DNS servers should not permit zone transfers towards any IP address from the Internet.
Since zone files contain complete information about domain names, subdomains and IP addresses configured on the target name server, finding this information is useful for increasing your attack surface and for better understanding the internal structure of the target company (ex. find test servers, development servers, hidden domains, internal ip addresses, etc)
Information gathered from zone files can be useful for attackers to implement various attacks against the target company, like targeting test or development servers which are less secure.
How it works
The tool first discovers all the name servers associated with your target domain. Then, to each name server it sends a Zone Transfer (AXFR) DNS request and see if it is successful or not. In case of success, the full zone file will be displayed.