What it is
DNS zone transfer exposure occurs when a DNS server allows unauthorized zone transfer requests, enabling attackers to retrieve the full list of DNS records for a domain, including subdomains and internal infrastructure references.
Why it matters
An exposed zone transfer provides attackers with a complete map of your domain’s structure, making reconnaissance significantly easier. This information can be used to identify forgotten services, misconfigurations, or targets for further exploitation.
How to reduce risk
Restrict DNS zone transfers to trusted secondary DNS servers only and regularly review DNS configurations. External attack surface monitoring can help detect exposed zone transfers before they are leveraged.