Clean up and enhance enum_dns

[nixawk]

Related: 5824 and #5942. In order to collect dns records in a stable way, we review enum_dns. Please find issues, and report it here. Thanks !

msf auxiliary(enum_dns) > show options 

Module options (auxiliary/gather/enum_dns):

   Name         Current Setting    Required  Description
   ----         ---------------    --------  -----------
   DOMAIN                          yes       The target domain
   ENUM_A       true               yes       Enumerate DNS A record
   ENUM_AXFR    true               yes       Initiate a zone transfer against each NS record
   ENUM_BRT     false              yes       Brute force subdomains and hostnames via the supplied wordlist
   ENUM_CNAME   true               yes       Enumerate DNS CNAME record
   ENUM_MX      true               yes       Enumerate DNS MX record
   ENUM_NS      true               yes       Enumerate DNS NS record
   ENUM_RVL     false              yes       Reverse lookup a range of IP addresses
   ENUM_SOA     true               yes       Enumerate DNS SOA record
   ENUM_SRV     true               yes       Enumerate the most common SRV records
   ENUM_TLD     false              yes       Perform a TLD expansion by replacing the TLD with the IANA TLD list
   ENUM_TXT     true               yes       Enumerate DNS TXT record
   IPRANGE                         no        The target address range or CIDR identifier
   NS                              no        Specify the nameserver to use for queries (default is system DNS)
   STOP_WLDCRD  false              yes       Stops bruteforce enumeration if wildcard resolution is detected
   THREADS      1                  no        Threads for ENUM_BRT
   WORDLIST     /tmp/namelist.txt  no        Wordlist of subdomains

[nixawk]

Thanks so much.

[sempervictus]

@all3g: I think i PRed an updated version of this module, as well as a couple of shots at getting upstream acceptance of the Rex wrapped DNS code. You might find some useful pieces in that work, feel free to grab whatever you'd like, if i find the cycles i might take another stab at getting those merged.

[nixawk]

@sempervictus Could you share the pr here ? We are interested in it.

[jhart-r7]

@all3g, could you perhaps summarize the changes made here. I'm having a hard time telling if there is net-new functionality being introduced here or if it is all just code/style/etc cleanup or some combination in between. Either way is fine, but knowing that would help review and land this.

Also, could you perhaps show the output/usage before and after?

[nixawk]

1. review the code in order to run the module in a stable way. ex:

   #5816 - [-] Auxiliary failed: NoMethodError undefined methodheader' for nil:NilClass [#5824](https://github.com/rapid7/metasploit-framework/pull/5824) -[-] Auxiliary failed: TypeError can't dump IO`

2. Add a TIMEOUT option for slow dns response.
3. Remove ENUM_IPV6, ENUM_RVL, IPRANGE options
4. update switchdns function, and make code more cleaner
5. save results in files
6. check ruby code style

msf auxiliary(enum_dns) > show options 

Module options (auxiliary/gather/enum_dns):

   Name         Current Setting                                        Required  Description
   ----         ---------------                                        --------  -----------
   DOMAIN       metasploit.com                                         yes       The target domain
   ENUM_AXFR    false                                                  yes       Initiate a zone transfer against each NS record
   ENUM_BRT     false                                                  yes       Brute force subdomains and hostnames via the supplied wordlist
   ENUM_SRV     false                                                  yes       Enumerate the most common SRV records
   ENUM_STD     true                                                   yes       Enumerate standard record types (A,MX,NS,TXT and SOA)
   ENUM_TLD     false                                                  yes       Perform a TLD expansion by replacing the TLD with the IANA TLD list
   NS           223.5.5.5                                              no        Nameserver for query
   STOP_WLDCRD  false                                                  yes       Stops bruteforce enumeration if wildcard resolution is detected
   THREADS      1                                                      no        Threads for ENUM_BRT
   WORDLIST     /opt/metasploit-framework/data/wordlists/namelist.txt  no        Wordlist of subdomains

msf auxiliary(enum_dns) > run 

[!] dns wildcard is disable
[+] metasploit.com: A: 54.230.156.53 
[+] metasploit.com: A: 54.230.156.104 
[+] metasploit.com: A: 54.230.156.80 
[+] metasploit.com: A: 54.230.156.98 
[+] metasploit.com: A: 54.230.156.17 
[+] metasploit.com: A: 54.230.156.73 
[+] metasploit.com: A: 54.230.156.28 
[+] metasploit.com: A: 54.230.156.121 
[+] metasploit.com: NS: dell.ns.cloudflare.com.
[+] metasploit.com: NS: rick.ns.cloudflare.com.
[+] Saved file to: /home/notfound/.msf4/loot/20151218011504_default_54.230.124.54_ENUM_NS_330701.txt
W, [2015-12-18T01:15:13.796163 #1616]  WARN -- : Nameserver 223.5.5.5 not responding within UDP timeout, trying next one
F, [2015-12-18T01:15:13.796361 #1616] FATAL -- : No response from nameservers list: aborting
[+] metasploit.com: SOA: ns-290.awsdns-36.com.
[+] Saved file to: /home/notfound/.msf4/loot/20151218011519_default_54.230.124.25_ENUM_SOA_835607.txt
W, [2015-12-18T01:15:28.203038 #1616]  WARN -- : Nameserver 223.5.5.5 not responding within UDP timeout, trying next one
F, [2015-12-18T01:15:28.203296 #1616] FATAL -- : No response from nameservers list: aborting
[*] Auxiliary module execution completed
msf auxiliary(enum_dns) > services 

Services
========

host            port  proto  name  state  info
----            ----  -----  ----  -----  ----
173.245.58.94   53    udp    dns   open   nameserver
173.245.59.139  53    udp    dns   open   nameserver

msf auxiliary(enum_dns) > hosts 

Hosts
=====

address         mac  name            os_name  os_flavor  os_sp  purpose  info  comments
-------         ---  ----            -------  ---------  -----  -------  ----  --------
54.230.124.25                                                                  
54.230.124.54                                                                  
54.230.156.17        metasploit.com                                      A     
54.230.156.28        metasploit.com                                      A     
54.230.156.53        metasploit.com                                      A     
54.230.156.73        metasploit.com                                      A     
54.230.156.80        metasploit.com                                      A     
54.230.156.98        metasploit.com                                      A     
54.230.156.104       metasploit.com                                      A     
54.230.156.121       metasploit.com                                      A     
173.245.58.94        metasploit.com  Unknown                    device   NS    
173.245.59.139       metasploit.com  Unknown                    device   NS    
205.251.193.34                                                           SOA   

[jhart-r7]

Excellent, thank you. That will help me in landing this. I'll queue this up soon.

[nixawk]

OK, ^.^

[nixawk]

Thanks @jhart-r7 . I'll fixed them later.

[nixawk]

@jhart-r7 @bcook-r7 @sempervictus Please try it again.

[nixawk]

Let's set a invalid domain - dev:rapid7.com.

msf auxiliary(enum_dns) > set DOMAIN dev:rapid7.com
DOMAIN => dev:rapid7.com
msf auxiliary(enum_dns) > run 

[-] Query UNfNbwkcwhNeLekN.dev:rapid7.com DNS A - exception: Invalid domain name UNfNbwkcwhNeLekN.dev:rapid7.com
[-] Query dev:rapid7.com DNS A - exception: Invalid domain name dev:rapid7.com
[-] Query dev:rapid7.com DNS CNAME - exception: Invalid domain name dev:rapid7.com
[-] Query dev:rapid7.com DNS NS - exception: Invalid domain name dev:rapid7.com
[-] Query dev:rapid7.com DNS MX - exception: Invalid domain name dev:rapid7.com
[*] Auxiliary module execution completed

[jhart-r7]

Sorry for the delay on this -- I've been quite busy.

I had a chance to take the old enum_dns for a spin in an unrelated effort and am now familiar enough with its function and failures so testing/landing this should be simple at this point. Working on it now.

[nixawk]

ok, @jhart-r7

[sempervictus]

Took a quick look, some good changes, totally mauls my module/implementation in merge though. Old unmerged PRs which i personally think @devs should reconsider and get into upstream allow DNS to work via Rex (https://github.com/rapid7/metasploit-framework/pull/709) giving the masses pivot and proxy scanning (i believe the DNS_TCP piece was merged upstream), and then there's the threaded pull request which significantly speeds up DNS probes in a convenient in-framework module instead of importing others' outputs (https://github.com/rapid7/metasploit-framework/pull/852). When using RBX as the Ruby engine, this is a pretty major win in terms of scan performance.

Given the amount of code in all of these modules, i'd suggest getting Rex in line with what we have for DNS to aid functionality/evasion, creating a scanner library for DNS with all the methods in all of these methods. Implementing a threaded scanner with those methods similar to #852, and exposing all of that through the end-user module in framework. It should help people write quick and dirty scanners using the base methods without reproducing code left and right, and without the maintenance nightmare of this module (no offense intended Carlos).

[nixawk]

@jhart-r7 @wchen-r7 @wvu-r7 @bcook-r7 @sempervictus @darkoperator @all

1. enum_dns can finish what the following modules can do:

   • [x] auxiliary/gather/dns_bruteforce
   • [x] auxiliary/gather/dns_cache_scraper
   • [x] auxiliary/gather/dns_info
   • [x] auxiliary/gather/dns_reverse_lookup
   • [x] auxiliary/gather/dns_srv_enum

   I advise us to deprecate all of the above, and move auxiliary/gather/enum_dns to auxiliary/scanner/dns/dns_enum

2. @sempervictus has serval good ideas.
   • reconsider and get into upstream allow DNS to work via Rex (#709) giving the masses pivot and proxy scanning
   • creating a scanner library for DNS with all the methods in all of these methods.

[sempervictus]

Regarding deprecation, i'd be a bit careful simply removing all those modules as i'm sure i'm not the only one with reconnaissance RC scripts and plugins which utilize these. If we can "libify" the functionality from all of those modules, standardize, and re-expose it through a standard Msf::Core::Exploit::Dns API it would go a long way toward reducing repeat work and code.

Both of the PRs i referenced are quite heavily tested, though merging the threaded code with this PR is not a fun task.

[jhart-r7]

All good discussion, but at this point in this PR I'm going to try to avoid scope creep. As it is this has been open with ongoing work for longer than I'd like. The other two PRS (#709 and #852) are closed. While I see the potential value in them, if they are closed and there is no corresponding issue to track the TODO they are effectively lost. Please either re-open them or open issues to track the desired improvements.

Regarding deprecating those other modules, I echo the concern about deprecation but there is functionality in the framework to support deprecation so that users of the to-be-deprecated modules are given ample time to migrate to the new module. But, that said, I believe the need for deprecation existed prior to this PR. I'd consider that a separate effort worthy of its own PR/issue.

@all3g, I have a PR for you that fixes some issues I've reported to you as well as some I haven't. We still need to test this more.

[nixawk]

@jhart-r7 Thanks. I'll try to deprecate all of the related modules now.

[jhart-r7]

@all3g, IMO the deprecation should happen in a separate PR, if not one PR per deprecation. It is important that we ensure what we are deprecating is truly duplicated in the to-be-landed enum_dns.

[nixawk]

Thanks @jhart-r7 .

msf auxiliary(enum_dns) > run 

[*] querying DNS NS records for rapid7.com
[+] rapid7.com NS: ns-739.awsdns-28.net.
[+] rapid7.com NS: ns-439.awsdns-54.com.
[+] rapid7.com NS: ns-1653.awsdns-14.co.uk.
[+] rapid7.com NS: ns-1390.awsdns-45.org.
[*] Auxiliary module execution completed
msf auxiliary(enum_dns) > notes 
[*] Time: 2016-02-19 05:59:37 UTC Note: host=54.192.126.52 type=get_ns data=["ns-739.awsdns-28.net.", "ns-439.awsdns-54.com.", "ns-1653.awsdns-14.co.uk.", "ns-1390.awsdns-45.org."]

[nixawk]

@jhart-r7 If we use report_host, hosts can be used by others modules, ex: hosts -R.

[jhart-r7]

I understand that it can be used, but much of the valuable information that you would need to target that host (the name) is lost. IMO.

[darkoperator]

For DNSRecon import plugin I go a bit further on what I save in the DB, but this is outside of framework but could prove useful

https://github.com/darkoperator/dnsrecon/blob/master/msf_plugin/dnsr_import.rb https://github.com/darkoperator/dnsrecon/blob/master/msf_plugin/dnsr_import.rb

On Feb 19, 2016, at 11:49 AM, Jon Hart notifications@github.com wrote:

I understand that it can be used, but much of the valuable information that you would need to target that host (the name) is lost. IMO.

— Reply to this email directly or view it on GitHub https://github.com/rapid7/metasploit-framework/pull/6187#issuecomment-186269802.

[nixawk]

@darkoperator 's dnsr_import use report_host to save available addresses, and report_note to save dns XXX records/relations.

IMO, we should save all records in the database, and can access them quickly.

• hosts is more readable than notes.
• hosts is more easy to use than notes.

[jhart-r7]

If you can maintain all of the original information and original relationships among the data when storing it with a combination of report_host and report_note, and the end result is something that is useful as-is (IOW, we keep the original hostnames and/or IPs as returned by the target nameservers), then I'd say go for it. But, from what I've seen, and why I've removed the report_host calls from this module, the original names are lost and the IP used is what the local resolver (not the target nameserver) resolves.

[sempervictus]

I must have dealt with the new report_ functionality in my DNS module since it came after the threading work. I'll check that when I get back tonight and see if I can export a PR to this PR.

@Darkoperator: thanks, you lurker ;-). On Feb 21, 2016 7:41 PM, "Jon Hart" notifications@github.com wrote:

If you can maintain all of the original information and original relationships among the data when storing it with a combination of report_host and report_note, and the end result is something that is useful as-is (IOW, we keep the original hostnames and/or IPs as returned by the target nameservers), then I'd say go for it. But, from what I've seen, and why I've removed the report_host calls from this module, the original names are lost and the IP used is what the local resolver (not the target nameserver) resolves.

— Reply to this email directly or view it on GitHub https://github.com/rapid7/metasploit-framework/pull/6187#issuecomment-186953265 .

[nixawk]

Thanks @sempervictus. Please try ENUM_A with the following hosts.

Name:   www.imeta.com
Address: 192.124.249.8

Name:   www.backtrack-linux.org
Address: 192.124.249.8

• [x] Get DNS A records - www.imeta.com

msf auxiliary(enum_dns) > set DOMAIN www.imeta.com
DOMAIN => www.imeta.com
msf auxiliary(enum_dns) > run 
[*] Auxiliary module execution completed

msf auxiliary(enum_dns) > hosts 

Hosts
=====

address        mac  name           os_name  os_flavor  os_sp  purpose  info  comments
-------        ---  ----           -------  ---------  -----  -------  ----  --------
192.124.249.8       www.imeta.com                                            get_a

msf auxiliary(enum_dns) > notes 
[*] Time: 2016-02-22 10:04:22 UTC Note: host=192.124.249.8 type=get_a data={"www.imeta.com"=>["192.124.249.8"]}

• [x] Get DNS A records - www.backtrack-linux.org

msf auxiliary(enum_dns) > set DOMAIN www.backtrack-linux.org
DOMAIN => www.backtrack-linux.org
msf auxiliary(enum_dns) > run 
[*] Auxiliary module execution completed

• [ ] save domains with the same ip

When domains are the same and ips are different, report_host or report_note will update the record. hosts will only save latest record.

msf auxiliary(enum_dns) > hosts 

Hosts
=====

address        mac  name                     os_name  os_flavor  os_sp  purpose  info  comments
-------        ---  ----                     -------  ---------  -----  -------  ----  --------
192.124.249.8       www.backtrack-linux.org                                            get_a

msf auxiliary(enum_dns) > notes 
[*] Time: 2016-02-22 10:04:22 UTC Note: host=192.124.249.8 type=get_a data={"www.backtrack-linux.org"=>["192.124.249.8"]}

[nixawk]

@darkoperator dnsr_import save hosts ip addresses, but original information/relationships are lost.

I've read code of both report_host and report_note

# +:host+::         -- the host's ip address
# +:host+::       an IP address or a Host object to associate with this Note

If host must be only one ip address, report_note can be used to save all records with data option. @jhart-r7 @sempervictus @darkoperator Any good way for it?

[sempervictus]

I've written #6604 in the hopes of unifying all these modules and craziness into a coherent piece of the framework. For now, its just the Rex resolver and server components. Msf namespace will come next. Should be a drop-in for this module, just using our own resolver.

I'll start work on the Msf namespace this week, but meantime, since DNS is understood by many on this thread, could i ask you folks to review and throw some suggestions/PRs to my branch so we can get the underpinnings deployed as quick as possible? Top-down (from Msf level module to Rex components) isn't the greatest way to build framework since it forces us to do "non-standard" things down low in order to meet the calling convention or other idiosyncrasies from above, so i'm hoping to "meet halfway" in the Msf namespaces and simplify the DNS issues for future generations of users/contributors.

Thanks for getting the ball rolling on this.

[jhart-r7]

Thanks, @sempervictus. At this point my focus is on getting this module landed in its ~current form. I don't think #6604 and this will conflict and I'm hopeful that once #6604 is landed, this can be converted, but for now I'm pushing to get this landed

[jhart-r7]

@all3g, if you can show that report_note can maintain the data as we need it to, in particular that it doesn't automatically resolve hostnames to IPs (which may be an incorrect resolution depending on how it happens) and especially that it doesn't lose the hostnames, then that is great.

