Unkowingly allowing Anonymous Zone Transfers can increase your risk profile immensley.
How to test for anonymous zone transfer using nslookup:
>nslookup
>set query=ns
> acme.com
Server: acme.com
Address: 000.000.000.000
acme.com nameserver = ns1.acme.com
acme.com nameserver = ns2.acme.com
ns1.acme.com internet address = ccc.ccc.ccc.ccc
ns2.acme.com internet address = vvv.vvv.vvv.vvv
> server ns1.acme.com
> ls acme.com
[ns1.acme.com]
acme.com. A hhh.hhh.hhh.hhh
acme1.com. NS server = ns1.acme.com
acme2.com. NS server = ns2.acme.com
mail1 A uuu.uuu.uuu.uuu
mail2 A ddd.ddd.ddd.ddd
www A uuu.uuu.uuu.uuu
web2 A iii.iii.iii.iii
- Ray Zadjmool