This repository is updated approximately every hour with the results from DNS zone transfer attempts against the root nameservers and all existing TLD servers. This is done to keep record of zone files for various TLDs and to monitor how these zones change overtime.

Click here to view the list of commits and see how the various TLD & root zones change overtime.

Click here to view the list of nameservers with zone transfers enabled.

Click here to view the list of nameservers with weak NSEC enabled.

Allowing global zone transfers is sometimes considered a security vulnerability due to this functionality giving attackers the ability to easily enumerate all DNS zone data for a specific domain. This is often seen as an issue for system administrators who want to make enumeration of sub-domains and other DNS data hard for malicious actors.

However, when it comes to TLDs and the root nameservers, zone transfers are shown in a different light. Zone transfers at this level can be benificial as they are an easy way for a TLD to be transparent about its DNS changes. This project is not meant to encourage TLD DNS hosting providers to disable global zone transfers but rather to gather data on the ever-changing zone information for the Internet's TLDs.

This project was inspired by Peter Bowen's work which can be found here: https://github.com/pzb/TLDs

This is a continuation of the original project by mandatoryprogrammer, with a clean git history.