Forum Discussion

Cirrus

Mar 28, 2025

how to monitor the axfr master response

Hi everyone. Previously I had a zone transfer configuration between GTM (slave) and Microsoft AD (master). Recently, I have experienced problems with axfr access to the server with intermittent stat...

application delivery

GTM DNS

tomas573

Nimbostratus

Apr 02, 2025

Hello,

Hello! It sounds like you're dealing with a frustrating intermittent AXFR issue between your GTM (slave) and Microsoft AD (master). Let's break down the problem and explore some potential solutions for monitoring the AXFR response.

Understanding the Problem

AXFR vs. IXFR:
AXFR (Authoritative Zone Transfer) transfers the entire zone file.
IXFR (Incremental Zone Transfer) only transfers the changes since the last transfer.
The fact that IXFR works but AXFR is intermittent suggests a potential issue with the size of the zone or the reliability of the full zone transfer.
Intermittent Status: This makes troubleshooting challenging. It could be due to:
Network instability.
Resource limitations on the master server (AD).
Firewall or security appliance interference.
DNS server configuration issues.
The size of the zone file.
Monitoring Challenges: You want to monitor the AXFR response, but relying on external monitors or complex setups might be overkill.
Solutions and Strategies

Scripted Monitoring with dig or nslookup

You can create a simple script that periodically runs dig axfr <your_zone> @<master_server_ip> or nslookup -query=axfr <your_zone> <master_server_ip>.
The script can analyze the output for success or failure.
You can then log the results or trigger alerts based on the outcome.

Best Regards

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

how to monitor the axfr master response

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Illigal Parameter addition as custom signature set wanted to Unblock

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Related Content

F5 DNS/GTM External Monitor(EAV) with SNI support and response code check

Introduction of Incident Response

Mastering API Architectures Ebook from NGINX

F5 NGINX API Gateway: Simplify Response Manipulation

custom response page for api

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS