What is a DNS Zone Transfer?

Posted on 2006-05-03
Last Modified: 2010-04-11
Can anyone pleease tell me what a DNS zone transfer is, and why anyone would want to make one?

Question by:bmaxwell
    LVL 57

    Expert Comment

    A DNS zone is a basically all the hosts for a specific IP domain name.  When you setup a DNS server, you normally have two DNS servers.  One is the primary, the other is a secondary (you can have one or more secondaries).  When you add/delete/change an entry in a zone you do it on the primary.  

    The infromation must get to the secondary some how.  When you update the zone on the primary you need to update what is called the serial numbe., if you use a GUI interface this is generally done automatically for you, if you manually edit the file you need to do this.  A secondary will ask the primary what the current serial number is.  If the primary responds with a number that is higher than what the secondary has, this means there has been an update to the zone and the secondary asks to have a new copy of the zone.  This is called a zone transfer.
    LVL 26

    Expert Comment

    by:Leon Fester
    DNS Zone transfers can be used by unethical people to spoof/steal you IP's. Effectively I could redirect all requests to your server and instead send those requests to my fake servers. End result being...I get all your data.

    Consider an e-commerce site, being stolen like this.

    Now you understand why somebody would do it.

    Another time you would use it is if your DNS zones are hosted by ISP1, you decide that you're rather have ISP2 look after your DNS Zone. They would then also have to do a DNS Zone Transfer.
    LVL 6

    Accepted Solution

    A zone transfer is the replication of the DNS database from the Primary zone to the secondary zone(s).  It is used for load balancing and fault tolerance.

    Load balancing - if had 1 DNS server it would have to respond to all requests for that domain - you create many secondary zones to improve performance

    Fault tolerance - if your primary goes down the secondary server will still resolve DNS requests for a period of time.  You can promote the secondary to a primary if the primary will not be coming back.

    The only real difference between the primary and secondary is: the primary is a "writable" copy of the DNS zone database and it replicates its copy to the secondary "read-only" copy of the DNS zone.

    Hope that answered your questions.

    Author Comment

    Thanks for your help.  You know, it may sound very korny and square, but only one person told me "Hope that answers your question".  To some people, those words mean absolutely nothing.  I know, it's not really necessary to say.  But to me, it tells me that the person sincerely wanted to help me, because in the end, he/she told me so.  Now, I am absolutely, positively sure that all others also want to help, or they would not have responded.  But sometimes, the words "I hope that helps you" or something to that effect, sort of adds the right kind of closure to a person's problem.  I'm sure I need to "get a life", but I'm also sure someone out there agrees with me too.  Thanks to all for your help.

    LVL 57

    Expert Comment

    I really don't care about the points, but I do care about helping and following the rules so I am not complaining, I am point out what the "rules" are.

    Based on your statement it seem that the only reason you e_vanheel's comment (which is correct) over mine is because he said "Hope that answers your question"?  

    If is, please note that according to the "rules" you are are supposed to accecpt the 1st correct answer (see and in the case where there are mutliple correct answers that may provide a slighlty different  information then you can accecpt multiple answers and split the points.   With multiple correct answers it may be that you have a multiple part questions (like you have what is and why) and one comment will answer one part and another comment will answer another part.  The main point for EE is to get answers to questions, not to be super polite while doing it.

    If you accecpted his answer over mine and felt that I did not even deserve an assit, could you please explain why my comments did not answer your question so that I may imporve the way I answer questions in the future, As, IMHO, my answer does correctly descibe what a zone tranfer is and infers why you would want to do it.

    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    Join & Write a Comment

    Suggested Solutions

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now