Zone transfer attacks are designed to overwhelm bandwidth and systems.

A single packet can request a zone transfer from a DNS server. A zone transfer sends the entire domain's information back to the requester, causing heavy traffic.

Hackers can:

  • contact hundreds of DNS servers on the Internet
  • request a zone transfer
  • spoof the victim's IP address as the requester
  • effectively saturate the single host, the router, and even the available bandwidth