DNS zone transfers are not new and a general considered bad if misconfigured to allow transfers from anywhere. Zone transfers will disclose all DNS entries and corresponding IP address for a given DNS zone. This is great for all your other DNS server to keep records in sync, but not so good if you're trying to limit the visibility into your network by an attacker. There has been a lot of talk about this information gathering technique and a quick Google search will likely find better and fully detailed explanations.
I'd like to share a quick script I threw together today to test a zone transfers on a list of DNS servers. It is a simple BASH script that calls dig. You supply it with a domain and file containing IP addresses of DNS server.
Usage: dns_zone_xfr.sh DOMAIN FILE
You'll need to remove the .txt extension and chmod +x dns_zone_xfr.sh to run.
I ran into an issue when trying to install the latest version of tcpdump (4.2.0) with libpcap (1.2.0) on Debain recently. The error during the build process of tcpdump and looked like:
./print-ppi.c:16:17: error: ppi.h: No such file or directory ./print-ppi.c: In function âppi_header_printâ: ./print-ppi.c:23: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before â*â token ./print-ppi.c:23: error: âhdrâ undeclared (first use in this function) ...snip... make: *** [print-ppi.o] Error 1
To fix this issue I grabbed the ppi.h file from the tcpdump Github project and recompiled.
cd ./tcpdump-4.2.0 wget https://github.com/mcr/tcpdump/blob/master/ppi.h ./configure make && make install mv /usr/local/sbin/tcpdump /usr/sbin/tcpdump
tcpdump --version to verfiy the program was installed correctly.
A side note, remove the version of libpcap (0.8) that ships with Debian, otherwise tcpdump will complain during the build process. Simply apt-get remove libpcap0.8 then compile version 1.2.0 as normal.