DiG transfer fails with axfr options
For testing purposes, I'm trying to get a list of all DNS records set for a domain, using this method.
This works:
root@cs:/# dig @nameserver domain
; <<>> DiG 9.9.2-P1 <<>> @nameserver domain
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32999
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain. IN A
;; ANSWER SECTION:
domain. 3600 IN A my-IP
;; Query time: 2 msec
;; SERVER: my-IPv6-IP-(I-think)
;; WHEN: Thu Jun 20 16:03:05 2013
;; MSG SIZE rcvd: 83
However, when I add axfr to the command as is suggested in that answer on Server Fault (and all over the net), it fails:
root@cs:/# dig @ns1.transip.nl changeyourschool.nl axfr
; <<>> DiG 9.9.2-P1 <<>> @ns1.transip.nl changeyourschool.nl axfr
; (2 servers found)
;; global options: +cmd
; Transfer failed.
Why is this, and, more importantly, how can I get the full list of DNS records if this fails?
Answer
Why this is, I don't know, but you can use this to get all the DNS records:
root@cs:/# dig google.com ANY +nostat +nocmd +nocomments
; <<>> DiG 9.9.2-P1 <<>> google.com ANY +nostat +nocmd +nocomments
;; global options: +cmd
;google.com. IN ANY
google.com. 56328 IN NS ns4.google.com.
google.com. 56328 IN NS ns2.google.com.
google.com. 56328 IN NS ns1.google.com.
google.com. 56328 IN NS ns3.google.com.
ns4.google.com. 85545 IN A 216.239.38.10
ns1.google.com. 85545 IN A 216.239.32.10
ns3.google.com. 57402 IN A 216.239.36.10
ns2.google.com. 85545 IN A 216.239.34.10
The +nostat, +nocmd and +nocomments additions can be omitted, but reduce the useless output.