[nixawk]

@jhart-r7 @sempervictus @darkoperator Thanks, I've create save_note(target, type, records) function gather information:

• hostnames / its
• domains with same ip
• releationships

I've tested all options, and some options output as follow:

• [x] ENUM_A

Try different domains with the same ip, and repeat the action at serval times .

msf auxiliary(enum_dns) > set DOMAIN www.backtrack-linux.org
DOMAIN => www.backtrack-linux.org
msf auxiliary(enum_dns) > run
[*] Auxiliary module execution completed
msf auxiliary(enum_dns) > notes
[*] Time: 2016-02-25 13:20:52 UTC Note: host=192.124.249.8 type=get_a data={"www.backtrack-linux.org"=>["192.124.249.8"]}

msf auxiliary(enum_dns) > set DOMAIN www.imeta.com
DOMAIN => www.imeta.com
msf auxiliary(enum_dns) > notes
[*] Time: 2016-02-25 13:20:52 UTC Note: host=192.124.249.8 type=get_a data={"www.imeta.com"=>["192.124.249.8"], "www.backtrack-linux.org"=>["192.124.249.8"]}

• [x] ENUM_BRT

msf auxiliary(enum_dns) > set DOMAIN rapid7.com
msf auxiliary(enum_dns) > set ENUM_BRT true
msf auxiliary(enum_dns) > notes
[*] Time: 2016-02-25 13:58:22 UTC Note: host=54.225.155.68 type=dns_bruteforce data={"accounts.rapid7.com"=>["54.225.155.68"]}
[*] Time: 2016-02-25 13:59:51 UTC Note: host=208.118.227.50 type=dns_bruteforce data={"autodiscover.rapid7.com"=>["208.118.227.50"]}

• [x] ENUM_CNAME

msf auxiliary(enum_dns) > set DOMAIN www.baidu.com
DOMAIN => www.baidu.com
msf auxiliary(enum_dns) > set ENUM_CNAME true
ENUM_CNAME => true
msf auxiliary(enum_dns) > run

[*] querying DNS CNAME records for www.baidu.com
[+] www.baidu.com CNAME: www.a.shifen.com.
[*] Auxiliary module execution completed
msf auxiliary(enum_dns) > notes
[*] Time: 2016-02-25 14:02:29 UTC Note: host=61.135.169.125 type=get_cname data={"www.baidu.com"=>["www.a.shifen.com."]}

• [x] ENUM_MX / ENUM_NS

msf auxiliary(enum_dns) > run

[*] querying DNS NS records for rapid7.com
[+] rapid7.com NS: ns-739.awsdns-28.net.
[+] rapid7.com NS: ns-1390.awsdns-45.org.
[+] rapid7.com NS: ns-1653.awsdns-14.co.uk.
[+] rapid7.com NS: ns-439.awsdns-54.com.
[*] querying DNS MX records for rapid7.com
[+] rapid7.com MX: rapid7-com.mail.protection.outlook.com.
[*] Auxiliary module execution completed
msf auxiliary(enum_dns) > notes
[*] Time: 2016-02-25 14:04:16 UTC Note: host=54.192.126.52 type=get_ns data={"rapid7.com"=>["ns-739.awsdns-28.net.", "ns-1390.awsdns-45.org.", "ns-1653.awsdns-14.co.uk.", "ns-439.awsdns-54.com."]}
[*] Time: 2016-02-25 14:04:16 UTC Note: host=54.192.126.52 type=get_mx data={"rapid7.com"=>["rapid7-com.mail.protection.outlook.com."]}

• [x] IPRANGE

msf auxiliary(enum_dns) > set IPRANGE 8.8.8.4-8
IPRANGE => 8.8.8.4-8
msf auxiliary(enum_dns) > set ENUM_RVL true
ENUM_RVL => true
msf auxiliary(enum_dns) > run
[*] Auxiliary module execution completed
msf auxiliary(enum_dns) > notes
[*] Time: 2016-02-25 14:06:32 UTC Note: host=8.8.8.8 type=get_ptr data={"8.8.8.8"=>["google-public-dns-a.google.com."]}

please try it more.

[jhart-r7]

Thanks @all3g. The output looks good after a quick glance. I'm not entirely sure I understand the filter code you have in save_note, though.

[nixawk]

The execution flow of db_filter as follow:

• 1. translate domain to ip
• 2. check ip if exists in db
     • 2.1 ip in db
     • 2.1.1 type match
     • 2.1.1.1 domain in note data
     • 2.1.1.1 domain not in note data
     • 2.1.2 type dismatch
     • 2.2 ip not in db

If any good idea, please make it very strong.

[jhart-r7]

Thanks for clarifying.

AFAIK, the functionality you have put in db_filter is already in report_note or somewhere down the line. I believe it already does the resolution of name to IP (if necessary), the tracking by unique note type, etc.

The one difference I see between what your db_filter does and what report_note does is that yours will merge two report notes' data together if their types match and values are non-empty/nil. This is very different than how most modules work. I see the added benefit of keeping a running tally of all results for that name and records over all times the module has been run, but if you are not tracking the time when these records were added, taking actions based on this data could be a bad idea.

In other words, it is my understanding that a given note type for a particular host and/or endpoint only reflects the note data obtained from the last run, not historically over all runs, and simply calling report_note as you are in https://github.com/open-security/metasploit-framework/commit/dfff94a2439b9249f000e34133e0eb41b7933253, but with the addition of formatting data into a hash to retain the domain information and without the call to db_filter should be fine.

[nixawk]

@jhart-r7 @wchen-r7 @bcook-r7 Please check it again. Long time to merge.

msf auxiliary(enum_dns) > show options 

Module options (auxiliary/gather/enum_dns):

   Name         Current Setting                                                             Required  Description
   ----         ---------------                                                             --------  -----------
   DOMAIN       google.com                                                                  yes       The target domain
   ENUM_A       false                                                                       yes       Enumerate DNS A record
   ENUM_AXFR    false                                                                       yes       Initiate a zone transfer against each NS record
   ENUM_BRT     false                                                                       yes       Brute force subdomains and hostnames via the supplied wordlist
   ENUM_CNAME   false                                                                       yes       Enumerate DNS CNAME record
   ENUM_MX      true                                                                        yes       Enumerate DNS MX record
   ENUM_NS      false                                                                       yes       Enumerate DNS NS record
   ENUM_RVL     TRUE                                                                        yes       Reverse lookup a range of IP addresses
   ENUM_SOA     false                                                                       yes       Enumerate DNS SOA record
   ENUM_SRV     false                                                                       yes       Enumerate the most common SRV records
   ENUM_TLD     false                                                                       yes       Perform a TLD expansion by replacing the TLD with the IANA TLD list
   ENUM_TXT     false                                                                       yes       Enumerate DNS TXT record
   IPRANGE      8.8.8.0-10                                                                  no        The target address range or CIDR identifier
   NS                                                                                       no        Specify the nameserver to use for queries (default is system DNS)
   STOP_WLDCRD  false                                                                       yes       Stops bruteforce enumeration if wildcard resolution is detected
   THREADS      1                                                                           no        Threads for ENUM_BRT
   WORDLIST     /Users/Open-Security/Code/metasploit-framework/data/wordlists/namelist.txt  no        Wordlist of subdomains

msf auxiliary(enum_dns) > run 

[*] querying DNS MX records for google.com
[+] google.com MX: alt1.aspmx.l.google.com.
[+] google.com MX: aspmx.l.google.com.
[+] google.com MX: alt3.aspmx.l.google.com.
[+] google.com MX: alt2.aspmx.l.google.com.
[+] google.com MX: alt4.aspmx.l.google.com.
[+] 8.8.8.8: PTR: google-public-dns-a.google.com. 
[*] Auxiliary module execution completed
msf auxiliary(enum_dns) > notes 
[*] Time: 2016-04-06 10:42:51 UTC Note: host=37.61.54.158 type=get_mx data={"target"=>"google.com", "records"=>["alt1.aspmx.l.google.com.", "aspmx.l.google.com.", "alt3.aspmx.l.google.com.", "alt2.aspmx.l.google.com.", "alt4.aspmx.l.google.com."]}
[*] Time: 2016-04-06 10:43:27 UTC Note: host=8.8.8.8 type=get_ptr data={"target"=>"8.8.8.8", "records"=>["google-public-dns-a.google.com."]}

[jhart-r7]

Much better, @all3g. I'm super behind on PRs but have been working on this long enough that I want to push it through. Let me give this another test today/tomorrow and, fingers crossed, we can get it landed.

[jhart-r7]

Looks like @all3g is gone and has been replaced by @join-us. Odd to see that the name change updates history like that.

[nixawk]

A new name is given for team work, and it can be helpful. We want to make friends with more cool guys.

[jhart-r7]

@join-us and everyone else who has been involved in this, THANK YOU for your help and patience. I have now completed some minor cleanups and tested the module. Unfortunately my testing is a little limited in that I don't have a domain that truly exercises all of the code paths for the various enumerations that happen. Instead, I've tested this against zonetransfer.me (https://digi.ninja/projects/zonetransferme.php) as well as my personal domain. All of the results look better and more comprehensive than with the currently in-{{master}} version, however I cannot get the AXFR support to function properly or the reverse lookup functionality working either. Fortunately, both of these features seem equally broken (or at least complicated to use...) in the currently in-{{master}} version.

I'm going to propose that I land this as-is, with my cleanup, and file issues for the lingering problems. This is definitely the longest PR I've ever seen but the improvements are worth it so I'd rather see those ship now.

@bcook-r7 @wchen-r7 @join-us, is that OK with you?

[wchen-r7]

@jhart-r7 If the features are equally broken, then yeah I'd say that's probably okay to land as is and file the remaining issues.

[nixawk]

@jhart-r7 @wchen-r7 Actually, This is an issue in enum_axfr. We need to fixed something in def axfr.

msf auxiliary(enum_dns) > show options 

Module options (auxiliary/gather/enum_dns):

   Name         Current Setting                                                             Required  Description
   ----         ---------------                                                             --------  -----------
   DOMAIN       zonetransfer.me                                                             yes       The target domain
   ENUM_A       false                                                                       yes       Enumerate DNS A record
   ENUM_AXFR    true                                                                        yes       Initiate a zone transfer against each NS record
   ENUM_BRT     false                                                                       yes       Brute force subdomains and hostnames via the supplied wordlist
   ENUM_CNAME   false                                                                       yes       Enumerate DNS CNAME record
   ENUM_MX      false                                                                       yes       Enumerate DNS MX record
   ENUM_NS      false                                                                       yes       Enumerate DNS NS record
   ENUM_RVL     false                                                                       yes       Reverse lookup a range of IP addresses
   ENUM_SOA     false                                                                       yes       Enumerate DNS SOA record
   ENUM_SRV     false                                                                       yes       Enumerate the most common SRV records
   ENUM_TLD     false                                                                       yes       Perform a TLD expansion by replacing the TLD with the IANA TLD list
   ENUM_TXT     false                                                                       yes       Enumerate DNS TXT record
   IPRANGE                                                                                  no        The target address range or CIDR identifier
   NS           nsztm1.digi.ninja                                                           no        Specify the nameserver to use for queries (default is system DNS)
   STOP_WLDCRD  false                                                                       yes       Stops bruteforce enumeration if wildcard resolution is detected
   THREADS      1                                                                           no        Threads for ENUM_BRT
   WORDLIST     /Users/Open-Security/Code/metasploit-framework/data/wordlists/namelist.txt  no        Wordlist of subdomains

msf auxiliary(enum_dns) > run 

[*] querying DNS NS records for zonetransfer.me
[+] zonetransfer.me NS: nsztm2.digi.ninja.
[+] zonetransfer.me NS: nsztm1.digi.ninja.
[*] Attempting DNS AXFR for zonetransfer.me from nsztm2.digi.ninja.
W, [2016-04-09T11:06:45.084585 #62661]  WARN -- : AXFR query, switching to TCP
W, [2016-04-09T11:06:45.700824 #62661]  WARN -- : Error parsing axfr response: undefined method `+' for nil:NilClass
F, [2016-04-09T11:06:45.700965 #62661] FATAL -- : No response from nameservers list: aborting
[-] Query zonetransfer.me DNS AXFR - exception: NoResponseError
[*] Attempting DNS AXFR for zonetransfer.me from nsztm1.digi.ninja.
W, [2016-04-09T11:06:46.038579 #62661]  WARN -- : AXFR query, switching to TCP
W, [2016-04-09T11:06:47.640824 #62661]  WARN -- : Error parsing axfr response: undefined method `+' for nil:NilClass
F, [2016-04-09T11:06:47.641090 #62661] FATAL -- : No response from nameservers list: aborting
[-] Query zonetransfer.me DNS AXFR - exception: NoResponseError
[*] Auxiliary module execution completed

[nixawk]

Please check https://github.com/rapid7/metasploit-framework/blob/master/lib/net/dns/resolver.rb#L1034, we can get dns axfr response, but fail to parse it.

msf auxiliary(enum_dns) > run
[*] querying DNS NS records for zonetransfer.me
[+] zonetransfer.me NS: nsztm1.digi.ninja.
[+] zonetransfer.me NS: nsztm2.digi.ninja.
[*] Attempting DNS AXFR for zonetransfer.me from nsztm1.digi.ninja.
W, [2016-04-09T11:30:50.752647 #63334]  WARN -- : AXFR query, switching to TCP

From: /Users/Open-Security/Code/metasploit-framework/lib/net/dns/resolver.rb @ line 1035 Net::DNS::Resolver#axfr:

    1030:         self.old_send(method, packet, packet_data) do |ans|
    1031:           @logger.info "Received #{ans[0].size} bytes from #{ans[1][2]+":"+ans[1][1].to_s}"
    1032: 
    1033:           begin
    1034:             require 'pry'
 => 1035:             binding.pry
    1036: 
    1037:             return unless (response = Net::DNS::Packet.parse(ans[0],ans[1]))
    1038:             return if response.answer.empty?
    1039:             if response.answer[0].type == "SOA"
    1040:               soa += 1

