[dns-operations] Whimsical AXFR behavior ?

Marjorie marjorie at id3.net
Sun Jun 23 23:23:21 UTC 2013

Hello List,

Right now I am busy with another little project: it is a small search 

In order to discover more possible hosts to scan I am doing zone 
transfers from the name servers that still support the feature...
The syntax is like this: dig -t AXFR zone @nameserver

I have noticed the following:
1. Unsurprisingly, most NS no longer support AXFR, at least they do not 
serve zone transfers to outsiders - that is certainly expected in 2013.
2. For a given zone, it's not unusual to experience differences in 
behavior between the different NS. For example NS1.zone.tld may honor 
the AXFR request while NS2,3,4,5... will deny the request. Not 
surprising either, after all it should not be assumed that all the NS 
have the same configuration or even the same software/versions. I am 
also assuming that a NS that still allows AXFR is more an oversight or 
the result of an old config than a deliberate choice ;-)
3. I know that the behavior can be dictated by ACLs - sometimes the AXFR 
will be possible when the request was made from a certain IP range.
4. Now something more puzzling, I have noticed at least one NS that 
exhibits some sort of random behavior: it typically denies AXFR at the 
first attempt but after repeating the request five or seven times (more 
or less) it finally releases the zone data as requested... some days it 
is not in a good mood: after 20 tries it still says "No !" o:) So that 
depends. I am really wondering what makes a NS behave like that ?


More information about the dns-operations mailing list