Zone Transfers It is always worth requesting a zone transfer from each name server (see previous slide), as they can be very valuable: Provides many IPs for further investigation The names and CNAMEs give important clues as to the function of machines Sometimes contain personal machines (vanity names) and other far-flung normally hard-to-find boxes. Negligently administered nameservers often provide internal names, unreachable hosts behind the firewall, etc. Popular name servers (e.g. Bind) allow Zone Xfer by default