
	Where results make sense

Topic: DNS zone transfer

Related Topics

DNS zone

PTR record

Domain Name System

Virtual hosting

	DNS Name Server Zone Transfer
		This is a tool that I primarily built for myself, but you can use it to check the zone files of your own domains if you wish.
		Most name servers restrict the IP address that can do a zone transfer, so for most people it's not going to be terribly useful unless you allow this server's IP address to request a zone transfer from your name server.
		Attempt to zone transfer for the following domain...
	www.digitalpoint.com /tools/zone-transfer (105 words)

	DNS zone transfer - Wikipedia, the free encyclopedia
		The parties involved in a zone transfer are a client (the "slave" requesting the data from a portion of the database to be transferred to it) and a server (the "master" supplying those data from its database).
		The portion of the database that is replicated is a "zone".
		Clients schedule zone transfers initially, when their databases are empty, at thereafter at regular intervals, in a pattern controlled by the values in the "refresh", "retry", and "expire" fields in the SOA resource record of the zone apex.
	en.wikipedia.org /wiki/DNS_zone_transfer (1959 words)

	Domain Name System (DNS) Security
		The threats that surround the DNS are due in part to the lack of authenticity and integrity checking of the data held within the DNS and in part to other protocols that use host names as an access control mechanism.
		The DNS is a hierarchical tree structure whose root node is known as the root domain.
		Another contributing factor to the vulnerabilities in the DNS is that the DNS is designed to be a public database in which the concept of restricting access to information within the DNS name space is purposely not part of the protocol.
	www.geocities.com /compsec101/papers/dnssec/dnssec.html (9934 words)

	DNS BIND Zone Transfers and Updates
		Defines an alternative local IP address to be used for inbound zone transfers by the server if that defined by transfer-source (transfer-source-v6) fails and use-alt-transfer-source is enabled.
		The differences are then logged in the zone's journal file (.jnl appended to zone file name) such that the changes can be transmitted to downstream slaves as an incremental zone transfer.
		This statement may be specified in normal zone or view clauses or in a global options clause.
	www.zytrax.com /books/dns/ch7/xfer.html (2179 words)

	Domain Name System (Site not responding. Last check: 2007-10-11)
		DNS is carefully designed so that each machine can get away with the minimum amount of knowledge it needs to have about the shape of the tree, and local changes to subtrees can be made simply by changing one authoritative server's database of name-to-IP-address mappings.
		DNS was designed as a tree structure, where each domain (node in the tree structure) is named.
		DNS uses a client-server model, which means that the name servers contain information about a portion of the DNS database and they provide this information to clients that query the name server across the network.
	www.siu.edu /~bkearney/415/DNS.htm (2839 words)

	[No title]
		INTERNET-DRAFT Andreas Gustafsson draft-ietf-dnsext-axfr-clarify-00.txt Nominum Inc. March 2000 DNS Zone Transfer Protocol Clarifications Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.
		Abstract In the Domain Name System, zone data is replicated among authoritative DNS servers by means of the "zone transfer" protocol, also known as the "AXFR" protocol.
		DNS message header contents Expires September 2000 [Page 2] draft-ietf-dnsext-axfr-clarify-00.txt March 2000 RFC1034 does not specify the contents of the DNS message header of the zone transfer response messages.
	www3.ietf.org /proceedings/00jul/I-D/dnsext-axfr-clarify-00.txt (1152 words)

	[No title] (Site not responding. Last check: 2007-10-11)
		Traditionally zone transfers required that the slave server reload the entire database from the master server, however RFC 1995 defines the concept of incremental zone transfers whereby the master server only returns those portions of the database that have changed.
		For this mechanism to operate correctly, the slave server must first inform the master of the version of the database it currently holds (that is, the serial number of the currently held database) and the master server then calculates the changes by examining a 'rollback' history of changes made between each version of the database.
		The zone transfer process is triggered by the expiry of a timer that the slave server maintains for each zone (see the SOA Resource Record), and as such the slave may operate with incomplete, or incorrect information until it next attempts to reload zone information from the master server.
	www.camtp.uni-mb.si /books/Internet-Book/DNS_ZoneTransfers.html (368 words)

