zonemaster/docs/public/specifications/tests/Nameserver-TP/nameserver03.md

## NAMESERVER03: Test availability of zone transfer (AXFR)

### Test case identifier
**NAMESERVER03** Test availability of zone transfer (AXFR)

### Objective

AXFR is a mechanism to transfer the whole content of a zone from a name
server. Some people prefer to not disclose the whole content of a zone
for various reasons, and thus wants the public name server infrastructure
not do disclose the whole zone content to the public. This test case
checks the availability of the AXFR mechanism.

AXFR is defined in its latest revision in
[RFC 5936](https://datatracker.ietf.org/doc/html/rfc5936).

### Inputs

The domain name to be tested.

### Ordered description of steps to be taken to execute the test case
1. Retrieve all address records for all the name servers using [Method 
   4](../Methods.md) and [Method 5](../Methods.md).
2. Send an AXFR query to each name server IP address found in step 1.
3. If any answer to the AXFR query is starting with the SOA record
   for the domain, this test case fails.

### Outcome(s)

If any name server for the domain allows a zone transfer using AXFR,
this test case fails.

### Special procedural requirements

None.

### Intercase dependencies

None.
feat: add full Zonemaster stack with Docker and Spanish UI - Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-21 08:19:24 +02:00			`## NAMESERVER03: Test availability of zone transfer (AXFR)`

			`### Test case identifier`
			`NAMESERVER03 Test availability of zone transfer (AXFR)`

			`### Objective`

			`AXFR is a mechanism to transfer the whole content of a zone from a name`
			`server. Some people prefer to not disclose the whole content of a zone`
			`for various reasons, and thus wants the public name server infrastructure`
			`not do disclose the whole zone content to the public. This test case`
			`checks the availability of the AXFR mechanism.`

			`AXFR is defined in its latest revision in`
			`[RFC 5936](https://datatracker.ietf.org/doc/html/rfc5936).`

			`### Inputs`

			`The domain name to be tested.`

			`### Ordered description of steps to be taken to execute the test case`
			`1. Retrieve all address records for all the name servers using [Method`
			`4](../Methods.md) and [Method 5](../Methods.md).`
			`2. Send an AXFR query to each name server IP address found in step 1.`
			`3. If any answer to the AXFR query is starting with the SOA record`
			`for the domain, this test case fails.`

			`### Outcome(s)`

			`If any name server for the domain allows a zone transfer using AXFR,`
			`this test case fails.`

			`### Special procedural requirements`

			`None.`

			`### Intercase dependencies`

			`None.`