For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Zen_Y's avatar
Zen_Y
Icon for Cirrus rankCirrus
Mar 28, 2025

how to monitor the axfr master response

Hi everyone. Previously I had a zone transfer configuration between GTM (slave) and Microsoft AD (master). Recently, I have experienced problems with axfr access to the server with intermittent stat...
application delivery
GTM DNS
tomas573's avatar
tomas573
Icon for Nimbostratus rankNimbostratus
Apr 03, 2025

Hello,

Hello! It sounds like you're dealing with a frustrating intermittent AXFR issue between your GTM (slave) and Microsoft AD (master). Let's break down the problem and explore some potential solutions for monitoring the AXFR response.

Understanding the Problem

AXFR vs. IXFR:
AXFR (Authoritative Zone Transfer) transfers the entire zone file.
IXFR (Incremental Zone Transfer) only transfers the changes since the last transfer.
The fact that IXFR works but AXFR is intermittent suggests a potential issue with the size of the zone or the reliability of the full zone transfer.
Intermittent Status: This makes troubleshooting challenging. It could be due to:
Network instability.   
Resource limitations on the master server (AD).
Firewall or security appliance interference.
DNS server configuration issues.
The size of the zone file.
Monitoring Challenges: You want to monitor the AXFR response, but relying on external monitors or complex setups might be overkill.
Solutions and Strategies

Scripted Monitoring with dig or nslookup

You can create a simple script that periodically runs dig axfr <your_zone> @<master_server_ip> or nslookup -query=axfr <your_zone> <master_server_ip>.
The script can analyze the output for success or failure.
You can then log the results or trigger alerts based on the outcome.

Best Regards