DNS Zone Transfer used to replicate DNS data across a number of DNS servers or to back up DNS files. A user or server will perform a specific zone transfer request from a ―name server. If the name server allows zone transfers by an anonymous user to occur, all the DNS names and IP addresses hosted by the name server will be returned in human-readable ASCII text.
Tools used for DNS Enumeration
- Get the host’s addresses
- Get the nameservers
- Get the MX record
- Perform axfr queries on nameservers
- Get extra names and subdomains via Google scraping
- Brute force subdomains from a file can also perform recursion on a subdomain that has NS records.
- Calculate C class domain network ranges and perform whois queries on them
- Perform reverse lookups on entrances
If your DNS is not configured in a secure way, it is possible that lots of sensitive information about the network and organization can go outside and an untrusted Internet user can perform a DNS zone transfer.