[1] pry(#<Net::DNS::Resolver>)> ans
=> ["z\xAC\x84\x00\x00\x01\x00\x99\x00\x00\x00\x00\fzonetransfer\x02me\x00\x00\xFC\x00\x01\xC0\f\x00\x06\x00\x01\x00\x00\x1C \x00/\x06nsztm1\x04digi\x05ninja\x00\x05robin\xC04x\f\xC0c\x00\x02\xA3\x00\x00\x00\x03\x84\x00\x12u\x00\x00\x00\x0E\x10\xC0\f\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x06\b\x02\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\e4(\x8EF\x00?\xCC\xEEL\xE0}P\fz\xEAd\xC3\x88A\x89\xDB\xA8U \x83\xF6\x89\xF96\x0E\x96\xD0.\xB1\x00>\x0E\f\xEF\xB8\xB83L\x85XzM|\xC2H\xBA\xE2|\x9C\xCCP\x80UBS|\x939\xE4\xFF\x10\xC6\xCD\xF7\xC1X\v\xC9Uc\x01\x19ya\xEDl\xC9\x92\xF3\xC8\xD5\x94_\x9C;=\x96j\xB8\xC2w%t\xF9BBM\xD1\xAD\x04\x9A\xE2!\xCC\xC2\xE7a\x17*L6D)/\xDE\v](\xA5Z|\x11\xC0z\x00\x02\x00\x01\x00\x00\x1C \x00\x02\xC0-\xC0z\x00\x02\x00\x01\x00\x00\x1C \x00\t\x06nsztm2\xC04\xC0z\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x02\b\x02\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00O!g\x80\x196<\xC5\xB1\x80\x97:F\xD8\x02\x13\xF4a\x13I*yg\xF0\x85\x84\x81\xC4\\^\xCE\xEAE-\xE8\x83\x8Cw\x95^\x8F\x92Y\x9CO\xE7\x85\xEF\xC1\xF9;\x8EQB\x94\xD6}\x95\x13d/\x9A\x87\xCB\x14D\x96\x19G\xD4\x92H\xD6\x18\xEF\xA1\xDD\x1F\xC9\xCA\x8B\xA8)\xF1\\\x8A\xA4;5\x02\x92m\x8C\xC6\xBF\x0Epg\xF6\x8DSCQ\xC2\xCF\f\xEEW\x8Cx\x0E\\\"\xBD\xB5\x16\xD5T\xA2)\a\xDD\x9F\xE1\x06\xA5\xBA\\\xC1L\x00\x01\x00\x01\x00\x00\x1C \x00\x04\xD9\x93\xB1\x9D\xC1L\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x01\b\x02\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xBAz\fhC\xE2\xCA\x80+\xD3 \x16\x83\xF7(=\xB0\x0579\xDA\x02U\t[\x7F\xD0\xAE\xF2ey\xEA\xF9\xD1[\xC6-o\xDC+\xE5D\r\xC6K|+\xBA\xA5\xA4!\x80\x91\xD5u\xD1\xB8\xA7^9\xBDT\x1E\xDD\x04o\xA7\xB1\t\xA5H~IN\xDD_B7\x82x&9\xAE\a\x93_tK\x8B\xADqv9\x16\x16\x8D\xEF\x10J\x1DU\x81\x95\xAB\xD0i!\xD3\x83\xAD`\xFE+\x8BH\x1D%KX)\xFC0\fR\x90\xBE[1\xC2\v\x00\r\x00\x01\x00\x00\x01,\x00\x19\rCasio fx-700G\nWindows XP\xC2\v\x00.\x00\x01\x00\x00\x01,\x00\xA3\x00\r\b\x02\x00\x00\x01,V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00]\xE6\xEF\xAE\x9B\xFC\x9C!\xA7\xFF\xE8\x87\xAA\x895\xAD\xC2-L\xFA\x9C\xB2Ez\x8E\x92u\xA4*8Y\x86\xE7\xA8\x1C\x8B\xBA[s\xCA\x05\xB1&\\\x95\xCF?\xB0$q*E\x06\x03\x8E\xA1\x9B\x94\xE7rR\x02\xA7\xD8Qg\xA9\xBDN\xF7i\n\x82\x17\a\x1E\xFA\f\x12\x1F\x89\x7F\x98\xBB\xD2\xDA\xED\xB9\xCAQ\xB3p-\x96w\x8B\x8Fk\xDA\xB8\xE0\x88\x11\xD6\xE3\x99\xAE\b\xC6\ap=\xA8J\"\x18-\x81g\x14\"uE\x87tkK\x03\xC2\xDF\x00\x0F\x00\x01\x00\x00\x1C \x00\x16\x00\x00\x05ASPMX\x01L\x06GOOGLE\x03COM\x00\xC2\xDF\x00\x0F\x00\x01\x00\x00\x1C \x00\t\x00\n\x04ALT1\xC3~\xC2\xDF\x00\x0F\x00\x01\x00\x00\x1C \x00\t\x00\n\x04ALT2\xC3~\xC2\xDF\x00\x0F\x00\x01\x00\x00\x1C \x00\x16\x00\x14\x06ASPMX2\nGOOGLEMAIL\xC3\x8D\xC2\xDF\x00\x0F\x00\x01\x00\x00\x1C \x00\v\x00\x14\x06ASPMX3\xC3\xD1\xC2\xDF\x00\x0F\x00\x01\x00\x00\x1C \x00\v\x00\x14\x06ASPMX4\xC3\xD1\xC2\xDF\x00\x0F\x00\x01\x00\x00\x1C \x00\v\x00\x14\x06ASPMX5\xC3\xD1\xC2\xDF\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x0F\b\x02\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x98\xF7\x8B]\xE9\t\xA4\xC9\xBD\at\x8E\xDFq8\xE8X\"KOr\xCAkh\x90\xB9\"O\x01\x97\r\xD5\b\xDEn\xE2\x1D\x97\xF9\xBED\xEE\x9A\xB8Ll\xAA\x8DB\xD9\x944`\xC0\x91W\x16P_\x9E\xDC\x06\xDB\x93g\xE2e\x06j\xD2\x10^K\x88\xD4%\x00\xCCWJ\xAA\xC1d\x9CjAG\x8B\xDF\x93\xDA\xAA\xD48\xCB\x03C\x8A\xEC\xBD\xAAi\x03W\x15~\x1E\xEC\x94a\xC7jN\xE7\x05\x15\xD8\xA0sx|\xDB@\xB9\xDA\xACY\x90\xC4A\x00\x10\x00\x01\x00\x00\x01-\x00EDgoogle-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA\xC4A\x00.\x00\x01\x00\x00\x01-\x00\xA3\x00\x10\b\x02\x00\x00\x01-V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\a\x180\x95\x84\x91\xC3\xBFe\xEE\xB4\xC8\xC7\xAD~\xAD\x18\xC9F0\xF7\xD0\xCF\xE9\vd\xECu\xE4i\xEB\xFFK\x8E\b\x1E(\xA3\xFC\x93\x88\xF0C\xC2\xFF\x929\xA8\x82/\x87\x9A\xBD\xB4\x16\xEB'\x98\x1A\xF90\xB1\xA3\xE8\xCBk\xECd\x91\xF7\x0E\xFBJ\xD1\x1C\xDB\xAF%m\xDD\xCB\x83\x038\xC3\xDA]\xF5\xBF\x1E\xF0:c\x93\xEF\\\xC40=6NF\x83\xC5\xCA\xCE\x16^\xDFPe\xF8\a\x97X\xD2w\b\v\x17\x88&\x19\x0E\xEDK\x8E\xF1\xC5A\x00/\x00\x01\x00\x00\x0E\x10\x00$\x04_sip\x04_tcp\fzonetransfer\x02me\x00\x00\ab\x05\x80\x00\x00\x03\x80\xC5\xE8\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x02\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x000Q\xC1F\")\x93^2\xB3sHo\xCD^\b\x89|\xADe\v40(\x90\xC7\x95RU\xE9\xC0\xEFN\x17\xC8\xD2\xB8S\xA0>\x81\xF2\xCD\xD0\x1D\xE4\xD7J{\x93\xBFB\xDB\x81\x16,\xCB\x053\xE8G\x8DF\xE4\xFC\xD0\xC0\xE6_\xDD\xCC\v\x12\xBF\xB7\xE5\xC1\xAC\xBE\xE8\xF0\xBB\xB63\x1Ff\x14\xF9\xB9\rG\xF6o:\xD6\x17\xF2\x13%3e\xB1\x8A\xF1\xB2\x10\xCF\x9Em\x93U\x9FE\xDC\xAC\xE27*\x98\xB7\xD5T7Hd\xD2\x19\xCB\xC6 \x000\x00\x01\x00\x00\x01,\x00\x88\x01\x00\x03\b\x03\x01\x00\x01\xD5\xDE\xAA\x18\xC9\x9C\xA1\xDC\xCDH\x9F\v\xDF\r\xCFl`\xDB\x13:\rw\xB4$A7t\xD7\xA7\x18\xDC\xA8\a%+\xC4m\xA6B\x86r\xEF\xC9v>\xC8cs\xF8\n\xC1\xC4\xE3k\x01\xCAx\x8F?h\xEDz\xC4\xFFg\e\x8A`+,\x9B,\xF2M\xF5{\xC9E^m\\Z$\xE3\xC86\f\xF6\xDE\xBBO\xD3<\xDA\x15`\x02\xEB1\xEA\xEE\xAB\x11F\xBF\xF6\xBFF(\xF3+\x1A\xDD\x13q*\x95\xED}\xD3\xAC\xE0\x9Dw\xF8\xDE\x19\v\xC6 \x000\x00\x01\x00\x00\x01,\x00\x88\x01\x00\x03\b\x03\x01\x00\x01\xD7y\xD1\xF1\xDA\xF7\x05J!\xFF\x7F\x82\x93\xA1\x17\x1D\xCD\x06\xAD\xF6Xj\xBFK)\x115L\x122s\xD4\xDC\xE3\xA4G5\x13(B\xFE\xCB\x17h\x01\e\xCB\xFE\x96\xD1\xFB\x9AJ\xDD`\x0EW;\v)\xDC\xB7\xFB\x17\x8B\xA9\xF2\vv\x065?I\xAC\x8DU\xD74\xDD\xA8\x98\x15~\x1E\xCD\x8B\x8A\x9E\xEAK\x84d`\x91\xE0\xF8\xEA\xBCEh\xB1\xA5\xE0\x92\x00\x9D\x7F\x0ED\x8B\x13m\aa\x88\xAA\xDB\xB6\xB4\xEE\x93D\xA1\xCF\x8E|\xD7\x9F\xC6 \x000\x00\x01\x00\x00\x01,\x01\b\x01\x01\x03\b\x03\x01\x00\x01\xE1K9\x15\xEC\x8B\x11\a\xD9\xFBf\xE6\x8A8U\x02:\xE8>\xB30\x1A\xDE\x8A|\xACM\xDCy\x8C\xE5`t\vNkr:/|\x9E\xEEU\xD9\x14\x96\xDD\x9C\xF6p\xD3\r\x1D\x7FcoY\xB2\a\x0F2\x02C\x16\xC9\x8Dt\xD4\x91k\x8D\xD3\v\x97\x9B\xD7\xFA\x04S\xFCU\xC3Z\xF2s\xE6\xD7\x81v\xFB\xAB\x9E\xF9\xC31\xC8\xC3\x97eo\xF8\xBE\xDD\x83W\x98l\x1F\xE9MY\fFU\xE4\xC5t(\x9FRV-\xB0\xF9h\xC6\xCAX\x114\xF9\xBE\x1A\xAE*?\xD55\xAA\xE2E\xE7\x17\xD34\xF3\xC8\xCE\xBB\x17\xE8+\t\x1F\x9CR\x8E\xF9\nvZE\xB5Y\e\xB8\b\x05\x0E\xFC\xDE\xD5N\xE6\xD1P\tBc\xAB\r\xF3;W\xFAy\n\x7F\xC6N+6\x8A\xC2+\xB0C\xAA+`Q\xBA]>\xE1a\n\xA9\x9C)V,\x16\xB1\x15\x88\xD6\xDA#\xF3d\xF6RG\x1F\xE9\xD0i\x80Rg\x1F\x9CZ\xB4\xCB=\x9Bd6\x9D\xDA\x86\xA67\x80\xBC\x00\xD1\x15 }\x86BZu\xC6 \x00.\x00\x01\x00\x00\x01,\x00\xA3\x000\b\x02\x00\x00\x01,V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00-b\x9B\xEF_kK\xAE\xAC\xE1\xBD\xD3\x87XB\xA8\xDD]b\xC2\x8C\xDA\x13S\x95*\a\x86\xDE\xCAJx#\xFB3\xDB]\xC9\x11Ba\x10\r\xCC\xE4\xD04\x0E\xEFY\xA7\xC6\xBF?Wx\x88\x1DL%\x13>x\xA1RY{\xFD\xD5\xBC\xD0r/q\xDD\xCF\xCF/%\xF5\xD5\x8C9v\x88\xF4\x99W\xD1\xFE4\xCB\xE8r\x85\x92k\xEE\xB7>)\xD1]\xD7\xDAJ\x9By\xC1\xF7|>\xD4k;G2\xF4\x06P}\x9796\xFC\xF1n\xF3\xC9\v\x00.\x00\x01\x00\x00\x01,\x01#\x000\b\x02\x00\x00\x01,V\xFB\xD6|V\xD4;l\xB9\xAA\fzonetransfer\x02me\x00\xCE\xB9\x9E!\xFDVv\xDB\xB0\xAD\x98\x1E%\x18'?\xA4\x8E,/\x8C^,8P\xA5\x04\xBD\xD0<n\x17p\xD6\xE1\xC4\x01_(\x9C\xC5\x8E\xC5\b\aX\xE5\xD5\xDF\xF9\xE9\xCChpM\xC2\xCC\xA0\xEE\x8D\xAA\xB5|u\x9C\xA3/\xB8`\xA3\xD3\xDA|@\x8DY\x12\t\x9A\xD1\x158\xB8]\xB8(\xAAw\x97\xD6\x15f\x9B\x8A\xA3+\xE5\xF1\xE4`\x80\xE8rx\xE8\xCF\x98\xB2j\xED\x80F\x12.\x9F\x85?\xB3(\n8\xF9\x15L\f\xCFR\e\xF2\xC2\xB3@\xA7{\xD2\xFA\x94\x82N\x93\xE1\xC9\xB5\xEE\xC9N:t\x82\xA4gE\xC0\x03\nk}\x1E3O[\xAD\xB1'\x9A~\xC2\xBC,i\x9F\xE1\x19&)\x95\xCE\xF2u\xE2\xCFb\xCAp\x16\xEB\x1E\xFDI3\xD3\xAF\xB8\xD4\xD8\xBAB5\xE5\x14\xB201Q\x85\xF4B\x9F\xE6BPmv\xAC\x9B\xD6:\x0EsV&\x88+\xFAa#\x99\xCDwo5\x82\x15\xAF\x16\xCE\x97o\xDF\xCC'w\xF7\x85j)\f\xE9?\x00\xB7\xA5n\xB3\xD0\xEE\xC5\xDE\x00!\x00\x01\x00\x006\xB0\x00\e\x00\x00\x00\x00\x13\xC4\x03www\fzonetransfer\x02me\x00\xC5\xDE\x00.\x00\x01\x00\x006\xB0\x00\xA3\x00!\b\x04\x00\x006\xB0V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xB6\xB9k\xCD=D\x182~#A\xB0\t\xC0\x92\xD4U=\x1C8\x91\xFB/M9]\xE0\xFA\xDC\xB2\x81\xE3\x94@2\x04\xE1\x8A\xFFQ;\xD3{\xF5\x04\x8D!\e\x96\xE3\x0E\xC0\x00\x0F\xB8\xC2\x05W\xD6\xA6r\e\eL\x12\xC8\xCF\eU\xB1\x98\x0F\xB1\xC2L\a\xCB\xC8\x03\x85\x15HS\xAA6\xCB\x8FlWu\xB8\e\x0F'\xD8\tb7\xFB\xFC\xBF!\x9D\x9D\xEB\xE8\xA0\xD7\xC5\xD3\xB3\x1Dhl\xFD\x18L)_\x7F\xA5_\x940\x1C\xD3~m\xC5\xDE\x00/\x00\x01\x00\x00\x0E\x10\x006\x03157\x03177\x03147\x03217\aIN-ADDR\x04ARPA\fzonetransfer\x02me\x00\x00\x06\x00\x00\x00\x00@\x03\xC5\xDE\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x04\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xCF\x1A\f\x94\xBD\xB5\xB8\xC2C6\xFEx\x96\b\x05m\xBAu\xDE\xAD4\xD5\x80*^\x86\xE6 `J\xC8\x94{~0\xF9\xBC\xB3l\xE7\x8B;\x9C\xE2\xDBL\xC7\x9E\xF6\xB8\xF3\xCF\xA7\xCC-J\xCD\xB1\xC3\xCA\x87\xE2(\xF4\xAF/H\xB8F+\xF4\x90n*yw\xFB\x87\x90\x84\xE3\xD0\xE5\xB5\xD7D\x19\xF3M\x19l\xCEZ\xA7<U\x12\x0E\xB4{\x1A^\xEC\xF9\x9Co\x19n\x9CJ\x86.\xBF~h\xED\xFB\xEC4\x80\x0E@\xDA\x81xA\xA1\x00\xCB\xAD\x00\f\x00\x01\x00\x00\x1C \x00\x02\xCA\xDD\xCB\xAD\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\f\b\b\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x004\xBB\xE8\xC5\xF6J\x9DW\x1A\xA7\xCE\xDFB\xCEv1\xA5\x15_v\"\xD2\x9C\x90\n\xB3\xC9\x0ECM\f\x85\xAF\a\xBF\r\x1F.\x9E5&m\xE1\xC2\e\xFE\x85 Ao\x06\xC3\xAF\xEC\xA1z\xCC\\\x1C\tpn\xA0iSW<Ja\xD6\xFF\x18\x8A\x86\xE6\xDD\xFC\x9E\xB4h\x1E\t |\xAExP\xC1\xF0\xA5\xB6%\xB5\xCC*H\xBE@\xD9(\x8C\xBB\x16\x04\xCB9*\xFEF9\xCFd\x0F\xDC2\xEE\x1C\xF5\v\t.\x06\x17\xCB+K\x85k\xCB\xAD\x00/\x00\x01\x00\x00\x0E\x10\x00&\fasfdbauthdns\fzonetransfer\x02me\x00\x00\x06\x00\b\x00\x00\x00\x03\xCB\xAD\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\b\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x8DM\x86\x9BKgci\xBE$_*\xD9\xC6\xBBSM\xC8\xE8u\x92\xB0,\xC6\x19\n\x18\x139Z\xFB\xB4\x1El\v=\x86\x8E\xBA>\x90\x10E\xD9\x8F)~J4\x86\x19%*)\xFB\x8Fvk\xFDB\x05?\xD6GHjP\b\x15K\xF5\x0E\xBA\xEBB\xCA\xB1\xEA\xA5\xE5V\x9E^\xF1\xB7\x1EB\xBA5l\xD7\xE3'\xE3\xC4e\x18\x1C\xDA\x9D0\xF3\x85\x1A\xF8\xE2\x1F\xF8\x9C\xD2md\xCD\xFF95\x81\x92\x99\xE9j@V\x9F\xF5\xBA\x11\xD2\xCD[\x00\x12\x00\x01\x00\x00\x1E\xDC\x00\x1C\x00\x01\basfdbbox\fzonetransfer\x02me\x00\xCD[\x00.\x00\x01\x00\x00\x1E\xDC\x00\xA3\x00\x12\b\x03\x00\x00\x1E\xDCV\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xA1\x9A\x1E\f\x18\xB9}\xF5\xB2\xBA\xF4nV\x12cZh]\xF3\xFEu\xBEP\xBD\x14u\x02w\xE7\xED\x1Ef\x9A\xFE\xF5\xF8\x96g\xCDr\v\xFC|'-\x00v\xF4\xFC\x02\x14G\x81\x9B`\xECG\xAF\x87\xAC\xAF\xAE\xC8P\x06I\xA3\xFA\xA0\fz\xC4\xC6\x15\x8B\xFA\xA9\x92\xB3\xB3\x01@\xDBe\x8B\xC3c\x82\x04\x8F\xCA\xA3G}\xADJ\xA6\x82\x86c\xBB\x01A8\xFA\xF7.