Doing a DNS zone transfer

From Wikipedia, the free encyclopedia ( http://en.wikipedia.org/wiki/Zone_transfer ):
DNS zone transfer, also sometimes known by its (most common) opcode mnemonic AXFR, is a type of DNS transaction. It is one of the many mechanisms available for administrators to employ for replicating the databases containing the DNS data across a set of DNS servers. Zone transfer comes in two flavors, full (opcode AXFR) and incremental (IXFR). Nearly universal at one time, it is now falling by the wayside somewhat, in favor of the use of other database replication mechanisms that modern DNS server packages provide.

The data contained in an entire DNS zone may be sensitive in nature. Individually, DNS records are not sensitive, but if a malicious entity obtains a copy of the entire DNS zone for a domain, they may have a complete listing of all hosts in that domain. That makes the job of a computer hacker much easier. A computer hacker needs no special tools or access to obtain a complete DNS zone if the name server is promiscuous and allows anyone to do a zone transfer.

Using the nslookup utility that is contained in Windows, a DNS zone transfer can be easily tried out. All you need to do is enter the target DNS server and the domain you want to interrogate:
server ns.example.com (the target DNS server)
set type=any (to get all types of DNS records)
ls -d example.com (do the actual transfer)

Using the dig utility in Linux, a DNS zone transfer is even more trivial to perform:
dig example.com axfr

When a DNS zone transfer is allowed, you should get a complete listing of all DNS entries that have been made in the DNS server for this domain. If the DNS server doesn't allow it, you will get an error indicating that the Zone transfer didn't work.

An example:

References:

• Wikipedia: DNS zone transfer