	Identify and Mitigate Windows DNS Threats
		Zone transfers are preventable at the firewall and routers on the perimeter of your network.
		DNS client queries are transmitted on UDP port 53, and TCP port 53 is used for zone transfers.
		DNS Cache Poisoning is a situation in which an attacker is able to predict the DNS sequence numbers in a DNS conversation between server and client, and then insert bogus data into the data stream.
	www.enterprisenetworkingplanet.com /netsecur/article.php/3522106 (1603 words)

	3.3 Cancellation of DNS Zone Transfer of JP Domain and Lists ...
		DNS which previously conducted direct zone transfer using the JP primary server or official secondary servers may experience the following problems as a result of the cancellation of zone transfer for the JP primary server.
		DNS zone transfer is now conducted only to official secondary servers managed at JPNIC's request, with all transfer requests from other servers being refused.
		As indicated in Announcement [5] on January 29, 1999, exceptional treatment was to be provided whereby DNS zone transfers would be permitted under certain conditions, but as of Announcement [6] on April 1, DNS zone transfers were, in principle, to be prohibited, for the following reasons.
	www.nic.ad.jp /en/newsletter/no14/sec03-03.html (982 words)

	[No title]
		Introduction For rapid propagation of changes to a DNS database [STD13], it is necessary to reduce latency by actively notifying servers of the change.
		The current full zone transfer mechanism (AXFR) is not an efficient means to propagate changes to a small part of a zone, as it transfers the entire zone file.
		For example, if multiple ftp servers share a single DNS name and the IP address associated with the name is changed once a minute to balance load between the ftp servers, it is not so important to keep track of all the history of changes.
	www.uniovi.es /SI/Servicios/estandares/dns/rfc1995.txt (1580 words)

	RFC 1995 - Incremental Zone Transfer in DNS. M. Ohta. (Site not responding. Last check: 2007-10-11)
		RFC 1995 - Incremental Zone Transfer in DNS.
		RFC 1995 Incremental Zone Transfer in DNS August 1996 An IXFR server should keep record of the newest version of the zone and the differences between that copy and several older versions.
		RFC 1995 Incremental Zone Transfer in DNS August 1996 4.
	rfc.sunsite.dk /rfc/rfc1995.html (1556 words)

	[No title] (Site not responding. Last check: 2007-10-11)
		In the DNS protocol, however, no such separators are needed because each label is encoded as a length octet followed by the indicated number of octets of label.
		Note that it is theoretically possible for a valid DNS name to exceed the allowed length of an SNMP object identifer, and thus be impossible to represent in tables in this MIB that are indexed by DNS name.
		Each of the zones may be loaded from stable storage via an implementation-specific mechanism or may be obtained from another name server via a zone transfer.
	www.enterasys.com /pub/snmp/mibs/standards/ietf/DNS-SERVER-MIB (1272 words)

	RFC 1279 (rfc1279) - X.500 and Domains
		It is assumed that the master entries are maintained by use of DNS Zone Transfer (or equivalent), and that they can be treated as authoritative.
		A tool to perform zone transfer (in both directions) between a DNS Server and a DSA would seem to be both straightforward and useful.
		The Zone Transfer Tool (3) can be used to download a large part of the DNS space into a single DSA (there will be some restrictions, as parts of the DNS hierarchy do not permit zone transfer).
	www.faqs.org /rfcs/rfc1279.html (3348 words)

	axfr-get(8): DNS zone-transfer client - Linux man page
		It skips the zone transfer, leaving fn alone, if fn already exists, fn has a serial number matching (or above) the zone serial number, and both serial numbers are nonzero.
		It accepts records in child zones, but it marks all child zones as non-authoritative, so tinydns(8) will not report those records except as glue.
		If you plan to merge the axfr-get results for a domain and a child of the same domain, creating a file authoritative for both zones, make sure to eliminate records in the first output that are within the child zone.
	www.die.net /doc/linux/man/man8/axfr-get.8.html (281 words)

