Zone transfers (AXFR) are DNS operations used to replicate DNS data from a primary to a secondary server. If improperly configured, attackers can request these transfers and retrieve valuable DNS information, including hostnames and IPs.
Correct Statements:
A: Zone transfers are DNS protocol operations.
C: They transfer the entire DNS zone file (records for the domain).
E: Zone transfers use TCP port 53. Blocking it can prevent unauthorized transfers.
From CEH v13 Courseware:
Module 3: Scanning Networks
Topic: DNS Enumeration → Zone Transfers
CEH v13 Study Guide states:
“A zone transfer is a mechanism used by DNS servers to replicate databases. It can be used by attackers to retrieve detailed DNS information if not properly restricted. Zone transfers occur over TCP port 53.”
Incorrect Statements:
B/D: nslookup is a query tool; it doesn’t perform or manage zone transfers.
F: Zone transfers can happen on the internet if DNS servers are misconfigured.
[Reference:CEH v13 Study Guide – Module 3: DNS Enumeration → Zone TransfersRFC 5936 – DNS Zone Transfer Protocol, , , ]
Submit