Online Test of a zone transfer that will attempt to get all DNS records for a target domain. The zone transfer will be tested against all name servers (NS) for a domain.

Command dig axfr


Dig a NS and attempt a Zone Transfer

A zone transfer that is from an external IP address is used as part of an attackers reconnaissance phase. Usually, a zone transfer is a normal operation between primary and secondary DNS servers in order to synchronise the records for a domain. This is typically not something you want to be externally accessible. If an attacker can gather all your DNS records, they can use those to select targets for exploitation.

Whether an attacker or penetration tester, they will attempt to map the footprint of the organization to find areas of weakness to exploit. Usually, the information collected is host names, IP addresses, and IP network blocks that are related to the targeted organization. A successful zone transfer will make this mapping much easier.

Enter the target domain, such as example.com. The dig DNS tool, available on *nix based platforms, will then be used to enumerate all the authority Name Servers for the domain. Each Name Server is then checked remotely for a zone transfer of the target domain. Often, even though the primary name server blocks zone transfers, a secondary or tertiary system may not be configured to block these - hence the check of each name server.

The dig command will be executed as follows to attempt the zone transfer.

dig axfr example.com @ns1.example.com
dig axfr example.com @ns2.example.com

For more information or for a valid transfer mechanism to test head over to the site zonetransfer.me, DigiNinja a well known security researcher has made the domain zonetransfer.me available for testing and learning, so you can test the online zone transfer tool with the deliberately configured zone transfer capable domain.

Zone Transfer API

This API provides an easy way to grab the results of attempted zone transfers, and the full results of the transfer if it is successful. The output is in plain text and will include the results from the dig command against each of the name servers. Access the API using a web browser, curl or any common scripting language.

https://api.hackertarget.com/zonetransfer/?q=example.com

The API is simple to use and aims to be a quick reference tool; like all our IP Tools there is a limit of 100 queries per day or you can increase the daily quota with a Membership. For those who need to send more packets HackerTarget has Enterprise Plans.

Automated Security Vulnerability Scans.

Discover. Investigate. Learn.

Use Cases

Website Recon?

Fingerprint Web App
Technologies in Bulk

Whatweb / Wappalyzer

Remove limits with a full membership

More info available

Membership