Security for everyone

DNS Zone Transfer Checker

DNS servers share zones using AXFR protocol. If it's misconfigured, attackers can get all DNS information related to your domain. You can use Security for Everyone’s DNS vulnerability scanner to scan your DNS zone transfer.

SCAN NOW

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

5 sec

Scan only one

Domain

Parent Category

DNS Zone Transfer Checker Detail

DNS Zone Transfer Checker

What is DNS ?

DNS (Domain Name System) is a service that translates domain names into IP addresses. Users can easily remember domain names, but he computers understand IP addresses that’s why we need DNS. For example, without this service, you have to type '185.60.216.35' in your browser instead of www.facebook.com to access Facebook. IP - Domain mappings are kept on DNS servers. You can query those matches on securityforeveryone.com

There are two types of IP addresses IPv4, and IPv6. IPv4 address looks like these:

            8.8.8.8
            127.0.0.1
            255.255.255.255

IPv6 addressed looks like these (all of them are the same IP):

            ::ffff:808:808
            0:0:0:0:0:ffff:0808:0808
            0000:0000:0000:0000:0000:ffff:0808:0808

What is DNS Zone Transfer?

Zone transfer is actually a mechanism to share information between DNS servers. This process uses a protocol called AXFR. With this protocol, ZONE files on a DNS server, containing various DNS information are transferred from one server to another.

AXFR is also used in DNS queries to get zone information. An attacker can make this query to your DNS server. If your DNS server is not configured correctly, it will respond to all the queries regarding your domain name records (a, ns, mx, cname, txt etc.). With DNS zone transfer, attackers can learn all DNS information for your domain (including subdomains).

 

How to Check DNS Zone Transfer?

 

To test DNS zone transfer online, use our DNS zone transfer test tool. Write your domain on the form at the top of the page, that's all. If you want to test it yourself, continue reading.

If you are using a Linux or an OS X operating system, open terminal and type dig -t axfr yourdomain.com. If your DNS server allow to transfer zone files, it would look like that:


dig -t axfr securityforeveryone.com
;; global options: +cmd
securityforeveryone.com.	86400	IN	SOA	ns1.securityforeveryone.com. info.securityforeveryone.com. 2020040313
securityforeveryone.com.	86400	IN	A	1.1.1.1
securityforeveryone.com.	86400	IN	NS	ns1.securityforeveryone.com.
test.securityforeveryone.com.	86400	IN	A	1.1.1.1
sub.securityforeveryone.com.	86400	IN	A	8.8.8.8
devel.securityforeveryone.com.	86400	IN	A	8.8.8.8
other.securityforeveryone.com.	86400	IN	A	8.8.8.8
mail.securityforeveryone.com.	86400	IN	A	8.8.8.8
mail2.securityforeveryone.com.	86400	IN	A	8.8.8.8
www.securityforeveryone.com.	86400	IN	CNAME	securityforeveryone.com.
cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture