Mark HuntThere has to be a better way, right? Brute force can’t be the best way to enumerate zones of subdomains. #pentesting #hacking #dns #zone #enumeration #hackthebox
Patrick Mevzek@thefreehunter AXFR are mostly everywhere blocked. They are not needed for normal operations anyway, so no reasons to have them open to public, especially if content of the zone can be considered PII. Some root-servers do allow it though, but that gives you only the list of TLDs, so not very exciting. I don't know of any TLD registry allowing AXFRs, but maybe there are some, voluntarily or not.
@pmevzek that’s good to know! I struggled getting through this HackTheBox challenge so it’s really comforting to know I likely wouldn’t get much use from this in the real world 😅
@thefreehunter Technically, even internally, lots of organization don't rely any more on AXFR or its successor IXFR to distribute DNS changes over a fleet of nameservers. Some out of bound processes are often used, even just rsync. Or the data is not even in DNS "format" but fed to each location from completely different sources, like a database. In short, AXFR is now more a museum artifact than anything useful in real life. (Also back to your screenshot you normally AXFR the zone apex...)