Check for DNS zone transfer

Test Objective

Test if the authoritative nameservers are allowing zone transfers for the domains in scope.

Expected Result:

It a finding If zone transfers are possible (CVE-1999-0532OSVDB-492)
A listing of all records should be documented.

Tools:

Linux:

 host -la <domain> <nameserver>
 dig @<nameserver> <domain> axfr
 fierce -dns <domain>

Fierce will first determine the authoritative name servers for the specified domain.
Then it will try to perform a zone transfer on all name servers.
If the zone transfer fails it will start brute forcing DNS records based on the entries in the fierce\hosts.txt file.

Windows:

C:\> nslookup
> server <nameserver>
> set type=any
> ls -d <domainname>

References: