A mechanism that copies all DNS records from one nameserver to another, usually a secondary or backup server. Initiated via AXFR (full zone transfer) or IXFR (incremental), zone transfers keep multiple nameservers in sync. Legitimate use: redundancy, failover, DNS clustering. Problem: if your zone transfer isn't restricted, anyone can pull your entire DNS configuration—every subdomain, mail server, internal infrastructure hints. This matters because DNS enumeration is reconnaissance; attackers map your surface before attacking. Most registries and hosting providers restrict zone transfers by IP whitelist. If you're running your own authoritative nameservers, misconfigure this and you've handed out your network topology for free. bunkerdomains doesn't host authoritative DNS ourselves, but we'll point you to providers that take zone transfer security seriously—because anonymous registration doesn't mean sloppy ops.
security
zone transfer
DNS mechanism to copy all zone records between nameservers; must be restricted or you leak your entire DNS footprint.