Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
A DNS zone transfer is easy to perform and can quickly reveal IP addresses and hostnames to attackers, making this activity a common reconnaissance technique. While a DNS zone transfer typically does not negatively affect the network, this technique helps attackers discover hosts and take the next step in an attack campaign.
The system might change the risk score for this detection.
Kill Chain
Risk Score
37
When an attacker discovers DNS servers on a network, they can collect the hostnames and IP addresses stored on those DNS servers with a DNS zone transfer. A DNS zone represents a domain and contains DNS records and data. Zones help administrators manage a domain namespace across primary and secondary DNS servers. Any host can request a DNS zone transfer if the DNS server is configured to allow it. The attacker sends a specific type of DNS query (known as AXFR) to duplicate all the information stored in the DNS zone. With this information, the attacker has a list of network devices they can target in subsequent attacks.
Limit zone transfers only to specific IP addresses
Deploy DNS Transaction Signatures (TSIG) to verify the identities of primary and secondary DNS servers during a DNS zone transfer
