Detection and Analysis of DNS region transfer vulnerabilities of a security website

Source: Internet
Author: User
Tags mx record


DNS region Transfer(DNS zone transfer)A backup server is used to refresh the data of its own server in its own zone database. This provides a certain degree of redundancy for the running DNS service, and aims to prevent the Primary Domain Name Server from affecting the resolution of the entire domain name when it becomes unavailable due to unexpected faults. Generally, the DNS region transfer operation is only necessary when there is a backup domain name DNS server in the network, but many DNS servers are mistakenly configured as long as a client sends a request, the other party will be provided with detailed information about a zone database. Therefore, allowing untrusted Internet users to perform the DNS zone transfer operation is one of the most serious consequences.


Hazards of regional transfer vulnerabilities: hackers can quickly identify all hosts in a specific zone, collect domain information, select attack targets, and find unused IP addresses, hackers can bypass network-based access control.


Check the regional transfer vulnerability of the target site in linux

Dig axfr @ @ soa dns domain name to be viewed

Detect the regional transfer vulnerability of the target site in windows


Both linux and windows systems can detect the region transfer vulnerability in the DNS used by the website. By executing commands, we can clearly see the domain name resolution information in the entire domain, this exposes the entire domain (A record and MX record ).


Solution: Region transfer is a common DNS function, and the vulnerability of region transfer cannot be solved. You can strictly limit the hosts that allow region transfer, for example, a primary DNS server should only allow it to perform the regional transfer function from the DNS server.

For bind software, you can use the allowe-transfer command to control it. It can be used as a parameter of the global option or zone option. We can

Use the address list as follows: allowe-transfer {; ;}; however, the address-Based Access Control List may be bypassed by some "determined" hackers. The best way is to use the TSIG key to strictly define the relationship of region transfer, as shown below allowe-transfer {key "dns1-slave1"; key "dns1-slave2 ";};

Note: This article demonstrates the principle of regional transfer and the dangers of regional transfer vulnerabilities by detecting the vulnerability in the target region, without further malicious attacks. When the blog post is completed, the website owner has been notified to fix the vulnerability. Do not detect the site vulnerability again. Otherwise, you will be at your own risk.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.