The DNS server is configured to allow zone transfers (AXFR) to unauthorized hosts, exposing the complete DNS zone data including all subdomains and their IP addresses.
An attacker could enumerate all subdomains and associated services, map the internal network structure, discover hidden services, and identify potential targets for further attacks.
Restrict zone transfers to authorized secondary DNS servers only using ACLs. Implement TSIG (Transaction Signature) for authenticated zone transfers. Monitor and audit DNS zone transfer requests.