• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1351
  • Last Modified:

What could be preventing me from getting good "dig axfr" results from a specific dns zone (on an intranet)

What are the possible causes for me to not be able to do a "dig axfr" from a particular server?   When I try to do:
dig axfr corpA.example.com @corpAdns_server
I get good results (entire forward lookup table)
but when I do:
dig axfr corpB.example.com @corpBdns_server
I get "Transfer failed"

What do I need to ask my corpB DNS server admins to do to allow me to pull the zone using dig axfr?

  • 2
2 Solutions
What kind of DNS server is it? It might be configured to deny AXFR requests (e.g. allow them only to hosts listed as NS of the zone)
you need to be entitled to zone transfer. this is normally configured so that name servers can remain in sync, but this is what would be required for you to pull all records from a zone.

jdanAuthor Commented:
I found the answer to be adding my server to the  the allow-transfer {} entry in the named.conf file.
jdanAuthor Commented:

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now