Zone transfers (AXFR) are DNS operations that replicate zone data from a primary server to a secondary server. These can be abused during DNS enumeration if improperly secured.
CEH v13 recommends using the following tools for attempting or testing zone transfers:
A. NSLookup – supports AXFR using set type=any or set type=AXFR
C. Dig – dig @ns.example.com example.com AXFR
D. Sam Spade – GUI tool capable of DNS zone transfer
E. Host – command-line tool used for DNS lookups and AXFR
Incorrect Tools:
B. Finger – used for user enumeration, not DNS
F. Netcat – general-purpose networking tool, not specific to DNS
G. Neotrace – used for traceroute/path tracing, not DNS
[Reference:CEH v13 Study Guide – Module 3: DNS Enumeration → Tools for DNS Zone TransfersCEH v13 iLabs – DNS Enumeration using Dig, Host, and NSLookup, ======, , ]
Submit