Two types of DNS zone transfer
DNS zone transfer is a critical component for better performance of your Domain Name System. In this article we will take a look at why it is important and which are the most popular zone transfer types – AXFR and IXFR.
What is the DNS zone?
The Internet Engineering Task Force (IETF) coined the word DNS zone in 1987. It has a critical function: it allows different DNS administrators to administer and manage various components of the global DNS system. This is the major reason behind the global naming database’s decentralized character.
The DNS zone consists of DNS records such as A, AAAA, MX, TXT, PTR, and so on. It’s worth mentioning that the SOA record, which is the first DNS record, also contains basic information about the zone, the DNS administrator, and various DNS zone transfer settings (Refresh and Retry rate).
DNS zone fransfer – meaning
When you copy data from one zone (DNS records) and paste it into another name server, you’re doing DNS zone transfer. What makes you want to do that? In the case of a global domain with visitors from all over the world and numerous Points of Presence (PoP), having multiple copies of your DNS records on several name servers can ensure greater availability in the event of a name server failure and faster DNS resolution.
The most common DNS zone transfer types
AXFR zone transfer (Full zone transfer)
The first is “full zone transfer.” The basic goal of AXFR zone transfer is to send all DNS records from the Primary DNS server to the Slave DNS server. All DNS records will be up to date due to this zone move. They are identical to those in the Master DNS zone.
You can utilize the AXFR zone transfer when you’re deploying one or more Secondary DNS servers and want to replicate DNS records straight away.
If you know, one or more Secondary DNS servers haven’t been updated in a while. Then, you can also compel a full zone transfer.
IXFR zone transfer (Partial zone transfer)
It is possible to simply copy new changes from the Master zone to the Secondary zone. It’s not usually necessary to duplicate all DNS records. When you only need to alter a few DNS entries, the IXFR zone transfer can help. You’ve added two new A records, for example, but the remainder of the table remains unchanged. You can obtain the data from the Secondary DNS server. It can be configured to compare the serial numbers of the SOA record after a certain amount of time to see if the Master has changed. It will ask the Master DNS server for modifications if the serial number it holds is lower.
Another option is for the Master DNS server to send a notification to the Secondary DNS server informing them of the change. They can then request the modification, and if they are permitted to do so, they will receive the new or amended DNS entries. As you can see, IXFR zone transfer requires less data transmission, and it is the more practical approach in most circumstances, especially if you have already set up Secondary DNS servers.
Conclusion
Considering all of the facts, DNS zone transfer is a very useful method that can help you in crisis situations (for example, if your server is down). Of course, this is not a must. But if you don’t have it, it could cost you a lot of lost money and potential customers in a future attack. So, do not wonder, and if you haven’t implemented it in your system yet, do it.