Zone Transfer Test
Test for DNS zone transfer (AXFR) vulnerability on all nameservers.
GET
/v1/zone-transfer
curl "https://dns.toolkitapi.io/v1/zone-transfer?domain=toolkitapi.io"
import httpx
resp = httpx.get(
"https://dns.toolkitapi.io/v1/zone-transfer?domain=toolkitapi.io",
)
print(resp.json())const resp = await fetch("https://dns.toolkitapi.io/v1/zone-transfer?domain=toolkitapi.io", {
});
const data = await resp.json();
console.log(data);# See curl example
Response
200 OK
{
"domain": "toolkitapi.io",
"nameservers_tested": 2,
"vulnerable": false,
"vulnerable_servers": [],
"results": [
{"nameserver": "a.iana-servers.net", "ip": "199.43.135.53", "vulnerable": false, "records_returned": 0, "error": "Transfer refused"},
{"nameserver": "b.iana-servers.net", "ip": "199.43.133.53", "vulnerable": false, "records_returned": 0, "error": "Transfer refused"}
],
"query_time_ms": 567.3
}Try It Live
Live Demo
Response
Description
Test for DNS zone transfer (AXFR) vulnerability on all nameservers.
How to Use
1
1. Pass the domain in the `domain` parameter. 2. Check `vulnerable` — if `true`, at least one nameserver allows unrestricted zone transfers. 3. Review `vulnerable_servers` for the specific nameservers that need to be secured.
About This Tool
Zone Transfer Test attempts a DNS zone transfer (AXFR) against all authoritative nameservers for a domain. Zone transfers should be restricted to authorized secondary nameservers — if one succeeds from an arbitrary client, it exposes the entire DNS zone contents, which is a significant security risk.
Why Use This Tool
- Security audit — Check for zone transfer misconfiguration
- Penetration testing — Test DNS security as part of a broader assessment
- Compliance — Verify zone transfers are restricted per best practices
- DNS hardening — Identify nameservers that need ACL configuration
Frequently Asked Questions
Is zone transfer testing legal?
Zone transfer testing against domains you own or have authorization to test is standard security practice. Testing third-party domains without permission may violate terms of service.
What happens if a transfer succeeds?
The API reports the number of records returned but does not expose the actual zone contents.
Start using Zone Transfer Test now
Get your free API key and make your first request in under a minute.