\xAF#\xC6\xA0%\xF1\xDD\r\xD4\xE0\xA6\x8D\xAD\xF1DI\xA7\x17\x0Fp\xD6\xCD[\x00/\x00\x01\x00\x00\x0E\x10\x00\"\basfdbbox\fzonetransfer\x02me\x00\x00\x06\x00\x00 \x00\x00\x03\xCD[\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00Gb\xF2\xEF4 Y\xB7\x83S\xACDU6\xC9K\x98\x05&\xF2\x1C.\x13\x9ED\x17\xE2\xA3B\x00\xB9?\x17IB\x9BT\xC2\x19\\\x81\xD2J\xE3t):5d\e\xD8\xB9N\bU\x11\x8C\xAD\xBA\xF7\xB5\xAADs\t\xBF?<:\x7F\xC0\x02\xD1\x99W\xA2\x85\xB4\xFE\xA6\\\xB3\x87}\x82\xD3`(\x89\xE30F\xE8\x7F\xF1\x0E\x8E\xC0.^\xB5\xF89\xD7\xE9V\xEB\xAB\xC6v$\xCAa\x179Z\xAF\x8BiB\xC6\x84Y+ \xA7M\x85\xCF\x13\x00\x01\x00\x01\x00\x00\x1C \x00\x04\x7F\x00\x00\x01\xCF\x13\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x01\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00S\xAEQI4\x8E9\xD1\x17}\xAE\x8F\xCF\xBD\xF6!\xCAk\xC6\t\x17\xE2\x7F\xE5\xC6\xF9\xECr\xC3\aYG\xAAd\n[B\x0Fh5\xF0\xBD\x8B\x0E\xB4\xE8Hg\xAB2\xDD\xAE\xF13\xC4a\x86\xA5b\x8D\x16\xA5e\x95\xF2\xFBZU\xAA>v\x11W\xB1\xE8\t\r[T\x11\xA1\x91\xD3\x1Af\xA3\x15\x95\xFA/\xDB\x94\x15x\x9B'\xF1\x13\xBB\xFAG<\xC8\\\x1C\xE4\xBB\x10\fz\xF7\r\x93\xAC}x\x9B\xC3,`\v\x89s<\xF1>-\e\xCF\x13\x00/\x00\x01\x00\x00\x0E\x10\x00%\vasfdbvolume\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xCF\x13\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00t\x8D\x13\x15\xA6h\x82\xCAh\x95G\xCD\xB5\xB5\x17[\f\x93D\xA9\xF2\xBD`\xBE\t\e\x97\x84 \xAEW\xDF\xF9P\xD9\xA8$\a\xFEY\xE1R\x9D\xD3\xDC3Z\xD4jP&\xE0\xBFQ2\xDCk\xEAO\x93\xB5\xD4mn\xD6\xA1\xC1s\x97cT:PD\xEE\xF9\xF6\xE6\xCBO\xD2B\xB8\x0F\xC7qng\xD3:w\xD6\n\xCD\x98\xAF\xC6)\xBD\x04\xC7\xB3\xCC_\xD8\xC5f\xBE\xB8)v\xA8\x85~K\xF8t\x12\xC1\xDF\xB9\x1C\x83+}^^\xFC\xD0\xAF\x00\x12\x00\x01\x00\x00\x1Ex\x00\x1C\x00\x01\basfdbbox\fzonetransfer\x02me\x00\xD0\xAF\x00.\x00\x01\x00\x00\x1Ex\x00\xA3\x00\x12\b\x03\x00\x00\x1ExV\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00.\n\xB0\xBF5\xAB\xED\x83\xDC'\x81\xAFZ\xD3\x8C\xD0\x96\x8APnb\xBAM\x94\xB3\xD4\xD05\xCC\xCE\xCD\xBC(\x1D\x00\xBEl\xF6r\x8B\"\xD8\xE2\x7F\xC7\x81\xCB\x8Ck\xC8S\x02j\x9E\xE8Hy\xC3\x02\xFA\v\x96q\xF3L\xC5\xDD[p\xE4\x16Cj\xB2\xDB\xE9UF\xB6u\xB9\x9A\x01<\xCF+T\xB9\xA8\xDC\x80\x93Q\x8D\xAA\xAC_5\x8E\xA1\x1D\xF41\xAB\xBB\xBC\x0F\xB0\x1F\xA7\x9AgOX\xC3E\xE6\xC0\xCB\xAD\xD4\xD2\x93<\xBC\x00\x96\xC5\xD0\xAF\x00/\x00\x01\x00\x00\x0E\x10\x00)\x0Fcanberra-office\fzonetransfer\x02me\x00\x00\x06\x00\x00 \x00\x00\x03\xD0\xAF\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00W\x9D\xEC\v3\xEEy\xCF\xD1\xD4o\x13Y\f\x84#q\x94\xDB\xF4\x879D/\xF6w\x90\xF3\xAB\xCC^@b\x8FY/\xB3\xC2\x911mh\x97$\xAC\xB5\xD7\xA5\xB5<\xE9EtZ\xAE\xDE1\xABw\xB0Ra\x17\xCD\xD9\xAB\x97\xBDS\f\x18\xD7\xFA\xCC\x06q>\xFB\x9Aq\xCAR3\a\xC9\x93?\xBD\xC0o\"\x01\xA1\xAA-\xCD\xD1\x10U\xEA>\xCC\x81ahz\x1Dg\xE5\bwa\xD5z_\xA0Ob\xDC!\x0F\x82CU\xD4\xC4\xE4:\xD2f\x00\x01\x00\x01\x00\x00\x1C \x00\x04\xCA\x0EQ\xE6\xD2f\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x01\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x82\x19\x13\xEE\xD5\x04Y\xA6h\xFD\xE8Q\xB8`\x19\xFA5\xE6\xA4\x8ER\x82\xB9\xDE\x83\xFE)z\xD9%H{\xDB^\x0F%\xDE\xB3q\vV!j\xE7g\x99f+;\xE8\x18\xC0\xC3\x0F\x945\xB6\xEDWV\xA1\xE6\xB5\xD4\xBF\x96\xA1P\x8F\xF5DQ\x04M\xB1%+\xCC\xA1\xDB\xCD\xEC^\ti:%\xA9\xF4\xE8KVzf\x84\"\xC3I\xDE]!u\xC7\x05\xE9\xCE\xDF\x11l\xEA1\x94d\x9E\x9F\xC0M\xBA\nW\xE5kH\xF0\x97\x8A\x81$\xD2f\x00/\x00\x01\x00\x00\x0E\x10\x00!\acmdexec\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xD2f\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x92\xBF\x86\xBC\xAB,\x17\x9DN\xC47ewi*\xFE&\x16\x06\xBC)0\x84\xB9\x7F\x11\x1D&!\xFE\xDD\xAAx\xF4N=\xAD\xABT\x1D\xA0a\xD2e\x85\xCC\f\xE2\x84_\xC9\x81\x10{\xCE\x19l\xBD\xA11(\xE1\xA9R\x85\x90\xD3\xF1\x95A''?}\x81\xD2\xBD\x95K\xC8\xEF\xDB\x8E\xBE(\x0E\xA4!\xAE\x83\x95I(\xBD\xA5\x92\xE0\xFEFN-\xBA\xF37\xCA\xD3\xA9o]\t\x9D\x91W<\xB2\x8DZ\xFCO\xEF\f\x83O\xA6\x8Ar\xAA>\xD4\t\x00\x10\x00\x01\x00\x00\x01,\x00\x05\x04; ls\xD4\t\x00.\x00\x01\x00\x00\x01,\x00\xA3\x00\x10\b\x03\x00\x00\x01,V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xB7\xBA\x8AwL\x9B1`\xA0\xE4#_\x84\xF6\xFBy,_\xF4\xD3K\x01he=\x1FS\xD4n\xB4\xC18\xD08\xD80o\x98\xD3}\xBFAMe+\x18\xFES\xBB\x94\xC0\xBE\xC1\xB2\xC4\xB67\xF5\xB3\xC5\x9D+\xA9\x98\x19T\xC94p\x9B1\x98\xFAI\xEE\xAB\x15.\x10\xD6\xBA\x99\xA0\xA8\xFB\xFB\xCE\x90:\x00\xF5c\xB0\x1Eq\xC5\x16S[.\"\xEE2G\xDA\xD6\xC0\xA0\xD4\x02\xF8\x12\xEF\xF6\xBE3\xFE\xECN\xF0\xC6U3\x16c\x92\x18'\xD4\t\x00/\x00\x01\x00\x00\x0E\x10\x00!\acontact\fzonetransfer\x02me\x00\x00\x06\x00\x00\x80\x00\x00\x03\xD4\t\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x94\xE4{>t\x84z\xAB\xCC t\xBF\xA3+\x11\xE8\xF4\xBE\a:\x1D\xD8\xE19\x83\x1F\xBB\xA5V\x0F\xBBmx\x13\x12\x82N\x9D\x8Ea`\xBC\xC48&SRE\xA3\xAD\xE4\xC2\xFB\xFB\x9E\t\xE04\xA6G\xC3\xE6\x971\xAEYm\xE3%Q^n\xE4\xFB\x93%3\xC5\xE7*j\x00\xA0D\f\xD7\x91J\xFD\xE5\x92x\x19\x05\xF7?\xC3\xBA\xE9\x02\x84\xF6`j\x15\x892x\xD0\x91i \r\x02a!\xD6\xDD\xDF\xB7G\xD9\xF1\x9F\x14\x90\x8E\xF1\xD5\xA5\x00\x10\x00\x01\x00'\x8D\x00\x00dcRemember to call or email Pippa on +44 123 4567890 or pippa@zonetransfer.me when making DNS changes\xD5\xA5\x00.\x00\x01\x00'\x8D\x00\x00\xA3\x00\x10\b\x03\x00'\x8D\x00V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00rp8\xF0\xD5a\xB4\x9E\xBE\xFE\xC7\xDB4\xF3\x17\xFD'\a\xCD\x84|xhE#\x89\xE0HO\x05\\\x9F\xEDI\xA8\xEA\x8CI\x96\xDF\x02W\xDC\xA0\x88\xA6\x11O#F;\x83k\xE1\xE2\xFC-\xEF\x10m\xAD\xFAx\xE6\x94\x91A\xD2U\xDE\xEA\xBD\xAA\x11\xA3\xFB@PYL\x88\xCA\xAE8\xBC\xE0BF\xBD#\x9E}\xE1\xF6Z)\x8E%\xC5\xE6\xDC\xACX\xA6\xA3-,\xB9\x92\xE3\xCA\xA0\xE0\xEB]6KU\x82\x83\x83C\x00\x04F\xD8[_\xD5\xA5\x00/\x00\x01\x00\x00\x0E\x10\x00#\tdc-office\fzonetransfer\x02me\x00\x00\x06\x00\x00\x80\x00\x00\x03\xD5\xA5\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x95\xAE\x97\xF3+f(,45 e\xF2\xBA\xFA\xB8=\x11\x0FP6\x05\xAE4J03Z\xC9[\x11\xAC\v\b\xD2\e1\nx/\x1F\x1F\xC3\xE5\xE8d\xB3=X\xEF*6\x0E\xD0\xA9\x8C\xA7\x83\xCCL\xFD\xFE\xBB\xA2\xCC\"\xDAa\xC7\x80\xD6N\x85T\x1A\xB0\x8Bz\xE4R\xC3R\x00M\xAB\xA4]\x900\xB8\xD2\x17\xC0\x81\xDFG{&'\xAE\x89A9J\xB7\x8FeW\x16\xFC\xCB4QCd\x10\xB0U\xBF\x12\x01\xD5\xD8\xF4\xCF\xEBz\xCC\xD7\xA0\x00\x01\x00\x01\x00\x00\x1C \x00\x04\x8F\xE4\xB5\x84\xD7\xA0\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x01\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00+\x05\xC7\x8ES\xBE\x1C\xCE\x18j\xCD\xDCp\xFD\xD3\xD6\x00\xC4\xDFt\x0F}\xB7SMw\x83\xE7\xB1\x19F\x90\xE6\x10\x9D4|SZ\x8D\xD3\x05\\\x96\x17%\xB6\xF2\xB3>\x83{\xA9\xA2\xE9\xE7-\xEC`\x91b\xC2s\xB3r\x02\xB9\xFF%\x19\xC74\xA9\x88\xBB\x83\x16C\xABqpp~\xB9\xA25\xE7#\xCF3+\x11\xD5\xA9\x82\xE4\xF4\xF4a\xB4\xCF\xF6\x88[$d\"#\rg\xA3\xD6_\x92\xFCG4\xBA\x98*\xD0\xAD\x83'\xBE#\xD3S\xD7\xA0\x00/\x00\x01\x00\x00\x0E\x10\x00\"\bdeadbeef\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xD7\xA0\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x12\x9E\xD5\x83\x8D\x0EN\xCB\xBE\xFA\xBF\xA0\x05\xC1v3|+\x1A\"g\vl\x83\xBD\xFCw\x02F:\xF7\x8F>\xBFy\x94@\xB9KL\xF3\v\xA8Ll\x91_\xE5\x88?%\xAB4\x1E\x88\xD1\xB3\xD27}\xD0\x06\x0Ek\xC5y;\x02\x98\x81\x9FA=s\xF0Ly\xB5\xE6\x9F@\xC4[\xF7l\xE1\xBF\x82\b\x00\\\xB6\xF2\x80\xC7K\xB0QH<\x13\xCD1\x0E\xD1m\\x0\xDE\x9F\x17\xBB\xF0\xD2\xE2\xDC\xECI\x8C_,\xBB[S\x1A\x8D\xFF\xD9=\x00\x1C\x00\x01\x00\x00\x1C!\x00\x10\xDE\xAD\xBE\xAF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xD9=\x00.\x00\x01\x00\x00\x1C!\x00\xA3\x00\x1C\b\x03\x00\x00\x1C!V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00^c\xDE\xF2\x9E\x98\x1Ci-n\x1E]\xBD7\x9E\x92\xE5W_7\x19\xF2R\xB5bs\f\xDA$\xA5\x10\xFE\xC7\x1C\x87\xE1\xC3` \xDAj\xF7\x8B\xEA\x9B\xBA\xE7#\x14\xB7q\xBF\xD93d<\xE3\x13\xAA\xE1\x86\xEE?\xEC\xC5hF\x8C\x13\t7\e\xCC\xFD\xDA65\x93\x00]A\xFD\xC0\x04\xDB*\x9E\x8Fi\xC4\eX,Z\x02K\xD3\x88\xC4(?\x9D82\xDB\xEC\xAD\x9D?A\xC0\xC1\\\a={\xE2\xF4\xE3\xFA\x1C[!\xA64\x1E;\xB7\xD9=\x00/\x00\x01\x00\x00\x0E\x10\x00\x1C\x02dr\fzonetransfer\x02me\x00\x00\x06\x00\x00\x00\b\x00\x03\xD9=\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00;\xD6\x83,:\x19\x9EAZ\xE0\xD1j4\x17j\xA2\xC2\v\xF5n\x8E88\xE4?6\xBDw\xF7Y\xCA\x06l\x95\x029\x0E\n\xC71\xF68\x000\xE1\x9D\x8F\x1E\xAC\xF9\xA3\xEE\xF3\xD2\x1F(/\x03\xCF\x9D+ @\x8B4%\xF9\xC2\x03\x1CO\xA9\x7FC$e\x90\x80\xD0\x9A\x8AZ\xAE\xB2\x9F\x92\xDFogG;\xBD\x19~N1\x88\xD8\xB9j=\x02\xB0SK\xAD\xEF~\xD9\xC9S\r\xD2\x8D\x84\x15X\x9D\x88g\xED6v5MO\xDC(\xDA\xE5\x00\x1D\x00\x01\x00\x00\x01,\x00\x10\x00\x12\x16\x13\x8Br\x8C\xEE\x7F\xA5\xC4J\x00\x98\x96\x80\xDA\xE5\x00.\x00\x01\x00\x00\x01,\x00\xA3\x00\x1D\b\x03\x00\x00\x01,V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00G]\x18\x9A\xF9G&\xE4\xF4!m\x13\xED\x94\v\xDB\xD8\x9D\xE7\f\xD0\b\x87[q\xD5TB\xD8\r\x9A7\r\xC2\x9C?A\xD9fZ\xD0\xE8E\x8Ex\xBD\x8F\xC8\xC4\xC0.'\x1AN\x1D\xAER\x14|\xAE\xCFq}\xA6-\xC68e\x0EU\x9C2\xEF\x1F\x89\xD4;\x8D|R.\x85\r\xD71\x0E;\\\xE95\xB6\xDE\x9B1\xEA\xB4\xA6\x996\xF1\x91\x87\xB2\xEC'\b\x8C=\xE2J\xFA\xBB\xA8\xAF7\xB6\xFA\x02\x84\x14\xAA\xDF\xC0\xAA6\x93h\xCC\xDA\xE5\x00/\x00\x01\x00\x00\x0E\x10\x00\x1D\x03DZC\fzonetransfer\x02me\x00\x00\x06\x00\x00\x00\x04\x00\x03\xDA\xE5\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x19V8\xE0\xD4\x97\x8D7z\xE5[\xF5W\xA8\x8C\xD6\xC3\xB2\x8C\xAF\xE1\xBC\xC9\x05\xC7\xE9\xB7\x1C,\tI\xD2d_)\x1ET\xDB\v\xEF1\fV\xBFxv\x85Y\xD2\xB6W\xE0\xFFQ\x98\xD5\xA6?\x9E\xE4\x19\xE5y\xF8\xE6\x16\xF7)\x11Q\x95PeI\xD5\xCA\xD3] \xB3\xAA\xB4\x89O\xF0\x10\x97\xD7\xBB\xFD\xF6\x02u{5\xB6\xDF\xFA5\x89\x90\x1AJ\xE0\xE0\xC9\xC4\xCD\xF4\xE5\x10\x1D\xCE\xF8U\xDA\xC4W\xF1~\xA6>\x80\xF9\xA3\xB0\xF8\xDB\xDC\x87\x00\x10\x00\x01\x00\x00\x1C \x00\b\aAbCdEfG\xDC\x87\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x10\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xA49\xAE\xB4\xADS\xD6\xE0?+,\f\xA0\x94\x1530\xED\xE1\x97>A\xA9\xFC&v\x84+\xE7s\xB2N\xD7-\xF2\xA4\xC8I\t\xE02\xBD\xE5\x16\xAA\v\xB6<\x0Fe\x0E\x04~1H\xE8\xB3\xCF\xDFE\xF1M\xDB\x18t\xB7Q#\xB4\xE8\xC7\x8A~\xD5]\xF0y9\xEE\xCC\xB4B\x11\"\xC2\xB8%\x1D\xFEn\x82v\xD6\xCCd\xD1\xC5\x81S\xB7\xE3v\xE3\xF2\xB7\xB6\x84\xF3\xFEE[r8_\xE6\xFF\x14\x82\xA6\x9A\\j;L\x89\x8C\x13\x16\xDC\x87\x00/\x00\x01\x00\x00\x0E\x10\x00\x1F\x05email\fzonetransfer\x02me\x00\x00\x06\x00\x00\x80\x00\x00\x03\xDC\x87\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00#w\x91\xA6\xE5\x88P\xEE\xF6+\xD7\xDD\xA4\xA2\xBF\xDF\x89\xFD@8\x02Zh\xE7R\x8E\x8Bqh/L\x9C\xD5\r\xDA\x89\xFDL\x81\fq\x99\x86J\xFF\x10\x04z\xAE\xEA\xF5\xBB\xC5\xC8\x8F\xBF\xDC,\xB0\xEAm7\xF4\xCE%\xA1\x81\xB6\xB65#\xB8\xC5\x14\v\x8B\x9F\x13\x80{l4\xBA\xC3\xE4\xC0C{o\xC9\xE9\x18\xD9?\xEA\xA6]g@\xE6\xC1b\xDAK>\xD8$Zv\xB2\xC9l\x83\xAC\x8A\x1A\x81\xF5\x19\x90\xB9\xFC\x83f\xBB(e\xAF\xDE\"\x00\x01\x00\x01\x00\x00\x1C \x00\x04J}\xCE\x1A\xDE\"\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x01\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x7Fy\xAE\xA5\x8B\xB6\xBEV\x83\x19\x84\xC5\x12CFl\xFE\x16!