dig: "Transfer failed."

Question

INPUT:

dig +multiline google.com axfr

OUTPUT:

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> +multiline google.com axfr
;; global options: +cmd
; Transfer failed.

What am I missing?
Regarding: DNS Lookup to Bind config file

score 6 · Answer 1 · answered May 20 '11 at 05:10

6

Google is not going to let you do a zone transfer from them.

Zone transfer permissions are in most cases granted only to a very specific subset of other hosts, and almost never to the public at large.

answered May 20 '11 at 05:10

EEAA

108,414
18
172
242

1

Will help explain why zone transfers are restricted http://www.sans.org/reading_room/whitepapers/dns/securing-dns-zone-transfer_868 – Sameer May 20 '11 at 05:24

score 2 · Accepted Answer · answered May 20 '11 at 05:50

You need to use dig against your own nameservers when you attempt a zone transfer. This needs to be specifically permitted by the allow-transfer directive. Zone transfers should be disabled by default to protect the zone from prying eyes and from the possibility of a denial of service attack.

dig: "Transfer failed."

2 Answers2