id: dns-zone-transfer-any

info:
  name: DNS Zone Transfer Allowed to Any Host
  author: songyaeji
  severity: high
  description: |
    DNS Zone Transfer configured with "allow-transfer { any; };" allowed unrestricted zone transfers.This exposed sensitive details like hostnames, network structure, and system data that attackers could use for reconnaissance and further attacks.
  reference:
    - https://isms.kisa.or.kr
  tags: linux,local,kisa,audit,compliance

self-contained: true

code:
  - engine:
      - bash
    source: |
      grep -E 'allow-transfer' /etc/named.conf 2>/dev/null || echo "no-allow-transfer"

    matchers:
      - type: regex
        part: code_1_response
        regex:
          - 'allow-transfer\s*\{\s*any;\s*\}'
# digest: 490a00463044022037476af6ea98c17d43d75d3cb57874705aeba154fd8e7ef8859748eafab0ebf702200a0d472b83fe677c4c703d4b82307a6c8b65f57418c549a3ad46b6cc13547206:922c64590222798bb761d5b6d8e72950