[dns-operations] TLDs allowing zone transfers

Mark Andrews marka at isc.org
Sun Sep 25 20:52:30 UTC 2016

GSA also publishes the entire .GOV contents periodically.  I'd
prefer it as a axfr so I don't have to take the Alexa to 1M and
merge the .GOV zones from there to get a almost up to date list to
generate the EDNS compliance report for the full GOV zone.


If/when GoDaddy, Microsoft (Azure) and Amazon fix their servers a
lot of the broken EDNS will go away world wide.  Amazon have stopped
blocking EDNS version 1 traffic but the still news to correctly
respond to EDNS version 1 queries.

If a server is echoing a EDNS option it is a good chance that it
is hosted my Microsoft.

If a server is echoing EDNS flags it is a good chance that it is
hosted by GoDaddy.

If you want to know who will stuff up future deployment of EDNS
extensions unless they fix their servers look above.  It really
isn't hard to fix these servers.  10 minutes of work to fix the
code + QA then rollout is all that is needed.

There are big DNS hosters that have EDNS compliant servers.  Cloudflare
asked "do you see anything wrong?" and fixed the issues overnight,
then came back and asked again.


In message <20160925184158.GB24433 at vic20.blipp.com>, Patrik Wallstrom writes:
> Thanks for the list Stephane. The .se zone is also freely available
> since May at https://zonedata.iis.se/
> I also regularly monitor the TLD space with Zonemaster, which can give
> us a fresh list of TLDs with open AXFR:
> https://tldmonitor.blipp.com/tag/AXFR_AVAILABLE
> Also keep in mind that most of the newgTLDs are available through the
> CZDS ICANN service: https://czds.icann.org/
> On Sun, 25 Sep 2016, Stephane Bortzmeyer wrote:
> >Following the buzz about the TLD .kp, which allowed zone transfer,
> >then closed it, here is the current list of TLD where at least one
> >name server allows zone transfers. Three things to keep in mind:
> >
> >1) In some cases, the TLD registers most domains at the third level,
> >so downloading the TLD yieds little information.
> >
> >2) I don't express any opinion regarding this configuration. Allowing
> >zone transfers or not is a local policy decision.
> >
> >3) Some TLD (like .fr, see <http://opendata.nic.fr/>) allows to
> >retrieve the entire list of domains, just not through AXFR.
> >
> >AO (Angola)
> >BB (Barbados)
> >BD (Bangladesh)
> >BF (Burkina-Faso)
> >BI (Burundi)
> >BN (Brunei)
> >BV (Bouvet, somewhere in cold seas)
> >CW (Curacao)
> >CY (Cyprus)
> >ER (Erythrea)
> >GM (Gambia)
> >GY (Guayana)
> >KW (Koweit)
> >MC (Monaco)
> >MR (Mauritania)
> >MV (Maldives, warms seas, this time)
> >MW (Malawi)
> >NP (Nepal)
> >PG (Papouasia)
> >SJ (Svalbard, see Bouvet)
> >SL (Sierra Leone)
> >SV (Salvador)
> >SY (Syria)
> >TJ (Tadjikistan)
> >TO (Tonga)
> >XN--FZC2C9E2C (, Sri Lanka)
> >XN--J1AMH (, Ukraine)
> >XN--OGBPF8FL (, Syria, again)
> >XN--XKC2AL3HYE2A (, , Sri Lanka, also, probably one TLD in tamil
> >   and one in cinghalese)
> >XN--YGBI2AMMX (  , Palestine, while .PS is closed)
> >YE (Yemen)
> >ZW (Zimbabwe)
> >
> >_______________________________________________
> >dns-operations mailing list
> >dns-operations at lists.dns-oarc.net
> >https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> >dns-operations mailing list
> >https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list