Dig only able to do zone transfers when +nocookie flag is enabled

Teererai Marange

1/20/23, 4:15 AM

I am learning about DNS enumeration and I am working on a lab exercise at the moment. To do a zone transfer, I entered the following:

dig @10.83.185.5 example.com AXFR

the result is

;; global options: +cmd
; Transfer failed.

However, when I add the +nocookie flag ie:

dig @10.83.185.5 example.com AXFR +nocookie

The zone transfer is successful. While I know that +nocookie forces not sending cookies, what I want to know is why does sending cookies result in a blank response, and should I be checking both sending with and without cookies whenever I'm enumerating DNS servers?

Also, is there a way to disable cookies with nslookup?

0 + 0

domain-name-system

dig

nslookup

Patrick Mevzek

1/20/23, 4:41 AM

1) your case is very odd, it seems the server is not handling EDNS0 which means it is very old. What it is? You should look or ask someone at the logfiles of this server 2) `dig` is superior to `nslookup`, hence don't bother with `nslookup`.

Patrick Mevzek

1/20/23, 4:43 AM

Small nitpicks: "I'm enumerating DNS servers" is not exactly what you are doing. An `AXFR` query, if allowed by the server you are contacting, gives you back the full content of the zone, hence allows you enumerate all resource records existing in the zone (also please use `example.com` as a zone example and not something else, I have edited your question in that regard, see RFC2606 for details)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Dig only able to do zone transfers when +nocookie flag is enabled

TH: Dig สามารถถ่ายโอนโซนได้เมื่อเปิดใช้งานแฟล็ก +nocookie เท่านั้น

RO: Dig poate face transferuri de zonă numai atunci când +nocookie flag este activat

RU: Dig может выполнять передачу зоны только при включенном флаге + nocookie

VI: Dig chỉ có thể thực hiện chuyển vùng khi cờ +nocookie được bật

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.