DNS Zone Transfer Tutorial
What is a zone transfer?
A zone transfer is the process of replicating/copying a DNS database/zone file from a primary DNS server to a secondary DNS server.
It’s corresponding DNS query/record is AXFR.
Why is this important or valuable?
The zone file contains all the DNS names that are defined for that particular DNS server.
The main issue or advantage depending on whether you see it as an attacker or a defender is that many DNS servers are misconfigured and as a result, the zone file can be replicated to unauthorized secondary DNS servers.
The zone file contains all the IP addresses of servers and hosts. As a result, this can be very useful for an attacker as they are able to find important info like the internal network of a domain or organization.
Tools we will be using
- Host
- Dig
- Nslookup
Website: https://zonetransfer.me
Using Host
Finding name servers
Host -t ns zonetransfer.me
Attempt zone transfer
Host -l zonetransfer.me nsztml1.digi.ninja
If successful you will get the entire zone file that contains all the IP’s.
Using Dig
Finding name servers
Dig zonetransfer.me -t ns
Attempt zone transfer
Dig axfr zonetransfer.me @nsztml1.digi.ninja
Using Nslookup
Why nslookup? – Works on Windows 
Finding Name servers
Set type=ns, zonetransfer.me
Attempt zone transfer
- nslookup
- Server nsztm1.digi.ninja
- Set type=any – Not specifying the records
- Ls -d zonetransfer.me