AXFR root zone

Anand Buddhdev anandb at ripe.net
Sun Sep 28 21:23:11 UTC 2014


On 28/09/2014 22:41, Ronald F. Guilmette wrote:

Hi Ronald,

> Is it possible to use dig to AXFR the root zone?  I mean without having

Yes, it is.

> any special foreknowledge of which specific root zone servers will and
> will not accept the AXFR request?  If so, how would I do that, exactly?
> 
> I tried this:
> 
> 	dig . axfr
> 
> but I just got back a "Transfer failed" error message.

This query is sent to one of the *recursive* servers in your
/etc/resolv.conf file, so it can't provide you with a zone transfer of
the root zone. Unlike other query types, an AXFR is not recursively
looked up by a resolver.

> P.S.  Strangely, this rather different query _does_ work:
> 
> 	dig @k.root-servers.net . axfr
> 
> So, um, it appears that "k" will allow the AXFR but, I gather, other
> root zone servers won't (?)

Speaking as the operator of K-root, I can confirm that K allows zone
transfers. That's why this query works.

Regards,

Anand Buddhdev
RIPE NCC


More information about the bind-users mailing list