Extend Azure DNS to support zone transfers so it can be used as seconday DNS
If Azure DNS supported zone transfers, then if could be used both as a reliable secondary DNS service, or as an external proxy service for AD split-brain, or on-premise hosted DNS configurations.
Zone transfer is on our roadmap however not planned for CY 2019.
Its hard for me to believe that this isn't an option yet. Zone transfers are a fundamental part of DNS server operations. Microsoft please hear my cry.
allowing zone transfers from onpremise dns towards Azure should be possible in order to start using Azure as a backup plan for DNS with the possibility to later on easy migrate full dns towards Azure.
Jeffry A. Spain commented
I would need inbound zone transfers from a BIND 9 hidden master running on an Azure VM. The hidden master would support DNSSEC, so RRSIG, NSEC3, and other DNSSEC-related records would need to be supported in Azure DNS. BIND uses IXFR and AXFR, so both should be supported in Azure DNS. BIND uses TSIG for transfer security, so Azure DNS should support that. See ftp://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/Bv9ARM.pdf, section 4.5
Rocky Cheung commented
This would be a major bonus for us as well. We have a large deployment in Azure, however we won't be moving our external DNS to other cloud offering. If Azure offer secondary DNS with zone transfer-in from both AD based and non-AD based DNS servers would be great idea.
Jerome Haltom commented
I'd like to add onto this: you should be able to extend the DNS secondary into a VNet. So as to export from an AD DC.
I think AXFR and IXFR would be required. Why always transfer the whole zone when you can just transfer changes?
In our case, transfers in would work for us because our other DNS provider allows transfers out, but not in. I think transfers both ways would be required, though, to be the most flexible. You'll also have to accept NOTIFY messages unless the transfer request time is configurable (from IPv4 and IPv6 addresses).
I'm not sure about securing. I'd be willing to hear from others on that.
Marc Champoux commented
I agree - we need zone transfers so that we can use a secondary DNS service as a backup to Azure DNS or vice-versa.
We need zone transfer functionality from another dns servers.
bump. Allow zone transfers from a master name server.
Gonzalo Parra commented
Agree with this, allowing zone transfers so Azure DNS can be used as secondary DNS service for split brain DNS configurations would be really useful.
Nick McClure commented
This would be a major bonus. As a large enterprise with several thousand desktops and local servers, we won't be moving our DNS to a pure cloud offering. But as the external proxy for our split-brain DNS this would be great.
Erik Chavez commented
allow zone transfers with Azure DNS for secondary DNS service, Azure DNS went down for a long time the other day, we want to setup a secondary DNS service that we can failover to in the event this happens again. Azure DNS does not allow for axfr/xfr to be configured so that we can setup a secondary service.