Open in app

Sign in

Write

Sign in

How DNS Works — DNS Zone Transfer

Raghuveer Singh Chouhan
6 min readSep 7, 2023

--

What is DNS;

Domain name system (DNS) is a protocol that translates a domain name, such as example.com, into an IP address such as 204.39.x.x .

Domain name server is used to store the mapping of domain names to IP addresses which can be used whenever users request loading of a webpage.

Terminologies used in DNS :

  1. IP Address : An Internet Protocol address (IP address) is a numerical label (IPv4 / IPv6) that is connected to a computer network that uses the Internet Protocol for communication.
  2. Domain Name: A domain name is a unique string (alphanumeric) that identifies a website or Internet resource.
  3. Subdomain: A subdomain is a piece of the domain that is added to the beginning of the domain name to separate the content of a specific function from the other functionalities of your website (blog.example.com).
  4. Top-Level Domain (TLD): Top Level Domain is the furthest portion in the domain name whose distribution is controlled by ICANN (Internet Corporation for Assigned Names and Numbers). Common examples include com, gov, org, io, net, etc.
  5. Fully Qualified Domain Name (FQDN): A fully qualified domain name is the absolute domain name that contains the complete location with each parent domain including top level domain (TLD) and not just the relative location (’blog.example.com’)
  6. Zone: A DNS Zone is a part of the DNS namespace that is controlled by a specific administrator or organization. A DNS zone is an administrative space which allows for more granular control of DNS components. For example, example.com with all its subdomains may be a zone. However, second.example.com may also be a separate zone.
  7. Zone File: A zone file is a plain text file stored in a DNS server that contains an actual representation of the zone and contains all the records for every domain within the zone. A zone file will contain the whole information for a domain:
    - SOA record, which indicates the start of authority.
    - A records for IPv4 addresses.
    - AAAA records for IPv6 addresses.
    - CNAME records for canonical records that indicate the canonical domain.
    - MX records for the receiving email servers for the domain.
    - TXT records for various verification methods
    - SRV records for services.
    - PTR for a reverse DNS lookup.
  8. DNS Master Zone : The DNS Master Zone (also known as DNS Primary Zone) is the part of the namespace to which you have the control to add and remove DNS records, and that way, you can manage your domain name. The DNS Master Zone permits read and write. It is located inside a Master authoritative nameserver.

For better security, availability, and redundancy in general, you will need DNS Slave Zones (DNS Secondary Zones) inside Slave DNS servers (Secondary DNS). The Slave Zones are read-only copies of the original Master Zone.

How Does DNS Work?

When you search for domain names via the URL bar like example.com into a browser, DNS servers convert the names to their correct IP addresses. DNS clients are in-built into most computing devices, which enable web browsers to interact with these servers. Here is how it works:

  • A user enter the URL address in the browser.
  • The web browser asks the operating system on the device which further asks the DNS resolver to respond with an IP address or an error. The DNS resolver is generally provided by the ISP.
  • The DNS resolver checks the availability of the IP address for the queried domain name in DNS cache.
  • If the domain details are not present in cache, the resolver queries one of the root name servers.
  • The root name server send this query to TLD servers.
  • The resolver then queries one of the TLD name servers. TLDs can be generic (gTLDs) or country codes (ccTLDs) by government organizations.
  • The TLD name server searches the domain registrar and responds with the IP address of the authoritative name server (ANS) that contains mapping for the domain. Every domain is assigned ANS at the time of registration that gets updated in the registry.
  • The ANS provides the mapping to the correct IP address and the resolver sends the IP address to the operating system.
  • The browser then sends requests to the right IP address for making HTTP requests to fetch the web pages. It then caches the IP address for quick loading in the future.

DNS Zone Transfer

DNS zone transfers using the AXFR/IXFR protocol are the simplest mechanism to replicate DNS records across DNS servers. To avoid the need to edit information on multiple DNS servers, you can edit information on one server and use AXFR/IXFR to copy information to other servers. However, if you do not protect your servers, malicious parties may use AXFR to get information about all your hosts.

There are two types of zone transfer:

  • Full zone transfer (AXFR) — a complete zone transfer, where the Secondary DNS servers copy the whole zone file.
  • Partial zone transfer (IXFR) — In this case, the Secondary servers will check all the new changes that happened since their last update (deleted and added DNS records) and get only them.

To function correctly, the system needs to keep been updated. That could happen in two ways:

  • Push — The Master DNS server can propagate a zone transfer to the Secondary DNS servers.
  • Pull — The Secondary DNS server can check for changes inside the Master zone, and if they find any differences by comparing the SOA records, they can start a zone transfer.

Why Is DNS Zone Transfer Needed?

DNS is a critical service. If a DNS server for a zone is not working and cached information has expired, the domain is inaccessible to all services (web, mail, and more). Therefore, each zone should have at least two DNS servers. For more critical zones, there may be even more. However, a zone may be large and may require frequent changes. If you manually edit zone data on each server separately, it takes a lot of time and there is a a lot of potential for a mistake.

We can use different mechanisms for DNS zone transfer but the simplest one is AXFR , AXFR refers to the protocol used during a DNS zone transfer. It is a client-initiated request. Therefore, you can edit information on the primary DNS server and then use AXFR from the secondary DNS server to download the entire zone.

Initiating an AXFR zone-transfer request from a secondary server is as simple as using the following dig commands, where zonetransfer.me is the domain that we want to initiate a zone transfer for.

  1. First, we need to get the list of DNS servers for the domain:

$ dig zonetransfer.me -t ns

2. we can get initiate an AXFR request to get a copy of the zone from the primary server:

$ dig axfr zonetransfer.me @nsztm1.digi.ninja.

Watch a YouTube video for more information.

AXFR offers no authentication, so any client can ask a DNS server for a copy of the entire zone. This means that unless some kind of protection is introduced, an attacker can get a list of all hosts for a domain, which gives them a lot of potential attack vectors. In order to prevent this vulnerability from occurring, the DNS server should be configured to only allow zone transfers from trusted IP addresses.

Thanks for Reading …..

Follow me :

Bot2Root

Welcome to the Bot2root channel. Hacker gonna Hack!

www.youtube.com

https://www.linkedin.com/in/bot2root

Reference Link:

https://howdns.works/

https://www.verisign.com/en_US/website-presence/online/how-dns-works/index.xhtml?loc=en_US

What Is Dns
Dns Enumeration
Bug Bounty
Cybersecurity
Web Penetration Testing

--

--

Raghuveer Singh Chouhan

Written by Raghuveer Singh Chouhan

39 Followers

Cyber Security Engineer || Bug Bounty hunter || Security Researcher

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams