Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

DNS Zone Transfer AXFR Requests May Leak Domain Information

 

Systems Affected


Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests.

Threat Level


Medium


Overview


A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.


Description


AXFR is a protocol for zone transfers for replication of DNS data across multiple DNS servers. Unlike normal DNS queries that require the user to know some DNS information ahead of time, AXFR queries reveal resource records including subdomain names [1] (link is external). Because a zone transfer is a single query, it could be used by an adversary to efficiently obtain DNS data.

A well-known problem with DNS is that zone transfer requests can disclose domain information; for example, see CVE-1999-0532 and a 2002 CERT/CC white paper (link is external) [2][3] (link is external). However, the issue has regained attention due to recent Internet scans still showing a large number of misconfigured DNS servers. Open-source, tested scripts are now available to scan for the possible exposure, increasing the likelihood of exploitation [4].


Impact



Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


https://www.us-cert.gov/ncas/alerts/TA15-103A


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.