During a penetration test, a tester runs 'dnsrecon -d example.com -t axfr' and receives a full list of DNS records. What does this indicate about the target's DNS configuration?
A successful axfr means the server is configured to allow zone transfers to unauthorized hosts.
Why this answer
The 'dnsrecon -d example.com -t axfr' command performs a DNS zone transfer (AXFR) request. Receiving a full list of DNS records indicates that the target DNS server is misconfigured to allow zone transfers from any host, which exposes the entire DNS zone data (including internal hostnames and IP addresses) to unauthorized parties. This is a critical information disclosure vulnerability.
Exam trap
The trap here is that candidates confuse 'authoritative' with 'vulnerable' — being authoritative is normal, but allowing unrestricted zone transfers is the misconfiguration; EC-Council often tests this by making option D sound correct because the server is authoritative, but the real issue is the lack of access control on the AXFR query.
How to eliminate wrong answers
Option A is wrong because DNSSEC (DNS Security Extensions) provides data integrity and authentication via digital signatures, but it does not control or prevent zone transfers; a server can have DNSSEC enabled and still allow unauthorized AXFR. Option B is wrong because recursive queries allow the DNS server to resolve queries for external domains on behalf of clients, which is a separate setting (often controlled by 'allow-recursion') and not directly related to zone transfer permissions. Option D is wrong because being authoritative for a domain means the server holds the official zone data for that domain, which is normal and expected; the security issue is not that it is authoritative, but that it allows zone transfers from any host without restriction.