Question : DNS Zones not AXFR'ing from primary

I'm having a quite strange problem. It seems that some zones refuses to transfer from the master while others transfers without problems. This only happens within the Windows DNS. If I use dig there is no problems in obtaining the zonetransfer.

dnscmd /zoneinfo says that: shutdown = 1  
on the zones that are not working - however, I cannot find out what that means and how to change it.

C:\Windows\system32>dnscmd server2 /zoneinfo domain.tld

Zone query result:

Zone info:
        ptr                   = 000000000019F7B0
        zone name             = domain.tld
        zone type             = 2
        shutdown              = 1
        paused                = 0
        update                = 0
        DS integrated         = 0
        read only zone        = 0
        data file             = (null)
        using WINS            = 0
        using Nbstat          = 0
        aging                 = 0
          refresh interval    = 0
          no refresh          = 0
          scavenge available  = 0
        Zone Masters
        Ptr          = 0000000000194F50
        MaxCount     = 1
        AddrCount    = 1
                Master[0] => af=2, salen=16, [sub=0, flag=00000000] p=13568, addr=xx.xx.xx.xx

        Zone Secondaries        NULL IP Array.
        secure secs           = 3
        last successful xfr         = not since restart (0)
        last successful SOA check   = not since restart (0)
        last transfer attempt       = not since restart (0)
        last transfer result        = 0

However, if I use dig AXFR to test if the server is allowed to do transfers - it works out well. Also, a lot of other zones replicates without problems from the same master.

C:\dig>dig axfr @ns1.domain.tld querydomain.tld

; <<>> DiG 9.3.2 <<>> axfr @ns1.domain.tld querydomain.tld
; (1 server found)
;; global options:  printcmd
querydomain.tld.               3600    IN      SOA     ns1.domain.tld. hostmaster.domain.tld. 27 900 600 86400 3600
querydomain.tld.               3600    IN      NS      ns5.domain.tld.
querydomain.tld.               3600    IN      NS      ns3.domain.tld.
querydomain.tld.               3600    IN      NS      ns1.domain.tld.
querydomain.tld.               3600    IN      NS      ns2.domain.tld.
querydomain.tld.               3600    IN      NS      ns4.domain.tld.
querydomain.tld.               3600    IN      CNAME   www.bilbasen.dk.
ns3.domain.tld.         3600    IN      A       xxx.xxx.xxx.xxx
ns2.domain.tld.         3600    IN      A       xxx.xxx.xxx.xxx
querydomain.tld.               3600    IN      SOA     ns1.domain.tld. hostmaster.domain.tld. 27 900 600 86400 3600

;; Query time: 234 msec
;; SERVER: xx.xx.xx.xx#53(xx.xx.xx.xx)
;; WHEN: Thu Jul 08 13:46:25 2010
;; XFR size: 11 records (messages 11)

If I take the /enumzones in dnscmd it also says "Down" on the right of the zones that are not working.

What am I missing?

Answer : DNS Zones not AXFR'ing from primary

I have figured out this issue.

The problem was that the failing zones would not transfer to the secondary NS as the person who set up the zones on the primary NS created a CNAME for the top level domain.

This caused the nameservers not to show up in the NS list for the target domain, thus not allowing it to transfer.