Manual zone transfers

Here is a process to manually extract a zone form an authoritative DNS server and load it on a slave DNS server that can't communicate with the master DNS server.

  1. Use dig to extract the zone from the master DNS server and save the zone information to a file.

    dig -t axfr example.net @masterServer > example.net.zone
  2. Transfer manually transfer the extracted zone, example.net.zone, from the system that extracted it to the slave DNS server.
  3. Correct any line endings if necessary. <CR>|<CR><LF>|<LF>
  4. Artificially lower the serial number of the zone on the slave DNS server. - This will ensure that the slave DNS server will transfer it from the master DNS server once it is able to. Thereby reverting the temporary changes to the zone.
  5. Artificially raise the refresh, retry, and expire values of the SOA record. - This will help reduce failed connection attempts while the slave DNS server can't communicate with the master DNS server. Choose a sufficiently high value for the expire time so that the slave DNS server will continue to serve the zone past the anticipated restoration of the communications path.
  6. If necessary, update the named.conf file to direct Bind to use the slave zone file.

Bind will fail to communicate with the master until the communications path is restored, but it will continue to serve up the zone until the expire time is reached. Once the slave DNS server is able to communicate with the master DNS server, it will see the serial on the master DNS serve is higher than the serial on the slave DNS server and do a zone transfer. This transfer will overwrite all temporary changes to the zone on the slave DNS server to the values from the master DNS server.