DNS Zone Transfer Overview
In most cases, DNS client systems are configured to use more than one DNS server. This allows for fault tolerance for name resolution. The main issue with local zone records is that information held by one DNS server may not be available on another. This is especially true where Standard Primary and Standard Secondary zones are concerned.
When a new DNS server hosting a Standard Secondary zone is first added to the network, it must execute a full zone transfer (AXFR) to obtain a complete copy of resource records for the zone so that it is up to date with other Standard Secondary DNS servers (and the Standard Primary DNS server) on the network.
[NOTES FROM THE FIELD] — Windows NT 4.0 DNS and the DNS services that are available for systems running BIND version 8.1 and earlier always performed full zone transfers (AXFR), as they were unable to execute any other type of transfer.
DNS services on Windows 2000 Server and DNS BIND versions 8.1.2 and later support the incremental zone transfer (IXFR) process, which allows for the replication of just the changes to the DNS zone information rather than the forcing the replication of the entire DNS zone.
Incremental Zone Transfers
The incremental zone transfer (IXFR) process is detailed in RFC 1995 (http://www.jhsoft.com/rfc/rfc1995.txt). This replication process provides a quicker method of propagating zone changes and updates, as the incremental transfer process normally causes much less network traffic due to smaller amounts of data being passed during the update process.
When Windows NT 4.0 DNS and the DNS services that are available for systems running BIND version 8.1 make a request zone update, they require a full transfer of the entire zone database using an AXFR query — even if only a single record has changed.
IFXR for DNS implementations that can use it allows for Standard Secondary servers to pull only the differences in the DNS zones it needs from another DNS server so its local copy of the zone matches up.
Differences between DNS zones are determined via the serial number field in the SOA resource record of each zone. If the serial number for one zone is higher than the serial number of the requesting Secondary Server, a IXFR transfer is made of only the differences to resource records.
That wraps up this installment of “Learn Active Directory Design and Administration in 15 Minutes a Week.” As always, if you have any questions, comments, or even constructive criticism, feel free to drop me a note. I want to write solid technical articles that appeal to a wide range of readers and skill levels, and it is only through your feedback that I can be sure I am doing that.
Until next time, best of luck in your studies and remember:
“Love is blind, but marriage is a real eye-opener.”