Zone Transfer
The DNS operation that replicates a zone file from a primary nameserver to one or more secondary nameservers.
A zone transfer is how DNS keeps multiple authoritative nameservers in sync for the same zone. The primary nameserver holds the master copy of the zone file; secondaries pull updates either fully (AXFR) or incrementally (IXFR), typically authenticated with TSIG. Healthy operation requires that all secondaries answer with identical data, so an unrestricted or broken zone transfer is both an information disclosure risk (anyone can dump the zone) and a consistency risk. Auditing for accidentally open AXFR is a standard external-attack-surface check.
Reference
Related terms
See also
Referenced on
- Complete Guide to DNS Attacks and DNS Security (Prevention, Testing & Mitigation)
- DNS Blog
- DNS Propagation Checker
- DNS Zone Transfer Attack (AXFR): How a Single Query Exposes Your Entire Domain
- DNS Zone Walking at the TLD Level: How Attackers Discover Every Domain in a TLD
- DNS Zone Walking for Subdomain Enumeration: How NSEC Exposes Your Subdomains
- Free DNS Lookup Tool
- How DNS Queries Work: A Developer's Guide to the DNS Protocol
- IPv6 Adoption: Which Countries and TLDs Are Leading the Transition?
- Subdomain Takeover: How Dangling DNS Records Let Attackers Hijack Your Domain
- Understanding DNS Record Types: A, AAAA, CNAME, MX, TXT, and More
- What Happens When One DNS Provider Goes Down: The Hidden Fragility of TLD Ecosystems