You are currently offline, waiting for your internet to reconnect

Explanation of a DNS Zone Transfer

This article was previously published under Q164017
SUMMARY
This article discusses the circumstances that can trigger a Domain NameSystem (DNS) Zone Transfer, the purpose of zone transfers, and how theprocess works.
MORE INFORMATION
Definition of a Zone Transfer: A Zone Transfer is the term used to refer tothe process by which the contents of a DNS Zone file are copied from aprimary DNS server to a secondary DNS server.

A Zone transfer will occur during any of the following scenarios:
  • When starting the DNS Service on the secondary DNS server.
  • When the refresh time expires.
  • When changes are saved to the Primary Zone file and there is a Notify List.
Zone Transfers are always initiated by the secondary DNS server. Theprimary DNS server simply answers the request for a Zone Transfer.

The following Network Monitor Capture sequence shows the process wheneither the DNS Service is started on the secondary DNS server or therefresh time expires:

Frame 1: The secondary DNS server - JH40PS - requests the SOA record fromthe primary DNS server - SERVER - for Zone DOMAIN.COM. Note DNS QuestionType.

JH40PS SERVER DNS 0x4000:Std Qry for domain.com. of type SOA on classINET addr.

DNS: 0x4000:Std Qry for domain.com. of type SOA on class INET addr.
    DNS: Query Identifier = 16384 (0x4000)    DNS: DNS Flags = Query, OpCode - Std Qry, RCode - No error        DNS: 0............... = Query        DNS: .0000........... = Standard Query        DNS: .....0.......... = Server not authority for domain        DNS: ......0......... = Message complete        DNS: .......0........ = Iterative query desired        DNS: ........0....... = No recursive queries        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 0 (0x0)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: domain.com. of type SOA on class INET addr.        DNS: Question Name: domain.com.        DNS: Question Type = Start of zone of authority        DNS: Question Class = Internet address class				

Frame 2: The primary DNS server responds with the contents of the SOArecord in the Answer Section.

SERVER JH40PS DNS 0x4000:Std Qry Resp. for domain.com. of type SOA onclass INET addr.

DNS: 0x4000:Std Qry Resp. for domain.com. of type SOA on class INET addr.
    DNS: Query Identifier = 16384 (0x4000)    DNS: DNS Flags = Response, OpCode - Std Qry, AA RA Bits Set, RCode - No         error        DNS: 1............... = Response        DNS: .0000........... = Standard Query        DNS: .....1.......... = Server authority for domain        DNS: ......0......... = Message complete        DNS: .......0........ = Iterative query desired        DNS: ........1....... = Recursive queries supported by server        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 1 (0x1)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: domain.com. of type SOA on class INET addr.        DNS: Question Name: domain.com.        DNS: Question Type = Start of zone of authority        DNS: Question Class = Internet address class    DNS: Answer section: domain.com. of type SOA on class INET addr.        DNS: Resource Name: domain.com.        DNS: Resource Type = Start of zone of authority        DNS: Resource Class = Internet address class        DNS: Time To Live = 86400 (0x15180)        DNS: Resource Data Length = 41 (0x29)        DNS: Primary Name Server: server.domain.com.        DNS: Responsible Authorative Mailbox: administrator.domain.com.        DNS: Version number = 26 (0x1A)        DNS: Refresh Interval = 300 (0x12C)        DNS: Retry interval = 120 (0x78)        DNS: Expiration Limit = 600 (0x258)        DNS: Minimum TTL = 86400 (0x15180)				

Frame 3: Having compared the version number (serial number) and found it tobe different than its current version number, the secondary DNS server nowrequests a Zone Transfer. Note the Question Type in the DNS QuestionSection.

JH40PS SERVER DNS 0x0:Std Qry for domain.com. of type Req. for znXfer on class INET addr.

DNS: 0x0:Std Qry for domain.com. of type Req. for zn Xfer on class INETaddr.
    DNS: TCP Length = 31 (0x1F)    DNS: Query Identifier = 0 (0x0)    DNS: DNS Flags = Query, OpCode - Std Qry, RCode - No error        DNS: 0............... = Query        DNS: .0000........... = Standard Query        DNS: .....0.......... = Server not authority for domain        DNS: ......0......... = Message complete        DNS: .......0........ = Iterative query desired        DNS: ........0....... = No recursive queries        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 0 (0x0)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: domain.com. of type Req. for zn Xfer on class         INET addr.        DNS: Question Name: domain.com.        DNS: Question Type = Request for zone transfer        DNS: Question Class = Internet address class    DNS: Frame Padding				

Frame 4: The primary DNS server complies with the request for a ZoneTransfer. The entire contents of the Zone file are transferred in the DNSAnswer section.

SERVER JH40PS DNS 0x0:Std Qry Resp. for domain.com. of type SOA onclass INET addr.

