Post

DNS

What is it?

DNS, or Domain Name System, is a decentralized and hierarchical system that is used to translate or resolve human-readable domain names, such as “www.example.com”, into numerical IP (Internet Protocol) addresses that computers use to locate and communicate with each other on the internet.

DNS operates much like an internet-based phone book. Without it, you would have to remember and type in an IP address like “192.168.0.1” to visit a website, instead of typing a user-friendly domain name like “www.example.com”.

When you type a domain name into your browser, your computer sends a query to a DNS server. If that server doesn’t have the domain-to-IP mapping in its cache, the query goes up and down the DNS hierarchy until it finds a server that does. The DNS server then responds to the original query with the IP address for that domain name, and your computer uses that IP address to connect to the desired website.

Querying DNS

1
2
nslookup <url>
dig -query=ANY <url>

Zone transfers

What is a zone transfer?

Zone transfers are processes where a DNS server shares information from its database with another DNS server. This mechanism is most commonly used to replicate DNS data across multiple servers, ensuring consistent information and high availability.

There are two types of zone transfers:

  1. AXFR (Full Zone Transfer): This type of transfer copies the entire DNS database from a master server to a secondary (slave) server. As it involves copying the whole zone file, AXFR is more bandwidth-consuming, and it may not be efficient for large zones or frequent updates.

  2. IXFR (Incremental Zone Transfer): Unlike AXFR, IXFR only transfers the changes made to the DNS database since the last transfer. It’s much more bandwidth-efficient when there are frequent, small changes to a DNS zone.

Attackers can potentially exploit unrestricted zone transfers to map a network’s infrastructure, potentially revealing information about hostnames, IP addresses, and other details. As such, it is important to restrict zone transfers to trusted DNS servers only.

Read more about zone transfers - https://digi.ninja/projects/zonetransferme.php

Exploitation

We check if DNS/port 53 is open.

1
2
3
4
# attempting a zone transfer
dig axfr @ip <domain>
# example
dig axfr @nsztm1.digi.ninja zonetransfer.me
This post is licensed under CC BY 4.0 by the author.