[dns-operations] Whimsical AXFR behavior ?
marjorie at id3.net
Sun Jun 23 23:23:21 UTC 2013
Right now I am busy with another little project: it is a small search
In order to discover more possible hosts to scan I am doing zone
transfers from the name servers that still support the feature...
The syntax is like this: dig -t AXFR zone @nameserver
I have noticed the following:
1. Unsurprisingly, most NS no longer support AXFR, at least they do not
serve zone transfers to outsiders - that is certainly expected in 2013.
2. For a given zone, it's not unusual to experience differences in
behavior between the different NS. For example NS1.zone.tld may honor
the AXFR request while NS2,3,4,5... will deny the request. Not
surprising either, after all it should not be assumed that all the NS
have the same configuration or even the same software/versions. I am
also assuming that a NS that still allows AXFR is more an oversight or
the result of an old config than a deliberate choice ;-)
3. I know that the behavior can be dictated by ACLs - sometimes the AXFR
will be possible when the request was made from a certain IP range.
4. Now something more puzzling, I have noticed at least one NS that
exhibits some sort of random behavior: it typically denies AXFR at the
first attempt but after repeating the request five or seven times (more
or less) it finally releases the zone data as requested... some days it
is not in a good mood: after 20 tries it still says "No !" o:) So that
depends. I am really wondering what makes a NS behave like that ?
More information about the dns-operations