DNS: 0x0:Std Qry Resp. for domain.com. of type SOA on class INET addr.
    DNS: TCP Length = 445 (0x1BD)    DNS: Query Identifier = 0 (0x0)    DNS: DNS Flags = Response, OpCode - Std Qry, RA Bits Set, RCode - No         error        DNS: 1............... = Response        DNS: .0000........... = Standard Query        DNS: .....0.......... = Server not authority for domain        DNS: ......0......... = Message complete        DNS: .......0........ = Iterative query desired        DNS: ........1....... = Recursive queries supported by server        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 16 (0x10)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: domain.com. of type Req. for zn Xfer on class         INET addr.        DNS: Question Name: domain.com.        DNS: Question Type = Request for zone transfer        DNS: Question Class = Internet address class    DNS: Answer section: . of type SOA on class INET addr.(16 records         present)        DNS: Resource Record: domain.com. of type SOA on class INET addr.            DNS: Resource Name: domain.com.            DNS: Resource Type = Start of zone of authority            DNS: Resource Class = Internet address class            DNS: Time To Live = 86400 (0x15180)            DNS: Resource Data Length = 41 (0x29)            DNS: Primary Name Server: server.domain.com.            DNS: Responsible Authorative Mailbox: administrator.domain.com.            DNS: Version number = 26 (0x1A)            DNS: Refresh Interval = 300 (0x12C)            DNS: Retry interval = 120 (0x78)            DNS: Expiration Limit = 600 (0x258)            DNS: Minimum TTL = 86400 (0x15180)        DNS: Resource Record: domain.com. of type Host Addr on class INET             addr.            DNS: Resource Name: domain.com.            DNS: Resource Type = Host Address            DNS: Resource Class = Internet address class            DNS: Time To Live = 86400 (0x15180)            DNS: Resource Data Length = 4 (0x4)            DNS: IP address = 130.0.10.150        DNS: Resource Record: domain.com. of type Auth. NS on class INET             addr.            DNS: Resource Name: domain.com.            DNS: Resource Type = Authoritative Name Server            DNS: Resource Class = Internet address class            DNS: Time To Live = 86400 (0x15180)            DNS: Resource Data Length = 10 (0xA)            DNS: Authoritative Name Server: server.domain.com.        DNS: Resource Record: Dell.domain.com. of type Host Addr on class             INET addr.            DNS: Resource Name: Dell.domain.com.            DNS: Resource Type = Host Address            DNS: Resource Class = Internet address class            DNS: Time To Live = 86400 (0x15180)            DNS: Resource Data Length = 4 (0x4)            DNS: IP address = 130.0.10.30        DNS: Resource Record: JH40PS.domain.com. of type Host Addr on                 class INET addr.            DNS: Resource Name: JH40PS.domain.com.            DNS: Resource Type = Host Address            DNS: Resource Class = Internet address class            DNS: Time To Live = 86400 (0x15180)            DNS: Resource Data Length = 4 (0x4)            DNS: IP address = 130.0.10.155				

If changes are made to the Zone file and there are entries in the NotifyList, the following sequence will occur before the regular Zone Transfersequence as outlined above.

Frame A: In this frame, a change has been made to the Zone file. BecauseJH40PS is on the Notify List, the primary DNS server sends this frame tonotify the secondary DNS server that a change has occurred and that thesecondary DNS server should query the SOA resource record.

SERVER JH40PS DNS 0x0:Std Qry for domain.com. of type SOA on classINET addr.

DNS: 0x0:Std Qry for domain.com. of type SOA on class INET addr.
    DNS: Query Identifier = 0 (0x0)    DNS: DNS Flags = Query, OpCode - Rsrvd, AA Bits Set, RCode - No error        DNS: 0............... = Query        DNS: .0100........... = Reserved        DNS: .....1.......... = Server authority for domain        DNS: ......0......... = Message complete        DNS: .......0........ = Iterative query desired        DNS: ........0....... = No recursive queries        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 0 (0x0)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: domain.com. of type SOA on class INET addr.        DNS: Question Name: domain.com.        DNS: Question Type = Start of zone of authority        DNS: Question Class = Internet address class				

Frame B: The secondary DNS server acknowledges the receipt of Frame 1.

JH40PS SERVER DNS 0x0:Std Qry Resp.

DNS: 0x0:Std Qry Resp.
    DNS: Query Identifier = 0 (0x0)    DNS: DNS Flags = Response, OpCode - Rsrvd, AA Bits Set, RCode - No         error        DNS: 1............... = Response        DNS: .0100........... = Reserved        DNS: .....1.......... = Server authority for domain        DNS: ......0......... = Message complete        DNS: .......0........ = Iterative query desired        DNS: ........0....... = No recursive queries        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 0 (0x0)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: domain.com. of type SOA on class INET addr.        DNS: Question Name: domain.com.        DNS: Question Type = Start of zone of authority        DNS: Question Class = Internet address class				

Immediately following this response, the Zone Transfer process begins as inFrame 1 in the first capture sequence above.
Properties

Article ID: 164017 - Last Review: 11/01/2006 04:41:16 - Revision: 1.1

  • Microsoft Windows NT Server 4.0 Standard Edition
  • kbinfo kbnetwork KB164017
Feedback