Package: axfrdns Version: 1.05-22 When a zone transfer started via axfrdns the question section is missing from response.
$ dig example.net axfr @ns.example.net ; <<>> DiG 9.18.41-1~deb12u1-Debian <<>> example.net axfr @ns.example.net ;; global options: +cmd example.net. 3600 IN SOA ns.example.net. hostmaster.example.net. 1762876702 86400 7200 2419200 3600 example.net. 3600 IN TXT "v=spf1 ip4:192.168.14.162 include: spf.protection.provider.net +a +mx -all" example.net. 3600 IN TXT "MS=XXXXXX" example.net. 3600 IN TXT "google-site-verification=XXXXXXX" example.net. 86400 IN NS ns.example.net. ns.example.net. 86400 IN A 192.168.14.163 example.net. 86400 IN NS ns.isp.net. example.net. 86400 IN MX 10 mail.example.net. webpub.example.net. 86400 IN A 192.168.14.163 partner.example.net. 86400 IN A 192.168.14.163 example.net. 86400 IN A 192.168.22.249 www.example.net. 86400 IN A 192.168.22.249 mail.example.net. 86400 IN A 192.168.14.162 example.net. 3600 IN SOA ns.example.net. hostmaster.example.net. 1762876702 86400 7200 2419200 3600 ;; Query time: 87 msec ;; SERVER: 192.168.14.163#53(ns.example.net) (TCP) ;; WHEN: Thu Nov 13 08:12:29 GMT 2025 ;; XFR size: 23 records (messages 23, bytes 2271) tinydns response for TXT record request (it contains question section) : $ dig example.net txt @ns.example.net ; <<>> DiG 9.18.41-1~deb12u1-Debian <<>> example.net txt @ns.example.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21549 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;example.net. IN TXT ;; ANSWER SECTION: example.net. 3600 IN TXT "v=spf1 ip4:192.168.14.162 include: spf.protection.provider.net +a +mx -all" example.net. 3600 IN TXT "MS=XXXXXX" example.net. 3600 IN TXT "google-site-verification=XXXXXXX" ;; AUTHORITY SECTION: example.net. 86400 IN NS ns.example.net. example.net. 86400 IN NS ns.isp.net. ;; ADDITIONAL SECTION: ns.example.net. 86400 IN A 192.168.14.163 ns.isp.net. 86400 IN A 192.168.77.76 ;; Query time: 23 msec ;; SERVER: 192.168.14.163#53(ns.example.net) (UDP) ;; WHEN: Thu Nov 13 08:07:44 GMT 2025 ;; MSG SIZE rcvd: 331 This problem is already known, the same has been described ex. at this mailing list: https://lists.isc.org/pipermail/bind-users/2023-September/107924.html D. J. Bernstein: https://cr.yp.to/djbdns/axfr-notes.html "axfrdns never includes the question. BIND 9 includes the question in the first packet but not in subsequent packets. The BIND company's ``AXFR clarifications'' tell implementors to use the BIND 9 strategy, but this has no benefits; it is certainly not necessary for interoperability." But this behavior violates RFC 5936: https://datatracker.ietf.org/doc/html/rfc5936#section-2.2 "The AXFR server MUST copy the Question section from the corresponding AXFR query message into the first response message's Question section." Futher information: Log from Bind9 slave (package version: 1:9.18.41-1~deb12u1): named[2847900]: zone example.net/IN: Transfer started. named[2847900]: transfer of 'example.net/IN' from 192.168.14.163#53: connected using 192.168.14.163#53 named[2847900]: transfer of 'example.net/IN' from 192.168.14.163#53: missing question section named[2847900]: transfer of 'example.net/IN' from 192.168.14.163#53: failed while receiving responses: FORMERR named[2847900]: transfer of 'example.net/IN' from 192.168.14.163#53: Transfer status: FORMERR named[2847900]: transfer of 'example.net/IN' from 192.168.14.163#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.023 secs (0 bytes/sec) (serial 0) I suggest to correct this behavior according to RFC 5936. I am using Debian GNU/Linux 13.1, kernel 6.1.0-41, libc6 2.41-12. Thanks.
