The Ethical Hacker Network - DNS Zone Transfer

Latest Additions

Who's Online

Ignatius

Jr. Member

Offline

Posts: 91

DNS Zone Transfer

« on: January 11, 2012, 04:33:43 AM »

I came across an article written by DigiNinja in which he explains what DNS Zone Transfer is and how information gleaned from misconfiguration might be used. He registered a domain name and set configurations deliberately in order to demonstrate to clients the dangers of DNS Zone Transfer.

I guess that most sites won't allow this so it may not be of use in a day to day pen test but the article, and accompanying site, might help others to learn details of what DNS Zone Transfer is and the pitfalls of misconfiguration.


	Logged

3xban

Hero Member

Offline

Posts: 608

Re: DNS Zone Transfer

« Reply #1 on: January 11, 2012, 07:47:09 AM »

I have found that many valid DNS hosts block the zone transfers from unauthorized systems. My old company had publically accessible DNS hosted on Windows boxes and it also blocked the ability to drop the requests. Considering the DNS servers were the same for external and internal, I wanted to make sure that was in place. For giggles I even tried with my own host and the servers are configured as such.

Windows 2008 DNS disables unauthorized zone transfers by default. Now if you can pop a box that is authorized for this, well then you certainly can utilize the attack. Then again most likely the only systems authorized are other DNS servers. Its a nice golden egg if you find an open DNS server so never hurts to try.


	Logged

Certs: GCWN
(@)Dewser

lorddicranius

Sr. Member

Offline

Posts: 447

Re: DNS Zone Transfer

« Reply #2 on: January 11, 2012, 09:56:28 AM »

I was listening to the ISD Podcast #560 yesterday and Rob Fuller (mubix) was a guest on there talking about a project he's doing with zone transfers and the entire Internet. He's going to be presenting at ThotCon. Looking forward to seeing his results and what he makes of it!


	Logged

GSEC, eCPPT, Sec+

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: DNS Zone Transfer

« Reply #3 on: January 11, 2012, 04:48:22 PM »

Quote from: Ignatius on January 11, 2012, 04:33:43 AM

I guess that most sites won't allow this so it may not be of use in a day to day pen test but the article, and accompanying site, might help others to learn details of what DNS Zone Transfer is and the pitfalls of misconfiguration.

A couple of years ago, it was possible on many websites, including anyone using cPanel as there was a configuration bug allowing DNS Zone Transfers aka AXFR requests.

Some websites, such as Wikipedia, deliberately allows transfering their Zone, for debugging purposes they said a long time ago.

The actual command line syntax that is probably the most details is:

Code:

dig @ns.targetnameserver.tld domain.tld AXFR