The DNS is a complicated system that serves as a global database of domain names and IP addresses. The Internet strongly relies on DNS for its existence so much that it could be impossible to imagine its functionality without it. All the DNS data is written on DNS records, but how to copy them from server to server? With DNS zone tranfer.
DNS is divided into small administrative parts called DNS zones. The DNS zones contain all the DNS records for the particular zone. They exist, so the whole system can get decentralized and be managed more practically. Each of the DNS zones is managed by a different DNS administrator. For example, when you get a domain name, you can get the right to manage its zones. You need to get delegated this right, and then you can delegate yourself for all the subzones.
DNS zone transfer.
DNS zone transfer is when you copy the data from one zone (the DNS records) and duplicate the data into another name server. Why would you like to do that? Having several copies of your DNS records on multiple name servers will guarantee better availability in case of a name server failure and faster DNS resolution in case of a global domain with visitors from all around the globe and multiple points of presence.
Types of DNS zone transfer.
There are two types of DNS zone transfer that you can perform between name servers:
- Full zone transfer (AXFR zone transfer). This one is used to copy all the DNS records from the Primary name server to another name server (Secondary). You can use it if you haven’t updated the Secondary for a while and you want to make sure it is up to date. Another reason to use the full zone transfer is to copy the data to a newly deployed name server that has no previous information.
- Incremental zone transfer (IXFR zone transfer). This one is used to update only the newly modified DNS records (deleted, modified, or created) from the Primary name server to the Secondary name servers. You can use it to use less bandwidth and update only the changes. Not the full zone file. It is more practical to use once you already have set up all the Secondary name servers.
How does the DNS zone transfer happen?
You can perform DNS zone transfer in two ways:
- Propagate the changes. You can edit the Primary zone file inside the authoritative name server for the zone and propagate the change to the Secondary name server that you have. That way, you know exactly when the Secondary name servers were last updated and what information they have.
- Set the Secondary name server to auto-update. You can use the SOA records to set up a refresh interval that indicates when Secondary should check for changes with the Primary name server. They can use the IXFR DNS zone transfer and get the update when the time indicates it. For that purpose, you will need to use a security method like Whitelisting that allows only particular IP addresses (those of the Secondary name server) to be able to get DNS updates from the Primary name server. If you don’t do it, anybody could perform a DNS zone transfer and get your DNS records. That could be a bit security risk for your company.
DNS zone transfer is the process that DNS uses to copy zone files or particular DNS records from a Primary name server to a Secondary name server or Secondary name servers.