	Zone Transfer
		A standard DNS architecture will have a primary authoritative server that the DNS administrator configures with domain information in one or more zone files.
		The secondary server will not transfer any zone that is not properly configured and does not list the secondary DNS server in the SOA record and where no name server (NS) record for the server doesn't exist.
		Normally a zone transfer is initiated by the secondary server after refresh time set in the zone's SOA record has expired.
	www.inetdaemon.com /tutorials/internet/dns/zone_transfer.shtml (400 words)

	ISS X-Force Database: dns-zonexfer(212): DNS honors zone transfer requests (Site not responding. Last check: 2007-10-11)
		Zone transfers contain lists that identify every computer registered with the DNS (Domain Name System) server.
		If the source port of the DNS zone transfer request is a privileged port number (below 1024), it could indicate that another DNS server has made the request.
		If your DNS server should not be participating in zone transfers, configure your DNS server to prevent zone transfers.
	xforce.iss.net /xforce/xfdb/212 (257 words)

	Windows NT Server Resource Kit: Managing Microsoft DNS Servers
		When a change is made to the zone data, such as delegating a portion of the zone to another DNS server or adding hosts in the zone, these changes must be made on the primary DNS server so that the new information is entered in the local zone file.
		The DNS services for the external and internal networks should be entirely isolated from one another to prevent computers outside the internal network from obtaining the names and IP addresses for resources located on the internal side of the firewall.
		When a DNS server which is configured to use forwarders receives a DNS request that it is unable to resolve (through its own zone files), it passes the request to one of the designated forwarders.
	www.microsoft.com /technet/archive/winntas/support/sur_dns.mspx (9208 words)

	BIND-to-djbdns Migration Guide / HOWTO
		Zone file format is much easier to use, unlike the format that BIND uses, which is prone to typographical errors, and is very difficult to write automated scripts for, due to its convolution.
		To administer a DNS server takes technical knowledge and understanding, and in order to administer djbdns, you must fully understand many concepts, some of which I will explain in the next section.
		Once your zone files are ready and data.cdb is created, you are ready to switch your main DNS over to tinydns.
	www.flounder.net /djbdns/bind-to-djbdns.html (2176 words)

	2000401
		Most DNS queries consist of a request to resolve a domain name into a single IP address.
		One such option is known as a "Zone Transfer" where somebody can download the entire table of names and IP addresses.
		Also, some customers are running DNS lookup programs like 'nslookup' or 'dig' on their own machines.
	www.iss.net /security_center/advice/Intrusions/2000401/default.htm (247 words)

	Microsoft DNS - Wikipedia, the free encyclopedia
		With the DNS Client service running: The "hosts" file is read and parsed only a few times, once at service startup, and thereafter whenever the DNS Client service notices that it has been modified.
		As of 2004, it was the fourth most popular DNS server (counting BIND version 9 separately from versions 8 and 4) for the publication of DNS data.
		DNS data can be stored either in master files (also known as zone files) or in the Active Directory database itself.
	en.wikipedia.org /wiki/Microsoft_DNS (1218 words)

	Using NSlookup.exe
		For example, the current DNS settings are att.com and a query is performed on www.microsoft.com; the first query will go out as www.microsoft.com.att.com because of the query being unqualified.
		Zone transfers can be blocked at the DNS server so that only authorized addresses or networks can perform this function.
		The first error indicates that the DNS server cannot be reached or the service is not running on that computer.
	support.microsoft.com /default.aspx?scid=KB;EN-US;q200525 (1113 words)

