DNS zone transfer

Added: 09/24/2008
CVE: CVE-1999-0532
OSVDB: 492

Background

A DNS zone transfer is the process by which a secondary name server copies all DNS records for a domain from a primary name server.

Problem

If DNS zone transfers are not restricted, they can allow attackers to enumerate hosts in a domain.

Resolution

Configure the primary DNS server to allow zone transfers only from secondary DNS servers. In BIND, this can be done in an allow-transfer block in the options section of the named.conf file.

References

http://www.tfug.org/helpdesk/security/bind.html

Back to exploit index