What could be preventing me from getting good "dig axfr" results from a specific dns zone (on an intranet)

Posted on 2010-01-07
Last Modified: 2012-05-08
What are the possible causes for me to not be able to do a "dig axfr" from a particular server?   When I try to do:
dig axfr @corpAdns_server
I get good results (entire forward lookup table)
but when I do:
dig axfr @corpBdns_server
I get "Transfer failed"

What do I need to ask my corpB DNS server admins to do to allow me to pull the zone using dig axfr?

Question by:jdan
    LVL 20

    Assisted Solution

    What kind of DNS server is it? It might be configured to deny AXFR requests (e.g. allow them only to hosts listed as NS of the zone)
    LVL 27

    Accepted Solution

    you need to be entitled to zone transfer. this is normally configured so that name servers can remain in sync, but this is what would be required for you to pull all records from a zone.


    Author Comment

    I found the answer to be adding my server to the  the allow-transfer {} entry in the named.conf file.

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    Title # Comments Views Activity
    External IP vs Internal IP 4 54
    Slow internet/DNS 6 56
    Adding Mail server to SPF record 5 39
    Dyndns Configuration 3 35
    I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
    I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    6 Experts available now in Live!

    Get 1:1 Help Now