Blog

What does a DNS zone transfer do?

August 4, 2020 by Author

Table of Contents

1 What does a DNS zone transfer do?
2 Is a DNS zone transfer illegal?
3 How do you do a zone transfer?
4 What are the three types of Zone Transfers?
5 What is a zone transfer and how do you secure it?

What does a DNS zone transfer do?

Zone transfers are typically used to replicate DNS data across a number of DNS servers, or to back up DNS files. A user or server will perform a specific zone transfer request from a name server.

Is a DNS zone transfer illegal?

In most countries, including the United States, it IS ILLEGAL to attempt unauthorized zone transfers.

Why is zone transfer bad?

It’s worth stopping zone transfer attacks, as a copy of your DNS zone may reveal a lot of topological information about your internal network. In particular, if someone plans to subvert your DNS, by poisoning or spoofing it, for example, they’ll find having a copy of the real data very useful.

How do I secure DNS zone transfers?

In the DNS Manager, right-click the name of the DNS zone and click Properties. On the Zone Transfers tab, click Allow zone transfer. Select Only to the following servers. Click Edit, then in the IP addresses of the secondary servers list, enter the IP addresses of the servers you wish to specify.

How do you do a zone transfer?

Suggested Actions

In the DNS Manager, right-click the name of the DNS zone and click Properties.
On the Zone Transfers tab, click Allow zone transfer.
Select Only to the following servers.
Click Edit, then in the IP addresses of the secondary servers list, enter the IP addresses of the servers you wish to specify.

What are the three types of Zone Transfers?

There are three types of zone transfer to consider:

Full zone transfer.
Incremental zone transfer.
AD replication.

Why would you want to limit and regulate Zone Transfers?

The less information you provide to outsiders, the less they have to work with when attempting to gain unauthorized access to the network. One way to protect this information is by restricting DNS zone transfers. However, hackers can use zone transfers to gain valuable information.

How often does DNS zone transfer occur?

By default, the DNS service polls Active Directory for changes every 180 seconds (3 minutes). You can control this process by using the DsPollingInterval registry key or the dnscmd /dspollinginterval switch. The switch accepts values from 0 to 3,600 seconds.

What is a zone transfer and how do you secure it?

The process of replicating a zone file to multiple DNS servers is called zone transfer. Zone transfer is achieved by copying the zone file from one DNS server to a second DNS server. A master DNS server is the source of the zone information during a transfer.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.