A DNS zone transfer attack occurs when a misconfigured DNS server allows attackers to retrieve the entire DNS record set.
Zone transfer (Option A):
The command host -t axfr domain.com dnsl.domain.com requests an AXFR (authoritative transfer) of the DNS records.
This provides subdomains, email servers, and internal DNS records, which attackers can use for reconnaissance.
[Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "DNS Enumeration Techniques", Incorrect options:, Option B (Host enumeration): Host enumeration gathers information about a specific host, not the entire DNS zone., Option C (DNS poisoning): DNS poisoning modifies cache entries to redirect users. This is a different attack., Option D (DNS query): A standard DNS query retrieves a single record, not a full zone transfer., , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit