0

I am learning about DNS enumeration and I am working on a lab exercise at the moment. To do a zone transfer, I entered the following:

dig @10.83.185.5 example.com AXFR

the result is

;; global options: +cmd
; Transfer failed.

However, when I add the +nocookie flag ie:

dig @10.83.185.5 example.com AXFR +nocookie

The zone transfer is successful. While I know that +nocookie forces not sending cookies, what I want to know is why does sending cookies result in a blank response, and should I be checking both sending with and without cookies whenever I'm enumerating DNS servers?

Also, is there a way to disable cookies with nslookup?

Patrick Mevzek
  • 9,921
  • 7
  • 32
  • 43
Teererai Marange
  • 115
  • 3
  • 1
    1) your case is very odd, it seems the server is not handling EDNS0 which means it is very old. What it is? You should look or ask someone at the logfiles of this server 2) `dig` is superior to `nslookup`, hence don't bother with `nslookup`. – Patrick Mevzek Sep 20 '21 at 04:41
  • 1
    Small nitpicks: "I'm enumerating DNS servers" is not exactly what you are doing. An `AXFR` query, if allowed by the server you are contacting, gives you back the full content of the zone, hence allows you enumerate all resource records existing in the zone (also please use `example.com` as a zone example and not something else, I have edited your question in that regard, see RFC2606 for details) – Patrick Mevzek Sep 20 '21 at 04:43

0 Answers0