DNS zone transfer stands for a process of sharing DNS records, the whole zone file, or only the most recent DNS records. They are copied from the Primary DNS server to the Secondary server or servers. The zone transfer can be done by pushing the update from the Master DNS server to the Secondary servers or by a pull from the Secondaries to obtain the new changes.

There are two types of DNS zone transfer:

  • AXFR (Full zone transfer) - it is a complete transfer of all the data (DNS records) from the Master DNS server to a Secondary DNS server.
  • IXFR (Partial zone transfer) - it is an option to transfer only the new changes from the Master zone to the Secondary zone. Not always you want to copy all the DNS records.

Hackers can obtain the zone file by performing an AXFR request. You can prevent this if you allow just trusted DNS servers to perform them.

If you are interested in the theme, we recommend you to read the following article about initiating a zone transfer!