{
	"id": "84762622-1399-4366-b22b-4f0ce5cf9ae3",
	"created_at": "2026-04-06T00:07:33.803612Z",
	"updated_at": "2026-04-10T03:20:16.276102Z",
	"deleted_at": null,
	"sha1_hash": "573325a9bd81c9b4c640c840b459d6ab513cdb21",
	"title": "DNS Zone Transfer AXFR Requests May Leak Domain Information | CISA",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41718,
	"plain_text": "DNS Zone Transfer AXFR Requests May Leak Domain\r\nInformation | CISA\r\nPublished: 2016-09-29 · Archived: 2026-04-05 17:58:39 UTC\r\nSystems Affected\r\nMisconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range\r\n(AXFR) requests.\r\nOverview\r\nA remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly\r\nconfigured, the DNS server may respond with information about the requested zone, revealing internal network\r\nstructure and potentially sensitive information.\r\nAXFR is a protocol for “zone transfers” for replication of DNS data across multiple DNS servers. Unlike normal\r\nDNS queries that require the user to know some DNS information ahead of time, AXFR queries reveal resource\r\nrecords including subdomain names [1] . Because a zone transfer is a single query, it could be used by an\r\nadversary to efficiently obtain DNS data.  \r\nA well-known problem with DNS is that zone transfer requests can disclose domain information; for example, see\r\nCVE-1999-0532 and a 2002 CERT/CC white paper [2][3] . However, the issue has regained attention due to\r\nrecent Internet scans still showing a large number of misconfigured DNS servers. Open-source, tested scripts are\r\nnow available to scan for the possible exposure, increasing the likelihood of exploitation [4] .\r\nImpact\r\nA remote unauthenticated user may observe internal network structure, learning information useful for other\r\ndirected attacks.\r\nSolution\r\nConfigure your DNS server to respond only to zone transfer (AXFR) requests from known IP addresses. Many\r\nopen-source resources give instructions on reconfiguring your DNS server. For example, see this AXFR article\r\nfor information on testing and fixing the configuration of a BIND DNS server. US-CERT does not endorse or\r\nsupport any particular product or vendor.\r\nReferences\r\n[1] How the AXFR Protocol Works\r\n[3] Securing an Internet Name Server\r\nhttps://www.cisa.gov/news-events/alerts/2015/04/13/dns-zone-transfer-axfr-requests-may-leak-domain-information\r\nPage 1 of 2\n\n[4] Scanning Alexa's Top 1M for AXFR\r\nRevisions\r\nApril 13, 2015: Initial Release\r\nSource: https://www.cisa.gov/news-events/alerts/2015/04/13/dns-zone-transfer-axfr-requests-may-leak-domain-information\r\nhttps://www.cisa.gov/news-events/alerts/2015/04/13/dns-zone-transfer-axfr-requests-may-leak-domain-information\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.cisa.gov/news-events/alerts/2015/04/13/dns-zone-transfer-axfr-requests-may-leak-domain-information"
	],
	"report_names": [
		"dns-zone-transfer-axfr-requests-may-leak-domain-information"
	],
	"threat_actors": [],
	"ts_created_at": 1775434053,
	"ts_updated_at": 1775791216,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/573325a9bd81c9b4c640c840b459d6ab513cdb21.pdf",
		"text": "https://archive.orkl.eu/573325a9bd81c9b4c640c840b459d6ab513cdb21.txt",
		"img": "https://archive.orkl.eu/573325a9bd81c9b4c640c840b459d6ab513cdb21.jpg"
	}
}