mdaxfr

Mass DNS AXFR

axfr dns dns-axfr dns-zones mass-dns zone-axfr

Go to file

Dionysus 8d0b01e7aa now storing AXFR responses in a directory containing the date to track changes in which dns servers allow AXFRs over time		2024-03-06 16:49:33 -05:00
extras	now storing AXFR responses in a directory containing the date to track changes in which dns servers allow AXFRs over time	2024-03-06 16:49:33 -05:00
LICENSE	Updated mirrors in README and LICENSE for 2024	2024-01-20 19:01:55 -05:00
README.md	now storing AXFR responses in a directory containing the date to track changes in which dns servers allow AXFRs over time	2024-03-06 16:49:33 -05:00
mdaxfr	now storing AXFR responses in a directory containing the date to track changes in which dns servers allow AXFRs over time	2024-03-06 16:49:33 -05:00
mdaxfr.py	Python version updated and debugged	2023-11-25 23:24:04 -05:00

README.md

Mass DNS AXFR (Zone Transfer)

Zone Transfer on all of the Root Nameservers and Top-level Domains (TLDs).

Expectations & Legalities

It is expected to set realistic expectations when using this tool. In contemporary network configurations, AXFR requests are typically restricted, reflecting best practices in DNS security. While many nameservers now disallow AXFR requests, there may still be occasional instances where configurations permit them. Always exercise due diligence and ensure ethical use.

Requirements

dnspython (pip install dnspython)

Usage

Argument	Description
`-c`, `--concurrency`	Maximum concurrent tasks.
`-o`, `--output`	Specify the output directory (default is axfrout).
`-t`, `--timeout`	DNS timeout (default: 30)

Information

I only wrote this to shit on this bozo who took a dead project & brought it back to life by making it even worse. Rather than making a pull request to give this bloke more credit in his "tenure" as a developer, I decided to just rewrite it all from scratch so people can fork off of clean code instead.

This repostiory also contains a pure POSIX version for portability, aswell as a script to do zone transfers on OpenNIC TLDs, a special ozones script for fetching a few obscure additional zones, and a domain axfr script to target a specific website.

Statistics, laughs, & further thinking...

As of my last scan in 2023, I was only able to AXFR the zones for 8 out of 1,456 root TLDs, with a few of them being zones that were already retrieved by acidvegas/czds, & 114 out of 7,977 TLDs in the Public suffix list. The addition scripts in this repository provide an additional 37 zone files.

For laughs, here is a one-liner mass zone axfr:

curl -s https://www.internic.net/domain/root.zone | awk '$4=="A" || $4=="AAAA" {print substr($1, 3) " " $5}' | sed 's/\.$//' | xargs -n2 sh -c 'dig AXFR "$0" "@$1"'

Note: Don't actually use this lol...

It is interesting to have seen this has worked on some "darknet" DNS servers...would maybe look into exploring collecting more zones for alterntive DNS routing. Some of that goes beyond an "AXFR" though...