DNS Zone Transfer Tutorial – Dig, Nslookup & Host

DNS Zone Transfer Tutorial

What is a zone transfer?

A zone transfer is the process of replicating/copying a DNS database/zone file from a primary DNS server to a secondary DNS server.

It’s corresponding DNS query/record is AXFR.


Why is this important or valuable?


The zone file contains all the DNS names that are defined for that particular DNS server.

The main issue or advantage depending on whether you see it as an attacker or a defender is that many DNS servers are misconfigured and as a result, the zone file can be replicated to unauthorized secondary DNS servers.


The zone file contains all the IP addresses of servers and hosts. As a result, this can be very useful for an attacker as they are able to find important info like the internal network of a domain or organization.


Tools we will be using

  • Host
  • Dig
  • Nslookup


Website: https://zonetransfer.me

Using Host

Finding name servers

Attempt zone transfer


If successful you will get the entire zone file that contains all the IP’s.


Using Dig

Finding name servers

  • Dig zonetransfer.me -t ns

Attempt zone transfer

  • Dig axfr zonetransfer.me @nsztml1.digi.ninja


Using Nslookup


Why nslookup – So that you can perform a zone transfer on Windows

Finding Name servers

  • Set type=ns, zonetransfer.me

Attempt zone transfer

  • Nslookup
  • Server nsztm1.digi.ninja
  • Set type=any  – Not specifying the records
  • Ls -d zonetransfer.me



Dnsrecon -d zonetransfer.me -t axfr

Liked it? Take a second to support Alexis on Patreon!
Share this post