\xEE\x1FDK\x03\xC8L\x9A$|\xC7\x8664\x03)\xA6V\xDAs\xCB\xC4\xFA\xDC\xBC\x01\xD3\xE0\xD8i\x92\xF2\x92C\xAF\xA4\xB9\xFA\xCF\xE9\x8D\xF5\xCA9\xA3\xEC/3\xF9\x1D0D\xAD/\xCB\n\xC7\x84g\x17)\a\xE0\xFA\f6\xC6\xF1\xBD<t\xA1\xF8\xE1\xDD#C\x81=\xD3\xD5\x9B\xDFd\x95\x8BH\x8A\xBE6\xCFL`\x050(>\xDCr\xA6\b>\x12A\xB7\x16\xFF\xA8h\xDE\"\x00#\x00\x01\x00\x00\b\xAE\x008\x00\x01\x00\x01\x01P\tE2U+email\x00\x05email\fzonetransfer\x02me\fzonetransfer\x02me\x00\xDE\"\x00.\x00\x01\x00\x00\b\xAE\x00\xA3\x00#\b\x03\x00\x00\b\xAEV\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00B\xD0\xF0\x80\xA1\xF4t\x1E\xF9Y\x90d\x82\x8A $\x13\x8A\xAAF|T\e\xB6<\x0FJ\x01\xA28Q@@I\x80\xC1'\xE5\xC9\xB5wn\xB2\x8D\x12:w\xB6\xB2KA\x10\x8B4\x05\xF2\xA6\xACoAg\xB8$\x96\x0F\xA3\x917c\x10\xB8h\\\x02\xFF\e[&\xE62\xE7=H\xFE\x98l\xCC\xD4\x15\x88\xDE\x04Hz}\x1Dz\x12\x1A\x12E\xD1\x96D\x96\xAD\xC7\xA4\x04]\xD7\xF7\xF3\xF7\xF1\xC2\xF7\xA1><\x92\xE2W\xB3%!YW\xDE\"\x00/\x00\x01\x00\x00\x0E\x10\x00\x1E\x04Info\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x10\x03\xDE\"\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\rg\x12\xECf\x02K\xC5lUD\xD9=\xFDI\x1E\x83*\x02\x83\x9E\xAAu\x03B\x8E\xB0\x8C\x81\x04q\xFB\x80\x03\x83\xA7\xCB\x05n\xBFe\x95,\xBC\xB5\x04\xAD\x96\x88\xFA\xED\x1A\xE9\xFCCB7\xC7\xE0\xA2s\xD5\xCEX\x9ANN\xD5\xEA3\xA2\xF2g78/D\xCE\xA7(\xBA\x87^'\x15\e!\xD2s\xC5M9C\xB1R\xD23\x8E\xB4-QS\xE0M\x9E\xCAV+\x1E|\aV@\r)\x18\xD5~\v\xEB~W\xB3^J3\x86p\xE0\xAE\x00\x10\x00\x01\x00\x00\x1C \x00\x8B\x8AZoneTransfer.me service provided by Robin Wood - robin@digi.ninja. See http://digi.ninja/projects/zonetransferme.php for more information.\xE0\xAE\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x10\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xC6\x80\xDC-\x8C;\xE6\xBD\x1A\\W\xF6\xD4\xA2\xB7\xBD\xE1C\x93\x84\xAB8w\xDE\xFD\x95\t]\xC9\x99 \x99\xA3x\x87\xC1\x03\x84dX1\xA4Ry&\x90\xE2\xBA\x98\xA6\xE5\xCC\xD5y#\xBFY)Zn\xD2\x01\xB5Z\xE2Y\x10\xF3?\xA4\xBA\x10R\xBE \xFC\xC6\x95\xD2\xEABP\x8C\xC4\x9A\x83\xB4\x81\xA95\xF7\x8BV\xE2&\xE6q\xE3\xC4\")WJ\xFC$e\xA6\xAF_\x9A\xBB\x84D\xDCy\xCC\x8A$\xD8\xE1\xE6B\xE8\x9A\xA8\x8A\x19x\xE0\xAE\x00/\x00\x01\x00\x00\x0E\x10\x00\"\binternal\fzonetransfer\x02me\x00\x00\x06\x00\x00\x80\x00\x00\x03\xE0\xAE\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x82\xF4B\xEE\xF6e\xD1*L\xDB\"C\xF7A\x00\xEE\xA9\xB3\xA8\x93\xC2j`$\x8D\xC5M\v\xDF\xDFJ\xF0\xC5=5\xDA\x1A>j\x17M\xB4\x8F.1\xD8*:m5e\x7FO\xC2v\xE2\f\xD9\f[a\xCB\a\x8E\x14\xD8\xC8sR\xD5L\x0E\xDC\xD5\xB3n\xD4\x89\x19\xFD\xF1G\xB9\xD9\x9B0\xD5~Z\x98O\x8BUp\x12W\xEA]\xE5\xB34yr\xAC\x11\xDB\xCE_m\xEA1\xD2\xDD#\x86\xE6]\n\xE1\x9A'\xEF\x0E\xC3\xC4\x93+\xE1\xE2\xCD\x00\x02\x00\x01\x00\x00\x01,\x00\t\x06intns1\xE3\r\xE2\xCD\x00\x02\x00\x01\x00\x00\x01,\x00\t\x06intns2\xE3\r\xE2\xCD\x00/\x00\x01\x00\x00\x0E\x10\x00 \x06intns1\fzonetransfer\x02me\x00\x00\x06 \x00\x00\x00\x00\x03\xE2\xCD\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xD0W9\rM\x9Aa*\xAB\x1Aw\xB5\xDB\xFC\xA3\xD7\xCF\xA6\x18k\x8F\xDF\xA5\xE9[na\xA3\xEC\x04L\x91\x8C\xAF\x16\xE1Ce7\xE4V\xC9t\xDE6n?\x8A\x87u\x8C\xD77l3\xEA\x97w\x91]\xBB\x8E\xC9\xA0\x91\xAF\x02\x95:\xBF\"l:\xD0)\xF4\xD2\xC9\xFA\xF7\fC\xFF7R3\xC7\x9F\x05-(\xFF\x88\xD3\xF0\xB1ah\xDA~\xFBK 0Z\xDEg\xA7[\xD9(@\xB6\xC8`\x02~o\xEDx\x8C\xE9\xAB\x83p&E\x87\xE3\xD4\x00\x01\x00\x01\x00\x00\x01,\x00\x04\xA7X*^\xE3\xD4\x00.\x00\x01\x00\x00\x01,\x00\xA3\x00\x01\b\x03\x00\x00\x01,V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xCB\xE5E2v\xCE8\xDC\r\x10\x15\x11Qd\xDD\xF4\xCF%\xC7\xE9\xD4z\xEF\x15}\x9E\xF8\xE8P\x8F.2\xFD0GQ#\x97\xD6\xCA\xF3\f\xDD\x00V.\x80\r\xC4\xE1\xAC\xBB:\x9F\xDEh\x11\xB7\a\x13\xCE\xB4\xA8\xC1\xBB\x14\xC9\b\x1A0]\x02\x0E\x8Fse\b\xA0e\x96\x98F\x9F3Z\xF9\x1A\xA7\a\xAB*\xFE\x04\xAB\xD7d\xC2vK\x85\xAA-NVe|!I+=\xCA\xEA\xAE$\nt\xE3\xECq\nl\xE2\xF8235\xCA9\xE3\xD4\x00/\x00\x01\x00\x00\x0E\x10\x00 \x06intns2\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xE3\xD4\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00=BH`\xB5\xAEq\v_SG\xA3\xEAfh\xF1+|\xE9\xF6:\x9A\xE0\xFF\xA33\x89\x8D\xED\x84=5\r\xA2M |\\\xCE\xAE.fR\x8B\t\xC7\xFE\x12)\xB1%\x8A\x0EX\xE9\x8F|\x96\xB4\x7F~\x910\xB2\xA2\xA4\xCA\x85j\xCC\xF8\x9B\xBE\xBE\xE8\xAF%Q\a\x8D\xF1\v\xB8<\t\xF4\xBB\xD0\xA6\xD5\xFC\xAB=\x1D7\xBE<\x0E\x19\x18)\xEF\xA9\xEA\xF0\x06\x93\x88\xF39\x05\xB1\fN:\xCA\a\x0F\xDF\xB4ow\t\xAC\x9B.\xAB\xA9\xE5n\x00\x01\x00\x01\x00\x00\x01,\x00\x04\xA7X*^\xE5n\x00.\x00\x01\x00\x00\x01,\x00\xA3\x00\x01\b\x03\x00\x00\x01,V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xB6\xF7\x13\xC5\xFBrA\xE7)\xA4\xD5\xC0(\xE1J\"\x97\x86sB\xA6\xC1\xD3\xD5z\xD1,2\xB1T\x05X\x04\xB7\xEC{97\xC9\x1C\x81\x19{K\x91\xF2{_:\xE0y]i3\xF1\xEDu\xFB\x81;\x8EUnR\x81\x96W`\x9D\x82\xB5?3\x93\xEFT@\xD2\x10p\xA2I\xC3\v\xE2\x15N\xCD\xA5\xD7\xD8\xFE\x05\xA5\xEE\x93\x13\x7F\xACfd\e\x93\xC93V \xAA\x03(\xFE{\xAC=\xB2_\xA4C\e'\xBE#?\x99\x8C>\xB2\xA9\xE5n\x00/\x00\x01\x00\x00\x0E\x10\x00 \x06office\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xE5n\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xAD\x96\x9A\x9C\x19\xCAgXL\xA4\xD9\x91 \xE5\xBFS\tv\xC0\xDEzW=R\a\xB9{\x0Fs~\xDE\xF8 5j}\x1DJh\xDCk\xF0\xB4\xB1n\x9Fk\xE5^L%\xB6\x84J\a\xA4g/{@}\xA5\xA57\xA0\xE1\x18\xF7\x02\xA61\xA5=\x11\x80U\xFE\xE8\f\x02\xC3H]H}V\xBB\x1D\xC00H-\xDB\x9C\x93\x8A\xC0\xFC\xC6\xB0\xA0W\xBA \x0Fq\xCD1\x1Ar'\x99\x86\xEB\f\xB8\xC9\x17<\x99\xC0xV\x1E\xFC\x15\x8E\xE3\xE7\b\x00\x01\x00\x01\x00\x00\x1C \x00\x04\x04\x17'\xFE\xE7\b\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x01\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00^\x90T\xF9~G\xB2$\xDC\xCF\xFE\xA2!\\\x8D\x9A\x10\xCB\xC6\xCF\xA61\xB35\x9E\x9B\xCB\x97\xBA\x8C\xF4\xF7\xE2\xD0\xA9\xD7\xFA\xBCk\xBA\x13\xBB\x82\xA3M\x19\x06^\xD2\x1E\n\xD6}\xCD<:d\x95\at\x98QYV\xDC\x9Eve\xF7\x84\x0F\xFA\x84.4\xF4\xE3\xBD.Md\x05\xC4\xE8\x98\x81,\x91\xF5'G8\xD2\x8C\xD0\xCD\xA8\x16\x0E\xC2\r\xA0\x1Fdt\xE5\x80\x9CUH\x18\xE3<])I\x19\xF2q\x92^\xB9\x8C\x87\x9E\x8Dn\xA5\xE7\b\x00/\x00\x01\x00\x00\x0E\x10\x00(\nipv6actnow\x03org\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xE7\b\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x00\xC5V\xD0B%\xE7\xA5pva=\xC2\x80bb\x11&K\x98j\x9Fe\x1A\x02ezP\xA3M\xF4V\xABg\xDF\xE9R\xFD\xE9\b\xA9\xC9\x90\x9A(\xCB\xFEs}$\xFC\xDABH\xE3\xF5\xAE\xF4-\xA5\xA4~%VXb%\xD2-b\x96*\xB5\x18\xAAUN\x00\xC0\xF8\x98_5\xDA\x8DD\xBEu\xB9\vg\xC3\xDA\xEE\xDA\x84Ln\xB1-\xA8-\xC4\x8AWl\x96\xEB\xD0\xEF\xEF\x8DJ\xAE\f\x03OP\x18d\xA5\xFB\x1D\xD9^9\x92n\xE8\xA2\x00\x1C\x00\x01\x00\x00\x1C \x00\x10 \x01\x06|\x02\xE8\x00\x11\x00\x00\x00\x00\xC1\x00\x132\xE8\xA2\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x1C\b\x04\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00>\xF1\x00\xE1\xC2\xA8}sd$t\xF8\x8A\xE8\x10\xA7`\xF0s\x7F\x90\xEC\xF3\xCCh\xB5>v\xA5q\x16)\xDB\x92\xC2\xC0\x162\x9A\xBC\x8E\x9A\xB4Z\xD1 b\xBFt\xE7\xBC)\x8F\xAD\xB1q;(\xE7\xA1\x9B\x9A\x1E\xA8\xF4\xF3\xB7E\xB3\xE2\xF0xT\xC3|\x8A`\x83G\x94\x9C\xFA\xF4\x89\x92\x85\xD7::L[I\rv\xC8\x92H\xCE\xD3G\xB2\xEA\xA3\xA31wi\xE7=\xDAy\xECl[\xB2\t\xCA\xF2>X\x05\x00t\xF9\x81\x14\x93\xAB\xE8\xA2\x00/\x00\x01\x00\x00\x0E\x10\x00\x1D\x03owa\fzonetransfer\x02me\x00\x00\x06\x00\x00\x00\b\x00\x03\xE8\xA2\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x04\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xAA\r\xA1\\\x86U\t$qo\xB9\xF0\x12L\r\xEBRM88\xDCj\xFC\x05\xDCQ\xAA\x93>\x909\xF4}\x7Fs\x95J\x86\x7F\x06\x954z\xD1\n\xE3TV#\xA3\x1DG\x84\xF0\x17\xBC(\x8E\x9A}$[\xB1h\xB6\xCC\x95\xFEI\xE3W\xEF\xDB\xAC\xA6\xAB;\xD6Ziy\x1A\xD7[\x13'No\f\x17\xFE8\n:\xAD}\xA1\xAB\xE9\x04f\x14\x8BR\xE0\xDB\xEF\x02\r](Bn\xE5\xD3\xB6o\x8C\xD4~\x83&<\xE8$\x01x\xCC\xEAP\x00\x01\x00\x01\x00\x00\x1C \x00\x04\xCF.\xC5 \xEAP\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x01\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xB3\xC9\xA6\x8A\x9A~B\x13\xDF\x12\x03\x1E\x1A\x9A\xB8:\xAD\xC0\xFE\xF0\x9D\xA2\x99V\xDAq&\x87\xDEC\x9E`\xFDuh\xFE\x99\xE4\f9\xD7[\x93\x16\xE3\xB3\r\xB8/Me\xA4\xF2\xA7\xC2(\x97\xAFx#\xD4\xC9\x05}[0X\xECGm>\r_z\xA7%^\xDC\xA5o\xBF\xEC,\x98\xA6\xBC\x97\xC7_Y\xD4\x19c\xF2 \x92|\xD0\xD8\x1D\xD9!3S\xCFz\xF5n\xF3w\x88\xCA\xCD\x91\xD7Y\xF7\xB3C\xCC\xE6\x94\xD2\xC9\xEE\xF2\xDB\xCF\xEAP\x00/\x00\x01\x00\x00\x0E\x10\x00#\trobinwood\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xEAP\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x9Ak\xB7W\x10\xD5\xE1\xBE\xCB>)\x9Ee&\xD0\xE0\x95\xDC%\xE7\xDB\xF0\x8F\xD1\xED\x7F\x9C\xB7\xFA\xCD1\x13*%\xD2_a\x1A\x84F\xAA\x1C>\x87L+\xBCH\xB1\x8F\x83\x86\xBER\x0FX \xF9\xCC\x1Fr\xCF=\xCE\xF7\xED\xDDkD\xDA*\xC7\xF4\xEA\xCD$haW\xCE\x0E\xB0\x05bA!>\xD7\xD0\xEA\r\xA63\x10\xBAM\x16\xEFu\x13\bY\xC2\xD0\v1_L\x10b\xF1\xBA\x065\f\xC0\x1A\x06\xD2O\xC9\xA1>\xDAO\xFC\xC8\xA6\xEB\xE7\x00\x10\x00\x01\x00\x00\x01.\x00\v\nRobin Wood\xEB\xE7\x00.\x00\x01\x00\x00\x01.\x00\xA3\x00\x10\b\x03\x00\x00\x01.V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\\\x80\xF6>\xE0\xAD\xFD\xE1\xFCQ+`8\xF2M\xA3\xBB\xB5\f\xC0;\x9C\xDD\x1C\x1EW\xFB\xF7!\xEC$h\xB5\xBB \xD7\xFC\xF3~\x85\ey\xA4\xBDe\xD3ik\x92\x06\x88\xCE\x19G\xA9\xFE@k\xE2\x18S\\V\xC3\x1E$j\xEF\xBC\xB7\x7F.\xE5\xDF\x8B>\xA5\x12\x84\xEF;\x8C\xF7\xF7\xD4\x18\x84\x87\xEF\xF7\xFAk\xA0\x9E\xAB\x1C\xF9\x1A\xD5\xB3\xB6\xF8a\\\xB6\xB75M\e\xE1\xA5\xC9\xADk\b#\xDC7(\xCCHF\x90y\xA0\xEA\x0F\xED\xEB\xE7\x00/\x00\x01\x00\x00\x0E\x10\x00\x1C\x02rp\fzonetransfer\x02me\x00\x00\x06\x00\x00\x80\x00\x00\x03\xEB\xE7\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00m\x02S\x9Cy\xB7\xD5p\xFB\x80\xC3\xE9\x8E\x19\xB9\xA0\x98h\xD7\x84\x8B\xB0\xD2)\x85|R\xE2sTen\xF4\xCCke\xE7\x06/\xD9\x91\x8Bq\x94G\xB5\x9B_o\xC5\xEA\xB4\x89\xC1m\r\xDA(. \x81\e\x11GU\xA3\xBB\xF9)\\\x89\xA7\xEB\xD35F\xC4\xD4\xDE\xDC\xEFC(\n\xE1+\x84H\x02\xB7\xC5\xB1E\xA6\r\x9E\x94\"\xEE\xDFUY\xB1Gi\xE7a\xA0\xBC`\x87\xC0\x1C\xCBW\xB5\xAEJ\xAD/WoY\x90\xF3D\bY\xED\x8B\x00\x11\x00\x01\x00\x00\x01A\x002\x05robin\fzonetransfer\x02me\x00\trobinwood\fzonetransfer\x02me\x00\xED\x8B\x00.\x00\x01\x00\x00\x01A\x00\xA3\x00\x11\b\x03\x00\x00\x01AV\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x9F\x1FC5\x9E`\xEC\t\xCCN\xEA\xB1\xA5\xB4\xE78\xA5\xA3\x93n(/\xEA*\t\x1F\x10\x13\xB5\xC4&\x88\x91\x110\\\x8E\e\x1F\x16x\x10\x82F\xD4\x80@\xF406\xF9J\x87\xBD\x1C\xC7\xA9I\xC8\xBD\x90g\xAC\b{\xC6\x1E\x1E\x9D_E\x89Z\xE3ZO\xF1\xE1v\x87S|\x9B\xCCY\xF8\x81k\xB0\xC6-\xFB\xDB\xB3\x7F\xE9\x8ErF(\x9F^\xA0m\xE7\\.-\xE1\xA9\xC5\xD9\x01\xA78\xE0\r*'\x99}\xC5\x97W\xA5<2^\xED\x8B\x00/\x00\x01\x00\x00\x0E\x10\x00\x1D\x03sip\fzonetransfer\x02me\x00\x00\x06\x00\x00@\x00\x00\x03\xED\x8B\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00oP\x8A\x1A'.