www.isdpodcast.com/episode-560-an-evening-with-rob-fuller-mubix) yesterday and Rob Fuller (mubix) was a guest on there talking about a project he's doing with zone transfers and the entire Internet.  He's going to be presenting at ThotCon.  Looking forward to seeing his results and what he makes of it!

A couple of years ago, it was possible on many websites, including anyone using cPanel as there was a configuration bug allowing DNS Zone Transfers aka AXFR requests.

Some websites, such as Wikipedia, deliberately allows transfering their Zone, for debugging purposes they said a long time ago.

The actual command line syntax that is probably the most details is:
  :)