Product SiteDocumentation Site

9.10. Enabling Zone Transfers

Name servers maintain authoritative data for the zones; as changes are made to the zones, those changes must be sent to and distributed among the name servers for the DNS domain. A zone transfer moves resource records from one name server to another. An authoritative transfer (AXFR) is a zone transfer which includes that authoritative data for the zone (as opposed to an incremental transfer, which only delivers the most immediate zone change).
Zone transfers are defined in RFC 1034 and RFC 5936.
Zone transfers can be enabled when the zone is created or when it is modified by using the --allow-transfer option to set a list of name servers to which the zone records can be transferred.
For example:
[jsmith@server ~]$ ipa dnszone-mod --allow-transfer=255.255.255.255;0.0.0.0;1.2.3.4 example-zone
The default is any, which the zone to be transferred anywhere in the DNS domain.
Once it is enabled in the bind service, FreeIPA DNS zones can be transferred, by name, by clients like dig:
[root@server ~]# dig @ipa-server zone_name AXFR