Skip to content

DNS Zone transfers

To increase availability and fault tolerance, you can use one or more DNS provider(s) alongside Cloudflare in case one provider becomes unavailable (known as a peer DNS server). Your providers will then transfer DNS records between themselves using authoritative (AXFR) or incremental (IXFR) zone transfers.

With AXFR, the entire zone will be transferred from the primary to the secondary provider, even if only one record changes. With IXFR, only the changes will be transferred. Cloudflare supports both protocols.

With zone transfers, you have two configuration options:

  • Cloudflare as Primary: Cloudflare is your primary DNS provider and performs outgoing zone transfers to your secondary DNS provider(s).
  • Cloudflare as Secondary: Cloudflare is your secondary DNS provider and initiates incoming zone transfers from your primary DNS provider.

Peer DNS server

Peer DNS servers can be used as primary and secondary external DNS servers. The same peer can be linked to multiple primary and secondary zones. Each peer can be associated with only one Transaction Signature (TSIG).

You can manage peers via the API or the dashboard by going to Manage Account > Configurations > DNS Zone Transfers.

Depending on the usage of the peer, the fields are interpreted in a different way:

FieldCloudflare as Primary (Outgoing)Cloudflare as Secondary (Incoming)
NameHuman readable name of peerHuman readable name of peer
IPIf configured, where Cloudflare sends the NOTIFY toWhere Cloudflare sends the AXFR/IXFR transfer request to
PortIP Port for NOTIFY IPIP Port for transfer IP
TSIG IDAttached TSIG objectAttached TSIG object
IXFR enabledCloudflare always supports IXFR for outgoing zone transfersSpecifies if Cloudflare only sends AXFR or AXFR and IXFR

Availability

Zone transfers are only available to customers on an Enterprise plan.