GEN:SID 1:1948
Message DNS zone transfer UDP
Summary A zone transfer of records on the DNS server has been requested.

A successful zone transfer can give valuable reconnaissance about hostnames and IP addresses for the domain.
Impact Information leak, reconnaissance.  A malicious user can gain valuable
information about the network.

Detailed Information Zone transfers are normally used to replicate zone information between
master and slave DNS servers.  If zone transfers have not been
restricted to authorized slave servers only, malicious users can attempt
them for reconnaissance about the network.  The content |00 00 FC| looks
for the end of a DNS query and a DNS type of 252 meaning a DNS zone
transfer.
Affected Systems All versions of BIND.
Attack Scenarios A zone transfer might be a precursor to some kind of attack to gain
reconnaissance.
Ease of Attack Simple to perform using tools such as nslookup, dig, and host.

Corrective Action Configure your DNS servers to allow zone transfers from authorized hosts
only.  
Additional References CVE:
CAN-1999-0532
arachnids,212

Rule References arachnids: 212
cve: 1999-0532
nessus: 10595