DNS transfer zone

DNS zone transfer is a type of DNS transaction. It is one of the many mechanisms available for administrators to replicate DNS databases across a set of DNS servers.


host -l example.com

-l lists all hosts in a domain, using AXFR

host -l -v -t any example.com

-v enables verbose output

-t specifies the query type



dig @ns1.example.com example.com axfr



python dnsrecon.py -d example.com -t axfr

dnsrecon home page – https://github.com/darkoperator/dnsrecon


When transfer zone fails, DNS reverse lookups and DNS brute-forcing will help you enumerate DNS entries.



./fierce.pl -dns example.com

fierce home page – http://ha.ckers.org/fierce/



./dnsenum.pl –enum -f dns.txt –update a -r wns-server.com

–enum Shortcut option equivalent to –threads 5 -s 20 -w

-f Read subdomains from file to perform brute force

–update Update the file specified with the -f switch with valid subdomains

a Update using all results

-r Recursion on subdomains, brute force all discovred subdomains that have an NS record

dnsenum home page – http://code.google.com/p/dnsenum/w/list



./dnsmap example.com -w wordlist_TLAs.txt

dnsmap home page – http://code.google.com/p/dnsmap/