	[No title]
		The DNS is implemented widely now, and changes to critical portions of the protocol could cause havoc for years.
		Conceivably the zone transfer agent could obtain the information from any number of sources (e.g., a load average daemon, a round-robin sorter) and present the information back to the nameserver for distribution.
		The zone transfer agent would have to account for any "mis- ordering" that may occur locally, but remote reordering (e.g., client side sortlists) of RRs is is impossible to predict.
	www.ietf.org /rfc/rfc1794.txt (2151 words)

	Oversimplified DNS - A record (address)
		To do a zone transfer in NSLOOKUP, first type "server nameserver.example.com", where "nameserver.example.com" is one of your nameservers (try the primary nameserver first, if it doesn't work, try the secondary(s)).
		To do a zone transfer in Sam Spade, go to the Tools menu, and choose "Zone Transfer" (if it is greyed out, go to the Edit menu, choose Options, then the Advanced table, and click 'Enable zone transfers').
		If you can't get a zone transfer, the next step is to get the zone file from your primary nameserver (you'll may need to look at the instructions for your DNS server software to see where the file is located).
	www.rscott.org /dns/a.html (775 words)

	Solaris DNS Links
		DNS supports name resolution for both local and remote hosts, and uses the concept of domains to allow multiple hosts with identical name to coexist on the Internet.
		When zone file is updated on the master server, the slave server will either act on a notification of the update, or if the notification is lost, notice that a long time has elapsed since it last heard from the master server.
		But understand that until tools for digital signatures in DNS are finished and deployed, you are going to be at risk from the DNS counterfeiting attacks that lie not too far in the future (and that have apparently already occurred in China).
	www.softpanorama.org /DNS/index.shtml (8632 words)

	492: DNS Zone Transfer Information Disclosure (Site not responding. Last check: 2007-10-11)
		DNS contains a flaw that may lead to an unauthorized information disclosure.
		The issue is triggered when the host's DNS name server allows zone transfers to replicate zone information between master and slave DNS servers.
		If zone transfers have not been restricted to authorized slave servers only, a remote attacker could disclose sensitive network information resulting in a loss of confidentiality.
	www.osvdb.org /displayvuln.php?osvdb_id=492 (304 words)

	Explanation of a DNS Zone Transfer
		Definition of a Zone Transfer: A Zone Transfer is the term used to refer to the process by which the contents of a DNS Zone file are copied from a primary DNS server to a secondary DNS server.
		Zone Transfers are always initiated by the secondary DNS server.
		Because JH40PS is on the Notify List, the primary DNS server sends this frame to notify the secondary DNS server that a change has occurred and that the secondary DNS server should query the SOA resource record.
	support.microsoft.com /kb/164017 (1204 words)

	[No title] (Site not responding. Last check: 2007-10-11)
		is responsible for rejecting connections from hosts not authorized to perform zone transfers.
		Zone-transfer clients rely on zone serial numbers changing for every zone modification.
		file as its serial number for all zones.
	cr.yp.to /djbdns/axfrdns.html (321 words)

	1998: SUMMARY: DNS zone transfer problems
		I gutted the zone information from named.boot and removed the zone db files, then restarted the server.
		The server I am trying to transfer with apparently doesn*t know who is authoritative for its domain.
		The second possible scenario is that a) they changed their DNS structure and did not advise us they did so, and/or b) they are blocking the zone transfer traffic at a router level (they have recently shorn up their security).
	www.sunmanagers.org /archives/1998/1262.html (842 words)

	DNS Protocol Related Documents
		DNS Security (DNSSEC) technology is composed of extensions to the Domain Name System (DNS) protocol that provide data integrity and authentication to security aware resolvers and applications through the use of cryptographic digital signatures.
		The delegation signer (DS) resource record is inserted at a zone cut (i.e., a delegation point) to indicate that the delegated zone is digitally signed and that the delegated zone recognizes the indicated key as a valid zone key for the delegated zone.
		The original function and purpose of the DNS is reviewed, and contrasted with some of the functions into which it is being forced today and some of the newer demands being placed upon it or suggested for it.
	www.faqs.org /rfcs/dns-rfcs.html (2768 words)

Try your search on: Qwika (all wikis)