DNS Zone Transfer Vulnerability, What is it?

A DNS server is a database that stores IP addresses and domain names and related information. The primary duty of a DNS server is to resolve domain names to IP addresses.

DNS Zone File

DNS Zone file is a simple file that holds the data of a domain. This contains the mapping of domain names. IP addresses and other resources. A DNS Zone file can contain data about multiple subdomains and a DNS server can hold information about multiple servers.

Master and Slave DNS Servers

A Master DNS server is the server which holds the master copy of the zone file. When this file is updated, the slave DNS servers request a copy of this file and update their zone file.

What is Zone Transfer

DNS Zone transfer is the process of copying the DNS information form a master DNS server to a slave DNS server. This is used to copy data from the master DNS server to Slave servers. The primary/master DNS server should allow the zone transfer only to its secondary/slave servers. The Zone Transfer vulnerability arises when the primary server allows zone transfer to anyone who requests it.

By exploiting this vulnerability, attackers can get a copy of the zone file. This may not have a direct impact on the organization. But the attackers can collect a lot of information about the IP addresses and domains which will help in developing a plan to exploit and break into an organization.