\x8AL+\xD8\x8E\xDAO\x14k\x93\x98\xC6D\x12\x8C\"\xC5)\xC9\xBA\xFB\x1F\x97A\xAD\xEB\xCE8\x9Ad\xCDNHN+\xD92$.\xE7\xDBv\xC1\xA7\xE6\xB1'\x18\xAE\x11B.SQ9)\xD1\xC6\xB2'Q\xC2x\xF4\x14\x81\xE2X\x18\xB6M\xA1k={\xC4\xEC\x8EYI\xB1u_\x1A(\x84\xFAj\xF4\xF0\xD7l^\x9A\xBC\x86\"\x9A\xF9\x15\xA7\xE9!\xD8{(\xE5\xC7\x85L\x14\x18\xB2m\xDBn\x05$\xFF\xC0\xFA\xF4\xEFO\x00#\x00\x01\x00\x00\r\x05\x00;\x00\x02\x00\x03\x01P\aE2U+sip+!^.*$!sip:customer-service@zonetransfer.me!\x00\xEFO\x00.\x00\x01\x00\x00\r\x05\x00\xA3\x00#\b\x03\x00\x00\r\x05V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00D\xB5I\x1D\xB5)\x94X\xEB\x9C\x88\xD0\xE3\x13\x88}\xD8\x04\x82-A#d\xF5\x1C`\x92\xDB\xDD\xEBor\x91|\xF4\x919\xBB\xBE\nF4\x0FG\xE1\xDA$gK2\xD4\x13s\xF0\xBE>U\xC5\x85\x82~\x81\xEB\xA0\e\x11\xECB\xFD\xDF&\x9D\xEAq\xF3P\"E\xFF{\xB0 D\xFE0\xB2p\xBCp\xB4\x8C\x90lD\xA7\x83&_)\x13'M\xFD\x94\x12\x93\xC4\xC2\xBB\xDE\x90\r\xF0\x9F`\xD1\x10=\"d\x9B\xFF\xCD\x15\xF4L\xFA\xF0\xEFO\x00/\x00\x01\x00\x00\x0E\x10\x00\x1E\x04sqli\fzonetransfer\x02me\x00\x00\x06\x00\x00\x00\x00\x10\x03\xEFO\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\v\xE5\x88E\xE1*\v;\xCE\xB3qjU\x85\xDF$\xDF\xD9\xB3\xC0\x16}@\xABy\xB4\x9C\x7F\x94\xB2\x00:\x16j~>k\xD3\xEB\x1Dr\xFA@]\xDB\xD4o\xE30\r\xB4w<\xAB\xEB\xBFh\x95F\x88|\xD9n\x01\x03\xF6\x12\xAF\x11c\x1A\x0F!\xD4\x9F\xC3m\xA9\x01k\xA8l\x17\x95\xEF\x89\x91\xB1\x10e\xF2#1\x9BJJ\xBB/Q:\x9E\x02\x02\xD5~\x03\xF4\xAEi@\x9F\bJN\xE3\x9BFo\xBE\x9FX\eZh\xB8\xEA\xBFp\xF1\x1D\x00\x10\x00\x01\x00\x00\x01,\x00\f\v' or 1=1 --\xF1\x1D\x00.\x00\x01\x00\x00\x01,\x00\xA3\x00\x10\b\x03\x00\x00\x01,V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x97\x0F:\xBD\xFEF\xC4U\x17\xA4\x97\xA3\xA9\x8D\ba\x8D\x98\x9Dh\xB6|\xEBn\x88\x90\x84\x14\xC2\xB7\xF2\x93\x19^\b\xA3\xD5\xFDC\x17\xD8\x99S\xC0\xBD\xA8\xD3\xD6\xF2\x7F\x94\x1C\x8B\xFD94\x15N={\xE5!\xA2\xBC\xB2t\xBC\xCCpKvd[\xBB\xAF\xC0'\xE69\xAA\xCC\x99\x8F\xD5-\xB0\v\x84\xB4\xAA\xC7\n\x91^\x92/\x05\x02G%\xEB_\xD5\x8E\xAC\xC5P\xD8\xBD1\t\xF9\xCFc\x1EI`d76?s\xCA\xF0\x1E7\x01\xD9\xF1\x1D\x00/\x00\x01\x00\x00\x0E\x10\x00 \x06sshock\fzonetransfer\x02me\x00\x00\x06\x00\x00\x80\x00\x00\x03\xF1\x1D\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xA3[ \x8A\xB77\xB6\xF6\xAD\xDE*/\xCD\xBC\xF4,\xF2\x0Ea\xA0-\xB0\xFB\x03\xB0\x1E\xC7\xC1\x7F\t\x949\xECTC\xBA'\xB4\x90\f\xC8\xF1\x86V\xFE\xE5\e\x8DS\xA8\xDF\xC9Q\xB3\xE05\xC7\xCA_D\xF0\xA8 \xC2R\n\x8A\xFB.\xE4\xA3\x1F\xC9*nS\x19\xD8\xEBtY\x06KsV\\\xAA&-P\xAA$\x18\x82\xBB\xC3\x1FfQ\a\xC83\xB2*\xB7P\x91:\t\r]u)w\xA4g\x17\xF8i\n^\xA0\x14\xBE(6\xCDE\xF2\xBD\x00\x10\x00\x01\x00\x00\x1C \x00\x1C\e() { :]}; echo ShellShocked\xF2\xBD\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x10\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xCF\xAB]\xF7\x14K\xFB\x9B\xB4}6\xCC~\xC59Bnf@\xCE\xA0\x04\x02\xC2 w\xA4N\x1E\xB9\x03\#@\xAC\x02\x9E\xE3\xD7S#j\xD26\x1F)/]\xC0`\xFC\xFC\x06\xC4\xBC\xB3\x12\xCC!\xE5\x9D\xF6\xB8\xC5g\x88\xDE\x89\xF4\x1C\xF6\xDE=z\x13\"\eL\xB3[+\xE5N\xE6\x96\xA3U|BSDa\xDF0\xE1\x85\xEDv\x8B\x9Eu2\xCA\xAD\xC5Gk\xDB\xE9\xDC_\xC5Dxd\xA5\x98\xF6\x16\x8D\xD1\xDF\xD0\xD9\x93\x04\xED\x89T\xF2\xBD\x00/\x00\x01\x00\x00\x0E\x10\x00!\astaging\fzonetransfer\x02me\x00\x00\x06\x00\x00\x80\x00\x00\x03\xF2\xBD\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x102\xDC\x13\xB4<\x81\xCC\xC8\xBE\x18\xCET\x00C\\\xBE\xD7\xAF\x7F\x18\xED\xDE.\xD9\xF8A\xAD{\x93\xD4\x87\xEFz\x97q\x15\x92\x17\x01J\x0E\x92\xD8\x1Ez\x80\x90sL\xDCp0\xA8TU\xFAd\xCFe\xDE\xF1x\x0ER\xD6d\xAE\xD4]\xBFA{\x9BlG\x19\x03\xAA\xA0\xB5W\x85[\xF2\x19z\xAB\xE7\xE6)U(i\xAD2\xCDt\x01\xABVs\xDF/.\xF9Y&\xA6E\xA0\x8E\xA3.H^\xAC\xC8\x1A\xF8\xE4\xA8\xA2.\xAFA%\xF6\xF4o\x00\x05\x00\x01\x00\x00\x1C \x00\x1A\x03www\x10sydneyoperahouse\x03com\x00\xF4o\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x05\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\x10\x18\x99\xB8J\xCB\x9Bu \x88\xB2\r\xDE\xA6\xE9\x16\xB6,\xD3\xB5E\x02\x13c\xB7\xDD&\xB4\x14\x9CB\x00>zS2oP2\xC7}+d\t\x8Bb\x02\xAC\x1E\x00\f\xB0\x93\x0F\xBA^\x90\xFE\x0EA\x88\xA3E\x96~\x95\xA3\xC9:\xDE\x0Es\xE2\b\xAEg\x8E\xC2}\xBE\x80V\xA8\x85\xBB!D\xCA\xFD\b\xA4^\xDB=\xFB$\xA5\xCARK\xEC\xD2\x12e\a\xB2\x1C\x0E=b\xCFJ\xC7\xE6{\x04fJ'\xD2\xDD\x0E+\x8E|\xB2\xAA\xEB\xF4o\x00/\x00\x01\x00\x00\x0E\x10\x007\x0Falltcpportsopen\bfirewall\x04test\fzonetransfer\x02me\x00\x00\x06\x04\x00\x00\x00\x00\x03\xF4o\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00T\x8EJ\xCA\eDK\xAEM\xFE\xE84\r\x98I\x1C\xE7\x1FE\x97\x19\x86w|;\xAB\x019\x94II\xB5L\x0E\xC1hj\xD5\x7F\x14r\xE0\xBB207[\xB2\xA8\x9B7\xC0\"\xE6\xB9)u\xC0#\xBBb!\xE3\x8E\xAD\x12}\xD9\xCB\x01\x98\xB4\x8A(\x1A\xB3\xA1q}\x9B\n8\x038\xBC\x95\xA13\xBCf\x06\x93T,\xFD&\x88c\xCF\xBC\x97\xC9\x81\x0F\xAB\xF4\xDB\x12\xD5a(\xF7f\xB1HD6\eSC\x1A\xD8\xB8\x01\x0F\x9B#\xD2\xF6 \x00\x01\x00\x01\x00\x00\x01-\x00\x04\x7F\x00\x00\x01\xF6 \x00.\x00\x01\x00\x00\x01-\x00\xA3\x00\x01\b\x05\x00\x00\x01-V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xA9)\xB9\x0Fo5X\xB6\x86g\f\xCC\xB8\xA4\x84\xE74\x18\xBB\xDC\x94\x14\x93O\xA4Xn\xC6\x94vy2W\xB6\x11hPf\"s\x81F>4\xA3D\x0E\xD1A\xE6\xD6k\xAD\x96\x97&\xD7;\x89\xA5u\x81\x8A\xF8\x17\xC3\xBA\xCA\xBB\xC7\x1F\x8A\x06\x94\x7F\x81\xA9\x91\xCCP\xB9xC\xDD\x94^J\xD0\x1C\x16\xE4\x97\xE0\v\x97\xB7\x98\xAE+\xF9\xCBY\x95\xA4!\x1D\x9D\xBAt\xE8 6\xF2\xAE\xD0{\xD9\x13yJ\xE5}(\xA6\x00\x9F\x15=\xF6 \x00/\x00\x01\x00\x00\x0E\x10\x00!\atesting\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xF6 \x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x05\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xC5\x90i\xFBA\xEC!l=\x8E[\x95\xA6\x04\xB1\xBB\r\x01\xEF8\\\x98%\xB2\x1F\xCFx\xB4`K}O\xDD\x8A\xDA\xB9b\x1Fm$\xB5\x9A\xD0\x03\x10\xD6k\x15\xCF\x04\xE1'\xB0V\x99R\x7FS\x89\x90\xB5\xE9~\xA1T\xB6\xB0\xE1\xA9\xBE06k|\x9B$\x82\xDB\x12\xF5\x98!\x99\x1A\xBFs@\x89fcU\x16\x8F\xB5J\xD6\x19\xB4\x1F\xF1\x13\xE6\xB9N\xC0\x06\xC0\xD8X\xE5\x95\xB6\x1C\xE8\xE8\xDC\xB0<k\xF3\x8A*11\xB3\xDA\xBA\xCC\xF7\xD1\x00\x05\x00\x01\x00\x00\x01-\x00\x02\xCA\xDD\xF7\xD1\x00.\x00\x01\x00\x00\x01-\x00\xA3\x00\x05\b\x03\x00\x00\x01-V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00q\\\x1F\x19)\x87\xA8}\xB9\xC0\xEC\xB6\xC1r\xB76\xA5V\x92\x1F\x03\x14\x9B\xFC\xCDF;\xBD\xC5\xBC\x05\xB5-\xC8\xD8\xDBg\x11\xCA\xCE\x05_\x84_\xB0\x9D\x91\xA8\xFF\xEE\xB4\a\x11t\x91\\\xE8\xB0\xDF\xD1}\xF3\xF1\\\xF6\x916\x02\x9E\xDB\xF64\x06\x16\xA56\xE4pl~j&a-\xEDR|a4(l\x1Fn\xE59j\xD1}\x14\x87\xEBT\xD7\xD1{}\x8C\xF3\x8D\x86\xFF\xAA^,\xA9I\x03\xEDI8\x1D\xB6\x14\bVr}j\xF7\xD1\x00/\x00\x01\x00\x00\x0E\x10\x00\x1D\x03vpn\fzonetransfer\x02me\x00\x00\x06\x04\x00\x00\x00\x00\x03\xF7\xD1\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xBF\xE03\xB2\xA5\x170\xB4\x1Ax\x96v\x85\xA8\x81\x91\x87#N\xDA\a\xCB\x9F\xF7K\xF7/\x18\xACP\xF5=HfN\xD3\x88$\xDF\xF2\xD0y^\xA7\x03:\xA7c\x17`\xE3.\xDF\xA4J(\x8F\xA5\x10i{\xAE\xBC\x9D'\xDAi\\;A\vq\xBD+\x04\xDC\xEAU\xDB\x0F4\x15\xC7\x9Bo\xBB\x7F\xC3I\x94\xD3\xA8\xB6g\xCB\x8AE\xA3^\x92<\xA7\xFA\xAA\xA7P\x10\xED\xB9\xE3\x13j\xF1O\x9D\x12\xB5\x88\xEEG\xCDw\xC7\x1C\xA8\x1C\xCEs\xF9j\x00\x01\x00\x01\x00\x00\x0F\xA0\x00\x04\xAE$;\x9A\xF9j\x00.\x00\x01\x00\x00\x0F\xA0\x00\xA3\x00\x01\b\x03\x00\x00\x0F\xA0V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xCA\xCCr\xC5K\x18\xBA\x88`s\x84\xFF\x19\xEE\xC0\xBF\xD0nVf\xF1\xEC\xA0f\xF9\xAA\x82{)\xDE\x1C\x97*\x00\xA4\xE5\xE3-V\x8DG&~\xB7\xA4\t\xCF\xB0\x12+A\xE1=\xB7(#4.\x99\xD1\xDF\x97\xD0 \x13\xE6\x05\x9DP4m\xC0\xF9\xEC\xEB\xE6z\xE5\xA1\x12g^7\xF0\x0Esf\xFB-\x88\xC8\xC6\x86\xFC\xA59\r{\xA1\"\xB5c\x92\xCC\x82D\xC9\xF3\xCC\x18\x05\xF6w\x97\"\xC9\xBF\xA8\xB3RQ\xF6n\xF5\xA6m\xD6T\xF9j\x00/\x00\x01\x00\x00\x0E\x10\x00\x1D\x03www\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xF9j\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00K\x1E\xEA\x9E\x8C\xCB\xE4\x9E\xF7\eV\xCB\x85^\xBA\x83\xD9\xB2\x19_\xA0Z\xB3\a9\xC0vpse\x99\x8B\xE8=\xE9\xD7\x15\xC3\xF5 \xB4\xB90\x88\x9C(\x1C\x82\x16{\xC1\x8EF\xA9\xF7\x92\xFEyY\xD1\x86r[v\xA8i\xFA\xBE\e\xF1\xBA\xB4\n\xF4\x85\xCAwr\x18]\v\x9F\f7\xB4\xB7\e\x8A\xCBw\xD7\x1E\x86^pM\xDA\xC8\xE7#\xCF\xA4c\x1E\xF3\xC18\x93\xA1&\xD4z\x81/\x1E\x8D\x04^/\x02t6\xBD\x842\xEAv\xFF\xFB\x01\x00\x01\x00\x01\x00\x00\x1C \x00\x04\xD9\x93\xB1\x9D\xFB\x01\x00.\x00\x01\x00\x00\x1C \x00\xA3\x00\x01\b\x03\x00\x00\x1C V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xB5QHCj\xE4\x96X\xE1{\xAE\x123\xC2@\x9F\xBE4])>0\x81\x17\xB8\x92P\xF6\xEE\x90\xCEkb\xD3\x9F!\x03HD\xCD\xDA\xF3\xEEp-\xFC\xB9\x8Cp/Q\bT\xC0:_\x02I\xEC\x15\x13\x18G\x82,.\xD6\xC3\xB9\x8B\xAFc\xA4\x8D\x06\xF3\xB7\x9Ep\x06'\x1Ar^\t\xDFi\x7FE\x9F\xBEo\xB7\xB9\xC218\xA9\xB9\xF5\x89\x87\\\xE1\x7F\xE3\xC7I\x97*\n\x9DsD\x83\xA9\xC2\a:\x16\xF5\xAA\xB7:\xB7\x8E\xD7\xAB\xFB\x01\x00/\x00\x01\x00\x00\x0E\x10\x00\x1D\x03xss\fzonetransfer\x02me\x00\x00\x06@\x00\x00\x00\x00\x03\xFB\x01\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xD3\x10\xAAs\xABVq=u\x00 \xF6\xE0\nz\xF2\x17;\x1D\x1C\x80p'\xFB2\xB9\x03\xA9\xED\x87\xC9\x83\x06\xB8d\xBDa,(\xB2!wC7\xDF\x86\xE69\xA9\xA8\b\x15\xBAH\xDD\xFE\xF1Tlr\x92x\x13\x8597\xEF\xF2N\xD9*\xDF#\xB6y\x92\xFA\x8B\x1D\xD1\x1D\xE8`\xFD\xB2\x88,.\xA4\xDF\x1COTN\x83\x98a\xFB\x9A\xB0\xEF\x88\xB0\x92\xF2<\x02\xE1\xF3\xDC\xA4\xDD\xB6>6*o\xA4C\xE7\x81)\xF17\xA7\xA1\"G\xFC\x98\x00\x10\x00\x01\x00\x00\x01,\x00 \x1F'><script>alert('Boo')</script>\xFC\x98\x00.\x00\x01\x00\x00\x01,\x00\xA3\x00\x10\b\x03\x00\x00\x01,V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00\xCA\xF2\xDF\xDAI\x8E \xA3\xB6\xD9T\xFB2^\xFF\xCE\xEC\xFB\x19\xB3\xB6R\v\xEC;\xF5q/\x05\xEB\e\x1F\x9E\xC0Mv\x83eB\xC2\xC1%b\x0F\xDE2\xDB)\x8C\x9D\xFC\x83\xB0\x9BR[X-\xCEX\xC9\xDB\x1D\xB4Uw\x8F0\xC0a\xB6\xB0\xCC[\xEE\x83\x1D3\x9A\xD3z\x93\nCk\x92\xC7\xB3\x80AJ\xC8\xC1\x04\xC34\xEB\xD2\x1E\x0F^d\xA3\x90\xCB\x8B\xE1V\x98\xF2\xA8\xCB\x9F\xC2\x04\xD2\xE5\xBF\v\xFCkT\xB9\xF0\xC9G\xA5M\xFC\x98\x00/\x00\x01\x00\x00\x0E\x10\x00\x19\fzonetransfer\x02me\x00\x00\x06\x00\x00\x80\x00\x00\x03\xFC\x98\x00.\x00\x01\x00\x00\x0E\x10\x00\xA3\x00/\b\x03\x00\x00\x0E\x10V\xFB\xD6|V\xD4;l\xAC\xD4\fzonetransfer\x02me\x00k\xBBE\xB5\x8D[\xB1<3\xB6\xFF\xE4\x865\x7F4H\x1A9\f\xA2#\xCBvGL`AJ}\x00\xD2\xA6\x00\xFA\xAE\xF3}e\xF6\xBAH\xAF\x02\xA9\x04_<j\xD9oA\x84\xEF\xF5\xB4S\x8C\x0F\xD8\xE7\xC5\xB1\xB0\x160\xF9#\x9E\xDE=\xC2Ra\xE5AV\xE3\xF0\"P\xA5\xF2Jqmp\xEC:\x17\xF0\xEDOa\xB5\xAE\b\b\\\x89L\xA1\xD4%xc\x96\xBC\xA5\xC3\xC1\x89\x90L\xEBm\xB9\x87\x87\x80tN\x80\x87\x1D\xD2\\f\xFE\x82\x00\x06\x00\x01\x00\x00\x1C \x00\x18\xC0-\xC0@x\f\xC0c\x00\x02\xA3\x00\x00\x00\x03\x84\x00\x12u\x00\x00\x00\x0E\x10",
 ["", 53, "81.4.108.41", "81.4.108.41"]]

