DNS Zone Transfer
So in all a windows based domain has two DNS server, the one which keeps information is known as primary DNS and the one who updates its information from it is known as secondary DNS.
*Active Directory: Active Directory is a scalable directory service that stores information about networking components, and makes this information easy for administrators and users to find and utilize. A directory is a listing of objects that uses a hierarchical structure to store information about objects such as users, groups, computers, and applications. This structure is often referred to as a tree, as it starts with a root and develops from there. Active Directory acts as the central authority for security, and it brings together various systems as well as management tasks.
Now question arises why 2 DNS?
So here’s the answer, windows 2000 is very much integrated with DNS (Domain Name System) and Active Directory heavily relies on DNS for finding objects in directory. Since DNS is used for providing name resolution to IP addresses windows 2000 domains has to be kept compatible with them.
Windows server manages a Dynamic DNS specially for providing services via Active Directory, this is done because services can manage them-self if they operate dynamically whereas a static DNS has to be managed and monitored manually. While static DNS will work, Dynamic DNS should be used to maximize the benefits of Active Directory. Data is replicated to each DNS server when Active Directory’s replication is used. Redundancy and fault tolerance can also be provided when other domain controllers are configured as DNS servers and make changes to the DNS information.
Now what is zone transfer?Zone transfer is a method via which a secondary DNS server tries to update its information from primary DNS. An attacker can fake out its computer as secondary DNS and can retrieve information from primary DNS. Even a simple nslookup command can reveal lot of important network information.
How to perform zone transfer manually?:
Open command and type following commands one by one,
>ls -a domain_name
Here I am listing out several tools that can be used for zone transfer but my choice is SuperScan.
Command Line Tools:
Graphical User Interface:
Counter Measures Against DNS Zone Transfer:
Configure the server to respond only to authorized IP address for zone transfer.
Add IP address that will be allowed for zone transfer.