What is DNS zone transfer?

The DNS is a hierarchy structure that looks like a tree. It is divided into layers where the top is the Root than the TLD-level, followed by the domain and the subdomain. You can get the right to manage a particular part of the DNS that is related to the domain you have purchase. You can manage it through DNS master zones that you can create from the software you are using or through the control panel of your managed DNS provider. 

What is a DNS master zone? 

The DNS master zone file is a DNS database of DNS records for a part of the namespace. A zone file typically will have SOA record, NS records, AAAA, A, MX, TXT, and other DNS records for the domain or subdomain. The master zone will be saved on a master DNS server (also known as the Primary DNS server). 

What is it?

The DNS zone transfer is the process of copying the information from the Master DNS server to the Secondary server or servers. The copying can be done by pushing the update from the Master DNS server to the Secondary servers or by a pull from the Secondaries to obtain the new changes.

The DNS administrator can limit which Secondary DNS server can ask for DNS zone transfer by whitelisting their IP addresses. You don’t want everybody on the Internet to be able to get all of your DNS records because many might be internals and not for everyone’s eyes.

Transferring a DNS zone using Dig

Full zone transfer (AXFR zone transfer)

The Full zone transfer, or also known as AXFR zone transfer, is a complete transfer of all the data (DNS records) from the Master DNS server to a Secondary DNS server. This zone transfer will guarantee that all DNS records are up-to-date. The same as they are inside the Master DNS zone. 

You can use the AXFR zone transfer when you are deploying one or more Secondary DNS servers, and you want to copy the DNS records right away.

You can also push a full zone transfer when you know that you have one or more Secondary DNS servers that haven’t been updated in a while.

Partial zone transfer (IXFR zone transfer)

There is an option to just transfer the new changes from the Master zone to the Secondary zone. Not always you want to copy all the DNS records. The IXFR zone transfer serves you when you have changed just a few DNS records. For example, you have added 2 new A records, but all the rest is still the same. The Secondary DNS server can pull the new data. It can be set to check after a particular time if there is a change in the Master by comparing the serial numbers of the SOA record. If the serial number it has is lower, it will ask and get the changes from the Master DNS server.

Another way is that the Master DNS server can send a notification (DNS NOTIFY) to the Secondary DNS server, as tell them that there was a change. After that, they can ask to get the change, and if they are allowed to receive changes, they will get the new or modified DNS records. You can see that IXFR zone transfer will require less data transfer, and in most cases, especially when you have already set the Secondary DNS servers, it is the more practical approach.

How to push it with nslookup?

We are choosing the nslookup because it could be found on Linux, macOS, and Windows computers. This will work if it is allowed by the DNS administrator. It is strongly recommended to protect it, so cyber criminals won’t be able to see all your DNS records, including those that are not meant to be public.

  1. Open the Terminal (Linux or macOS) or the Command Prompt (Windows)
  2. Type: nslookup
  3. Now specify the authoritative name servers, which has the zone file with the following command: server ns1.domain.com (change the ns1.domain.com with the nameserver you want to copy from)
  4. Now type to see all the DNS records: set type=any
  5. Now type: ls -d domain.com (change the domain.com with the domain you have).
  6. You already have all the available DNS records, nicely organized.

Leave a Reply

Your email address will not be published. Required fields are marked *