nerdexam
GIAC

GCIH · Question #659

What is the goal of the command sequence shown below? >nslookup >server [authoritative_server_IP_or_name] >set type=any >ls -d [target_domain]

The correct answer is B. Zone Transfer. The nslookup sequence that specifies an authoritative server and issues 'ls -d [domain]' is the classic interactive method for requesting a DNS zone transfer. A zone transfer (AXFR) retrieves all DNS resource records for the target domain from the authoritative name server.

Reconnaissance, Scanning, and Enumeration

Question

What is the goal of the command sequence shown below? >nslookup >server [authoritative_server_IP_or_name] >set type=any >ls -d [target_domain]

Options

  • AArp Spoofing
  • BZone Transfer
  • CDNS Cache Poisoning
  • DIP Spoofing

How the community answered

(54 responses)
  • A
    6% (3)
  • B
    85% (46)
  • C
    7% (4)
  • D
    2% (1)

Why each option

The nslookup sequence that specifies an authoritative server and issues 'ls -d [domain]' is the classic interactive method for requesting a DNS zone transfer. A zone transfer (AXFR) retrieves all DNS resource records for the target domain from the authoritative name server.

AArp Spoofing

ARP spoofing manipulates Layer 2 ARP cache entries to associate an attacker's MAC address with a legitimate IP address on a local network segment - it involves no DNS queries or nslookup commands whatsoever.

BZone TransferCorrect

The 'server' command in nslookup points queries at a specific authoritative name server, and 'ls -d [domain]' sends an AXFR (full zone transfer) request to that server. A successful response returns every DNS record in the zone - including A, MX, NS, CNAME, and TXT records - giving an attacker a comprehensive map of the target's internal and external hostname-to-IP mappings.

CDNS Cache Poisoning

DNS cache poisoning injects forged DNS responses into a resolver's cache to redirect traffic to a malicious host - it exploits the resolution process rather than directly querying an authoritative server with nslookup.

DIP Spoofing

IP spoofing involves crafting packets with a falsified source IP address at the network layer and has no relationship to DNS enumeration or the nslookup tool.

Concept tested: DNS zone transfer enumeration using nslookup AXFR

Source: https://datatracker.ietf.org/doc/html/rfc5936

Topics

#DNS zone transfer#nslookup#AXFR#DNS enumeration

Community Discussion

No community discussion yet for this question.

Full GCIH Practice