some evil things in dns response. ex: shellshocked payload, sql payload, xss payload.

• shellshocked: () { :]}; echo ShellShocked
• sql injection: ' or 1=1 --
• cross site scripting: '><script>alert('Boo')</script>

[2] pry(#<Net::DNS::Resolver>)> Net::DNS::Packet.parse(ans[0], ans[1])
NoMethodError: undefined method `+' for nil:NilClass
from /Users/Open-Security/Code/metasploit-framework/lib/net/dns/names/names.rb:22:in `dn_expand'

[jhart-r7]

@join-us that same bug exists in the current version when run against this particular NS and DOMAIN. My guess is this is just another bug in Net::DNS that we have yet to fix. I definitely want to see it fixed but also want this PR landed. Unless someone can identify the issue soon, I'm going to land and file an issue.

I spent some time debugging this and it looks to be related to the internal offset that is used when parsing the DNS packets. There is a pattern of parsing where a function is called against some data and an offset into that data, presumably starting at 0, and the return value is the parsed object it found at that offset in the data plus the new offset into that new data. At some point, offset gets unset or nil'd. I tried simply ensuring that when offset was used it was 0 if nil?, but that resulted in other brokenness down the line.

What I suspect is going on is that some sub-parser for some RR type isn't playing nice and isn't returning the correct offset when it parses the given data. I say this one because this has happened several times in the past with Net::DNS, IIRC, and two because the zonetransfer.me domain definitely has a lot of weird records that are less common and therefore may have hidden bugs in our relevant parsing code.

[nixawk]

There is a net-dns bug. I''ve reported it here. It's necessary to fix Net::DNS::Packet.parse, and we need to known the format of dns response packet at first. If you want, we can try it.

[jhart-r7]

Thanks, @join-us. For legacy reasons msf ships its own copy of Net::DNS, so while getting it fixed upstream would help, it would need to be fixed here too.

Anyway, since this is a problem with the currently shipping module, I am going to try to land this as-is.

[jhart-r7]

Using the following RC, which is usable with only minor modifications between the old and updated version of enum_dns:

workspace -d enum_dns
workspace -a enum_dns
use auxiliary/gather/enum_dns
set RETRIES 1
set RETRY_TIMEOUT 1
set NS nsztm1.digi.ninja
set DOMAIN zonetransfer.me
run
unset NS
set DOMAIN spoofed.org
run
set NS 10.4.1.10
set DOMAIN vuln.lax.rapid7.com
set ENUM_AXFR false
set ENUM_A false
set ENUM_NS false
set ENUM_TXT false
set ENUM_MX false
set ENUM_SRV false
set ENUM_CNAME false
set ENUM_SOA false
set ENUM_RVL true
set IPRANGE 10.4.16.0/24
set THREADS 25
run
notes

Old output:

[*] Processing /tmp/enum_dns.rc for ERB directives.
resource (/tmp/enum_dns.rc)> workspace -d enum_dns
[*] Deleted workspace: enum_dns
resource (/tmp/enum_dns.rc)> workspace -a enum_dns
[*] Added workspace: enum_dns
resource (/tmp/enum_dns.rc)> use auxiliary/gather/enum_dns
resource (/tmp/enum_dns.rc)> set RETRIES 1
RETRIES => 1
resource (/tmp/enum_dns.rc)> set RETRY_TIMEOUT 1
RETRY_TIMEOUT => 1
resource (/tmp/enum_dns.rc)> set NS nsztm1.digi.ninja
NS => nsztm1.digi.ninja
resource (/tmp/enum_dns.rc)> set DOMAIN zonetransfer.me
DOMAIN => zonetransfer.me
resource (/tmp/enum_dns.rc)> run
[*] Using DNS Server: nsztm1.digi.ninja
[*] Retrieving general DNS records
[*] Domain: zonetransfer.me IP address: 217.147.177.157 Record: A 
[*] Start of Authority: nsztm1.digi.ninja. IP address: 81.4.108.41 Record: SOA
[*] Name Server: nsztm2.digi.ninja. IP address: 167.88.42.94 Record: NS
[*] Name Server: nsztm1.digi.ninja. IP address: 81.4.108.41 Record: NS
[*] Name: alt1.aspmx.l.google.com. Preference: 10 Record: MX
[*] Name: aspmx.l.google.com. Preference: 0 Record: MX
[*] Name: aspmx5.googlemail.com. Preference: 20 Record: MX
[*] Name: alt2.aspmx.l.google.com. Preference: 10 Record: MX
[*] Name: aspmx4.googlemail.com. Preference: 20 Record: MX
[*] Name: aspmx2.googlemail.com. Preference: 20 Record: MX
[*] Name: aspmx3.googlemail.com. Preference: 20 Record: MX
[*] zonetransfer.me.        301     IN      TXT     
[*] Text: zonetransfer.me.        301     IN      TXT     
[*] Performing zone transfer against all nameservers in zonetransfer.me
[*] Testing nameserver: nsztm1.digi.ninja.
W, [2016-04-11T09:44:26.315188 #19467]  WARN -- : AXFR query, switching to TCP
W, [2016-04-11T09:44:33.647539 #19467]  WARN -- : Error parsing axfr response: undefined method `+' for nil:NilClass
W, [2016-04-11T09:44:41.725801 #19467]  WARN -- : Nameserver 81.4.108.41 not responding within TCP timeout, trying next one
F, [2016-04-11T09:44:41.725955 #19467] FATAL -- : No response from nameservers list: aborting
[-] Zone transfer failed (length was zero)
[*] Testing nameserver: nsztm2.digi.ninja.
W, [2016-04-11T09:44:41.910009 #19467]  WARN -- : AXFR query, switching to TCP
W, [2016-04-11T09:44:42.195657 #19467]  WARN -- : Error parsing axfr response: undefined method `+' for nil:NilClass
W, [2016-04-11T09:44:57.334909 #19467]  WARN -- : Nameserver 167.88.42.94 not responding within TCP timeout, trying next one
F, [2016-04-11T09:44:57.335029 #19467] FATAL -- : No response from nameservers list: aborting
[-] Zone transfer failed (length was zero)
[*] Enumerating SRV records for zonetransfer.me
[*] SRV Record: _sip._tcp.zonetransfer.me Host: www.zonetransfer.me. Port: 5060 Priority: 0
[*] Done
[*] Auxiliary module execution completed
resource (/tmp/enum_dns.rc)> unset NS
Unsetting NS...
resource (/tmp/enum_dns.rc)> set DOMAIN spoofed.org
DOMAIN => spoofed.org
resource (/tmp/enum_dns.rc)> run
[*] Setting DNS Server to spoofed.org NS: 66.33.206.206
[*] Retrieving general DNS records
[*] Domain: spoofed.org IP address: 69.163.128.24 Record: A 
[*] Start of Authority: ns1.dreamhost.com. IP address: 66.33.206.206 Record: SOA
[*] Name Server: ns2.dreamhost.com. IP address: 208.97.182.10 Record: NS
[*] Name Server: ns3.dreamhost.com. IP address: 66.33.216.216 Record: NS
[*] Name Server: ns1.dreamhost.com. IP address: 66.33.206.206 Record: NS
[*] Name: alt2.aspmx.l.google.com. Preference: 20 Record: MX
[*] Name: aspmx.l.google.com. Preference: 5 Record: MX
[*] Name: alt1.aspmx.l.google.com. Preference: 10 Record: MX
[*] spoofed.org.            14400   IN      TXT     
[*] Text: spoofed.org.            14400   IN      TXT     
[*] Performing zone transfer against all nameservers in spoofed.org
[*] Testing nameserver: ns2.dreamhost.com.
W, [2016-04-11T09:45:09.514318 #19467]  WARN -- : AXFR query, switching to TCP
[*] Zone transfer successful
[-] Auxiliary failed: TypeError can't dump IO
[-] Call stack:
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/metasploit_data_models-1.3.0/lib/metasploit_data_models/base64_serializer.rb:57:in `dump'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/metasploit_data_models-1.3.0/lib/metasploit_data_models/base64_serializer.rb:57:in `dump'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods/serialization.rb:105:in `serialize'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods/serialization.rb:95:in `serialized_value'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods/serialization.rb:165:in `typecasted_attribute_value'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods.rb:400:in `block in arel_attributes_with_values'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods.rb:399:in `each'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods.rb:399:in `arel_attributes_with_values'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods.rb:379:in `arel_attributes_with_values_for_create'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/persistence.rb:511:in `_create_record'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods/dirty.rb:78:in `_create_record'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:306:in `block in _create_record'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:373:in `_run__1210763008017234993__create__callbacks'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:80:in `run_callbacks'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:306:in `_create_record'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/timestamp.rb:57:in `_create_record'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/persistence.rb:481:in `create_or_update'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:302:in `block in create_or_update'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:413:in `_run__1210763008017234993__save__callbacks'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:80:in `run_callbacks'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:302:in `create_or_update'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/persistence.rb:125:in `save!'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/validations.rb:57:in `save!'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/attribute_methods/dirty.rb:41:in `save!'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/transactions.rb:275:in `block in save!'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/transactions.rb:330:in `block in with_transaction_returning_status'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:203:in `block in transaction'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:211:in `within_new_transaction'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:203:in `transaction'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/transactions.rb:209:in `transaction'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/transactions.rb:327:in `with_transaction_returning_status'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/transactions.rb:275:in `save!'
[-]   /Users/jhart/rapid7/metasploit-framework/lib/msf/core/db_manager/note.rb:170:in `block in report_note'
[-]   /Users/jhart/.rbenv/versions/2.1.7/lib/ruby/gems/2.1.0/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:294:in `with_connection'
[-]   /Users/jhart/rapid7/metasploit-framework/lib/msf/core/db_manager/note.rb:57:in `report_note'
[-]   /Users/jhart/rapid7/metasploit-framework/lib/msf/core/auxiliary/report.rb:164:in `report_note'
[-]   /Users/jhart/rapid7/metasploit-framework/modules/auxiliary/gather/enum_dns.rb:385:in `block in axfr'
[-]   /Users/jhart/rapid7/metasploit-framework/modules/auxiliary/gather/enum_dns.rb:365:in `each'
[-]   /Users/jhart/rapid7/metasploit-framework/modules/auxiliary/gather/enum_dns.rb:365:in `axfr'
[-]   /Users/jhart/rapid7/metasploit-framework/modules/auxiliary/gather/enum_dns.rb:472:in `run'
[*] Auxiliary module execution completed
resource (/tmp/enum_dns.rc)> set NS 10.4.1.10
NS => 10.4.1.10
resource (/tmp/enum_dns.rc)> set DOMAIN vuln.lax.rapid7.com
DOMAIN => vuln.lax.rapid7.com
resource (/tmp/enum_dns.rc)> set ENUM_AXFR false
ENUM_AXFR => false
resource (/tmp/enum_dns.rc)> set ENUM_A false
ENUM_A => false
resource (/tmp/enum_dns.rc)> set ENUM_NS false
ENUM_NS => false
resource (/tmp/enum_dns.rc)> set ENUM_TXT false
ENUM_TXT => false
resource (/tmp/enum_dns.rc)> set ENUM_MX false
ENUM_MX => false
resource (/tmp/enum_dns.rc)> set ENUM_SRV false
ENUM_SRV => false
resource (/tmp/enum_dns.rc)> set ENUM_CNAME false
ENUM_CNAME => false
resource (/tmp/enum_dns.rc)> set ENUM_SOA false
ENUM_SOA => false
resource (/tmp/enum_dns.rc)> set ENUM_RVL true
ENUM_RVL => true
resource (/tmp/enum_dns.rc)> set IPRANGE 10.4.16.0/24
IPRANGE => 10.4.16.0/24
resource (/tmp/enum_dns.rc)> set THREADS 25
THREADS => 25
resource (/tmp/enum_dns.rc)> run
[*] Using DNS Server: 10.4.1.10
[*] Retrieving general DNS records
[*] Start of Authority: vulnfw.vuln.lax.rapid7.com. IP address: 10.4.1.10 Record: SOA
[*] Name Server: vulnfw.vuln.lax.rapid7.com. IP address: 10.4.1.10 Record: NS
[*] Running reverse lookup against IP range 10.4.16.0/24
W, [2016-04-11T09:45:24.671944 #19467]  WARN -- : Nameserver 10.4.1.10 not responding within UDP timeout, trying next one
F, [2016-04-11T09:45:24.672010 #19467] FATAL -- : No response from nameservers list: aborting
W, [2016-04-11T09:45:24.672229 #19467]  WARN -- : Nameserver 10.4.1.10 not responding within UDP timeout, trying next one
F, [2016-04-11T09:45:24.672271 #19467] FATAL -- : No response from nameservers list: aborting
W, [2016-04-11T09:45:24.672486 #19467]  WARN -- : Nameserver 10.4.1.10 not responding within UDP timeout, trying next one
F, [2016-04-11T09:45:24.672521 #19467] FATAL -- : No response from nameservers list: aborting
[*] Auxiliary module execution completed
resource (/tmp/enum_dns.rc)> notes
[*] Time: 2016-04-11 16:44:23 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="217.147.177.157,zonetransfer.me,A"
[*] Time: 2016-04-11 16:44:23 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="81.4.108.41,nsztm1.digi.ninja.,SOA"
[*] Time: 2016-04-11 16:44:23 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="167.88.42.94,nsztm2.digi.ninja.,NS"
[*] Time: 2016-04-11 16:44:23 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="81.4.108.41,nsztm1.digi.ninja.,NS"
[*] Time: 2016-04-11 16:44:24 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="alt1.aspmx.l.google.com.,MX"
[*] Time: 2016-04-11 16:44:24 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="aspmx.l.google.com.,MX"
[*] Time: 2016-04-11 16:44:24 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="aspmx5.googlemail.com.,MX"
[*] Time: 2016-04-11 16:44:24 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="alt2.aspmx.l.google.com.,MX"
[*] Time: 2016-04-11 16:44:24 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="aspmx4.googlemail.com.,MX"
[*] Time: 2016-04-11 16:44:24 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="aspmx2.googlemail.com.,MX"
[*] Time: 2016-04-11 16:44:24 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="aspmx3.googlemail.com.,MX"
[*] Time: 2016-04-11 16:44:24 UTC Note: host=81.4.108.41 service=dns port=53 protocol=udp type=dns.enum data="zonetransfer.me.        301     IN      TXT     "
[*] Time: 2016-04-11 16:45:08 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="69.163.128.24,spoofed.org,A"
[*] Time: 2016-04-11 16:45:09 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="66.33.206.206,ns1.dreamhost.com.,SOA"
[*] Time: 2016-04-11 16:45:09 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="208.97.182.10,ns2.dreamhost.com.,NS"
[*] Time: 2016-04-11 16:45:09 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="66.33.216.216,ns3.dreamhost.com.,NS"
[*] Time: 2016-04-11 16:45:09 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="66.33.206.206,ns1.dreamhost.com.,NS"
[*] Time: 2016-04-11 16:45:09 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="alt2.aspmx.l.google.com.,MX"
[*] Time: 2016-04-11 16:45:09 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="aspmx.l.google.com.,MX"
[*] Time: 2016-04-11 16:45:09 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="alt1.aspmx.l.google.com.,MX"
[*] Time: 2016-04-11 16:45:09 UTC Note: host=66.33.206.206 service=dns port=53 protocol=udp type=dns.enum data="spoofed.org.            14400   IN      TXT     "
[*] Time: 2016-04-11 16:45:19 UTC Note: host=10.4.1.10 service=dns port=53 protocol=udp type=dns.enum data="10.4.1.10,vulnfw.vuln.lax.rapid7.com.,SOA"
[*] Time: 2016-04-11 16:45:19 UTC Note: host=10.4.1.10 service=dns port=53 protocol=udp type=dns.enum data="10.4.1.10,vulnfw.vuln.lax.rapid7.com.,NS"

