Which DNS tool can perform zone transfers on modern Linux distributions?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which DNS tool can perform zone transfers on modern Linux distributions?

Explanation:
Zone transfers pull an entire DNS zone from a server using AXFR (or IXFR). On modern Linux systems, DIG is the most straightforward tool for this because it directly supports AXFR queries. You’d use a command like dig @nameserver example.com AXFR to request the zone from that server. If the server permits transfers, you’ll see the full set of zone records; if not, you’ll get an access error such as REFUSED. While other utilities like NSLOOKUP or HOST can sometimes perform zone transfers in certain setups, their support is less consistent across current distributions, and BIND itself is the DNS server software rather than a client tool. DIG’s reliable AXFR capability makes it the best choice for zone transfer testing on modern Linux.

Zone transfers pull an entire DNS zone from a server using AXFR (or IXFR). On modern Linux systems, DIG is the most straightforward tool for this because it directly supports AXFR queries. You’d use a command like dig @nameserver example.com AXFR to request the zone from that server. If the server permits transfers, you’ll see the full set of zone records; if not, you’ll get an access error such as REFUSED. While other utilities like NSLOOKUP or HOST can sometimes perform zone transfers in certain setups, their support is less consistent across current distributions, and BIND itself is the DNS server software rather than a client tool. DIG’s reliable AXFR capability makes it the best choice for zone transfer testing on modern Linux.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy