Is there a domain known to have AXFR enabled?
Mar 17, 10:40am

There is a well-known domain intentionally left open for AXFR zone transfers for educational and testing purposes: zonetransfer.me. This domain is often used by security researchers and administrators to demonstrate how AXFR works and to test DNS zone transfer vulnerabilities. You can initiate an AXFR request against its name servers (nsztm1.digi.ninja and nsztm2.digi.ninja) to retrieve the entire zone file, as it is configured to allow such transfers without authentication.

Would you like instructions on how to perform an AXFR request against this domain?

Mar 17, 10:40am
How could I have guessed name servers `nsztm{1,2}.digi.ninja` from `zonetransfer.me`?
Mar 17, 10:43am

To discover the name servers for a domain like zonetransfer.me, you can use standard DNS lookup tools such as dig, nslookup, or host. Here’s how you could have found the name servers nsztm1.digi.ninja and nsztm2.digi.ninja:

Using dig

Run the following command:

bash
dig +short ns zonetransfer.me

This will return the authoritative name servers for the domain, which in this case are nsztm1.digi.ninja and nsztm2.digi.ninja.

Using nslookup

You can also use:

bash
nslookup -type=ns zonetransfer.me

This will list the name servers responsible for the domain.

Using host

Alternatively:

bash
host -t ns zonetransfer.me

This command will also reveal the name servers.

These tools query the DNS system to retrieve the name server (NS) records for the domain, which are publicly available unless the domain owner has taken steps to obscure them. Once you have the name servers, you can attempt an AXFR request to see if zone transfers are allowed.

Would you like a step-by-step guide on how to perform an AXFR request using these name servers?

Mar 17, 10:43am

This is a shared conversation and may include unverified content that doesn't reflect Mistral AI's views. Login to resume chatting.