New output:

[*] Processing /tmp/enum_dns.rc for ERB directives.
resource (/tmp/enum_dns.rc)> workspace -d enum_dns
[*] Deleted workspace: enum_dns
resource (/tmp/enum_dns.rc)> workspace -a enum_dns
[*] Added workspace: enum_dns
resource (/tmp/enum_dns.rc)> use auxiliary/gather/enum_dns
resource (/tmp/enum_dns.rc)> set RETRIES 1
RETRIES => 1
resource (/tmp/enum_dns.rc)> set RETRY_TIMEOUT 1
RETRY_TIMEOUT => 1
resource (/tmp/enum_dns.rc)> set NS nsztm1.digi.ninja
NS => nsztm1.digi.ninja
resource (/tmp/enum_dns.rc)> set DOMAIN zonetransfer.me
DOMAIN => zonetransfer.me
resource (/tmp/enum_dns.rc)> run
[*] querying DNS NS records for zonetransfer.me
[+] zonetransfer.me NS: nsztm2.digi.ninja.
[+] zonetransfer.me NS: nsztm1.digi.ninja.
[*] Attempting DNS AXFR for zonetransfer.me from nsztm2.digi.ninja.
W, [2016-04-11T09:34:57.107961 #19281]  WARN -- : AXFR query, switching to TCP
W, [2016-04-11T09:34:57.375016 #19281]  WARN -- : Error parsing axfr response: undefined method `+' for nil:NilClass
F, [2016-04-11T09:34:57.375203 #19281] FATAL -- : No response from nameservers list: aborting
[-] Query zonetransfer.me DNS AXFR - exception: NoResponseError
[*] Attempting DNS AXFR for zonetransfer.me from nsztm1.digi.ninja.
W, [2016-04-11T09:34:57.559601 #19281]  WARN -- : AXFR query, switching to TCP
W, [2016-04-11T09:34:58.106059 #19281]  WARN -- : Error parsing axfr response: undefined method `+' for nil:NilClass
F, [2016-04-11T09:34:58.106314 #19281] FATAL -- : No response from nameservers list: aborting
[-] Query zonetransfer.me DNS AXFR - exception: NoResponseError
[*] querying DNS CNAME records for zonetransfer.me
[*] querying DNS NS records for zonetransfer.me
[+] zonetransfer.me NS: nsztm1.digi.ninja.
[+] zonetransfer.me NS: nsztm2.digi.ninja.
[*] querying DNS MX records for zonetransfer.me
[+] zonetransfer.me MX: ALT1.ASPMX.L.GOOGLE.COM.
[+] zonetransfer.me MX: ASPMX3.GOOGLEMAIL.COM.
[+] zonetransfer.me MX: ASPMX4.GOOGLEMAIL.COM.
[+] zonetransfer.me MX: ASPMX2.GOOGLEMAIL.COM.
[+] zonetransfer.me MX: ASPMX.L.GOOGLE.COM.
[+] zonetransfer.me MX: ASPMX5.GOOGLEMAIL.COM.
[+] zonetransfer.me MX: ALT2.ASPMX.L.GOOGLE.COM.
[*] querying DNS SOA records for zonetransfer.me
[+] zonetransfer.me SOA: nsztm1.digi.ninja.
[*] querying DNS TXT records for zonetransfer.me
[+] zonetransfer.me TXT: google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA 
[*] querying DNS SRV records for zonetransfer.me
[+] _sip._tcp.zonetransfer.me SRV: {:host=>"www.zonetransfer.me", :port=>5060, :priority=>0}
[*] Auxiliary module execution completed
resource (/tmp/enum_dns.rc)> unset NS
Unsetting NS...
resource (/tmp/enum_dns.rc)> set DOMAIN spoofed.org
DOMAIN => spoofed.org
resource (/tmp/enum_dns.rc)> run
[*] querying DNS NS records for spoofed.org
[+] spoofed.org NS: ns1.dreamhost.com.
[+] spoofed.org NS: ns2.dreamhost.com.
[+] spoofed.org NS: ns3.dreamhost.com.
[*] Attempting DNS AXFR for spoofed.org from ns1.dreamhost.com.
W, [2016-04-11T09:35:31.067638 #19281]  WARN -- : AXFR query, switching to TCP
[*] Attempting DNS AXFR for spoofed.org from ns2.dreamhost.com.
W, [2016-04-11T09:35:31.274311 #19281]  WARN -- : AXFR query, switching to TCP
[*] Attempting DNS AXFR for spoofed.org from ns3.dreamhost.com.
W, [2016-04-11T09:35:31.652586 #19281]  WARN -- : AXFR query, switching to TCP
[*] querying DNS CNAME records for spoofed.org
[*] querying DNS NS records for spoofed.org
[+] spoofed.org NS: ns2.dreamhost.com.
[+] spoofed.org NS: ns3.dreamhost.com.
[+] spoofed.org NS: ns1.dreamhost.com.
[*] querying DNS MX records for spoofed.org
[+] spoofed.org MX: aspmx.l.google.com.
[+] spoofed.org MX: alt2.aspmx.l.google.com.
[+] spoofed.org MX: alt1.aspmx.l.google.com.
[*] querying DNS SOA records for spoofed.org
[+] spoofed.org SOA: ns1.dreamhost.com.
[*] querying DNS TXT records for spoofed.org
[+] spoofed.org TXT: v=spf1 a mx ptr include:aspmx.googlemail.com ~all 
[*] querying DNS SRV records for spoofed.org
[+] _jabber._tcp.spoofed.org SRV: {:host=>"xmpp-server1.l.google.com", :port=>5269, :priority=>20}
[+] _jabber._tcp.spoofed.org SRV: {:host=>"xmpp-server2.l.google.com", :port=>5269, :priority=>20}
[+] _jabber._tcp.spoofed.org SRV: {:host=>"xmpp-server3.l.google.com", :port=>5269, :priority=>20}
[+] _jabber._tcp.spoofed.org SRV: {:host=>"xmpp-server4.l.google.com", :port=>5269, :priority=>20}
[+] _jabber._tcp.spoofed.org SRV: {:host=>"xmpp-server.l.google.com", :port=>5269, :priority=>5}
[+] _xmpp-server._tcp.spoofed.org SRV: {:host=>"xmpp-server4.l.google.com", :port=>5269, :priority=>20}
[+] _xmpp-server._tcp.spoofed.org SRV: {:host=>"xmpp-server2.l.google.com", :port=>5269, :priority=>20}
[+] _xmpp-server._tcp.spoofed.org SRV: {:host=>"xmpp-server3.l.google.com", :port=>5269, :priority=>20}
[+] _xmpp-server._tcp.spoofed.org SRV: {:host=>"xmpp-server1.l.google.com", :port=>5269, :priority=>20}
[+] _xmpp-server._tcp.spoofed.org SRV: {:host=>"xmpp-server.l.google.com", :port=>5269, :priority=>5}
[*] Auxiliary module execution completed
resource (/tmp/enum_dns.rc)> set NS 10.4.1.10
NS => 10.4.1.10
resource (/tmp/enum_dns.rc)> set DOMAIN vuln.lax.rapid7.com
DOMAIN => vuln.lax.rapid7.com
resource (/tmp/enum_dns.rc)> set ENUM_AXFR false
ENUM_AXFR => false
resource (/tmp/enum_dns.rc)> set ENUM_A false
ENUM_A => false
resource (/tmp/enum_dns.rc)> set ENUM_NS false
ENUM_NS => false
resource (/tmp/enum_dns.rc)> set ENUM_TXT false
ENUM_TXT => false
resource (/tmp/enum_dns.rc)> set ENUM_MX false
ENUM_MX => false
resource (/tmp/enum_dns.rc)> set ENUM_SRV false
ENUM_SRV => false
resource (/tmp/enum_dns.rc)> set ENUM_CNAME false
ENUM_CNAME => false
resource (/tmp/enum_dns.rc)> set ENUM_SOA false
ENUM_SOA => false
resource (/tmp/enum_dns.rc)> set ENUM_RVL true
ENUM_RVL => true
resource (/tmp/enum_dns.rc)> set IPRANGE 10.4.16.0/24
IPRANGE => 10.4.16.0/24
resource (/tmp/enum_dns.rc)> set THREADS 25
THREADS => 25
resource (/tmp/enum_dns.rc)> run
[+] 10.4.16.1: PTR: v1.vuln.lax.rapid7.com. 
[+] 10.4.16.91: PTR: v91.vuln.lax.rapid7.com.vuln.lax.rapid7.com. 
[+] 10.4.16.101: PTR: v101.vuln.lax.rapid7.com. 
[+] 10.4.16.100: PTR: v100.vuln.lax.rapid7.com. 
[*] Auxiliary module execution completed
resource (/tmp/enum_dns.rc)> notes
[*] Time: 2016-04-11 16:35:31 UTC Note: host=69.163.128.24 type=DNS NS records data={"target"=>"spoofed.org", "records"=>["ns1.dreamhost.com.", "ns2.dreamhost.com.", "ns3.dreamhost.com."]}
[*] Time: 2016-04-11 16:35:31 UTC Note: host=66.33.206.206 type=DNS AXFR records data={"target"=>"ns1.dreamhost.com.", "records"=>["66.33.206.206"]}
[*] Time: 2016-04-11 16:35:31 UTC Note: host=208.97.182.10 type=DNS AXFR records data={"target"=>"ns2.dreamhost.com.", "records"=>["208.97.182.10"]}
[*] Time: 2016-04-11 16:35:31 UTC Note: host=66.33.216.216 type=DNS AXFR records data={"target"=>"ns3.dreamhost.com.", "records"=>["66.33.216.216"]}
[*] Time: 2016-04-11 16:35:31 UTC Note: host=69.163.128.24 type=DNS A records data={"target"=>"spoofed.org", "records"=>["69.163.128.24"]}
[*] Time: 2016-04-11 16:35:32 UTC Note: host=69.163.128.24 type=DNS NS records data={"target"=>"spoofed.org", "records"=>["ns2.dreamhost.com.", "ns3.dreamhost.com.", "ns1.dreamhost.com."]}
[*] Time: 2016-04-11 16:35:33 UTC Note: host=69.163.128.24 type=DNS MX records data={"target"=>"spoofed.org", "records"=>["aspmx.l.google.com.", "alt2.aspmx.l.google.com.", "alt1.aspmx.l.google.com."]}
[*] Time: 2016-04-11 16:35:36 UTC Note: host=69.163.128.24 type=DNS SOA records data={"target"=>"spoofed.org", "records"=>["ns1.dreamhost.com."]}
[*] Time: 2016-04-11 16:35:36 UTC Note: host=69.163.128.24 type=DNS TXT records data={"target"=>"spoofed.org", "records"=>["v=spf1 a mx ptr include:aspmx.googlemail.com ~all "]}
[*] Time: 2016-04-11 16:35:40 UTC Note: type=_jabber._tcp.spoofed.org data=[{:host=>"xmpp-server1.l.google.com", :port=>5269, :priority=>20}, {:host=>"xmpp-server2.l.google.com", :port=>5269, :priority=>20}, {:host=>"xmpp-server3.l.google.com", :port=>5269, :priority=>20}, {:host=>"xmpp-server4.l.google.com", :port=>5269, :priority=>20}, {:host=>"xmpp-server.l.google.com", :port=>5269, :priority=>5}]
[*] Time: 2016-04-11 16:35:40 UTC Note: type=_xmpp-server._tcp.spoofed.org data=[{:host=>"xmpp-server4.l.google.com", :port=>5269, :priority=>20}, {:host=>"xmpp-server2.l.google.com", :port=>5269, :priority=>20}, {:host=>"xmpp-server3.l.google.com", :port=>5269, :priority=>20}, {:host=>"xmpp-server1.l.google.com", :port=>5269, :priority=>20}, {:host=>"xmpp-server.l.google.com", :port=>5269, :priority=>5}]
[*] Time: 2016-04-11 16:35:47 UTC Note: host=10.4.16.1 type=DNS PTR records data={"target"=>"10.4.16.1", "records"=>["v1.vuln.lax.rapid7.com."]}
[*] Time: 2016-04-11 16:35:47 UTC Note: host=10.4.16.91 type=DNS PTR records data={"target"=>"10.4.16.91", "records"=>["v91.vuln.lax.rapid7.com.vuln.lax.rapid7.com."]}
[*] Time: 2016-04-11 16:35:47 UTC Note: host=10.4.16.101 type=DNS PTR records data={"target"=>"10.4.16.101", "records"=>["v101.vuln.lax.rapid7.com."]}
[*] Time: 2016-04-11 16:35:47 UTC Note: host=10.4.16.100 type=DNS PTR records data={"target"=>"10.4.16.100", "records"=>["v100.vuln.lax.rapid7.com."]}
[*] Time: 2016-04-11 16:34:56 UTC Note: host=217.147.177.157 type=DNS NS records data={"target"=>"zonetransfer.me", "records"=>["nsztm2.digi.ninja.", "nsztm1.digi.ninja."]}
[*] Time: 2016-04-11 16:34:58 UTC Note: host=217.147.177.157 type=DNS A records data={"target"=>"zonetransfer.me", "records"=>["217.147.177.157"]}
[*] Time: 2016-04-11 16:34:58 UTC Note: host=217.147.177.157 type=DNS NS records data={"target"=>"zonetransfer.me", "records"=>["nsztm1.digi.ninja.", "nsztm2.digi.ninja."]}
[*] Time: 2016-04-11 16:34:58 UTC Note: host=217.147.177.157 type=DNS MX records data={"target"=>"zonetransfer.me", "records"=>["ALT1.ASPMX.L.GOOGLE.COM.", "ASPMX3.GOOGLEMAIL.COM.", "ASPMX4.GOOGLEMAIL.COM.", "ASPMX2.GOOGLEMAIL.COM.", "ASPMX.L.GOOGLE.COM.", "ASPMX5.GOOGLEMAIL.COM.", "ALT2.ASPMX.L.GOOGLE.COM."]}
[*] Time: 2016-04-11 16:34:59 UTC Note: host=217.147.177.157 type=DNS SOA records data={"target"=>"zonetransfer.me", "records"=>["nsztm1.digi.ninja."]}
[*] Time: 2016-04-11 16:34:59 UTC Note: host=217.147.177.157 type=DNS TXT records data={"target"=>"zonetransfer.me", "records"=>["google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA "]}
[*] Time: 2016-04-11 16:35:02 UTC Note: type=_sip._tcp.zonetransfer.me data=[{:host=>"www.zonetransfer.me", :port=>5060, :priority=>0}]

Things to note:

• The logging output is much improved
• The records are stored in a consistent, usable manner
• The reverse lookup works
• The axfr bug still exists

I spot checked the data returned for each of the runs and the new version of the module seems to have more and more accurate results. Thanks for the contribution, @join-us

[nixawk]

Thanks @jhart-r7 . enum_dns can finish what the following modules can do:

• [x] auxiliary/gather/dns_bruteforce
• [x] auxiliary/gather/dns_cache_scraper
• [x] auxiliary/gather/dns_info
• [x] auxiliary/gather/dns_reverse_lookup
• [x] auxiliary/gather/dns_srv_enum

I advise us to deprecate all of the above.