AXFR Check API • Live on Signet test network only

Check zone-transfer exposure in one API call.

AXFR Check tests whether a domain’s authoritative nameservers allow DNS zone transfer. If AXFR is enabled, ArkAPI returns the exposed records in structured JSON. If it is not, the response tells you cleanly without noisy parsing.

12 sats / call

POST /api/axfr-check

Defensive DNS review

What It Does

ArkAPI AXFR Check is designed for authorized security review and DNS hygiene checks. It queries the authoritative nameservers for a zone transfer and returns the zone records only when the server actually permits AXFR.

Checks the authoritative nameserver set
Returns allowed: false when zone transfer is denied
Adds an explanation field so the result is immediately readable without interpreting the raw flags
Returns structured records only when exposure exists
Keeps the result usable for agents and reports

Example Request

curl -X POST https://arkapi.dev/api/axfr-check \
  -H "Authorization: Bearer ak_your_token" \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com"}' | jq

Example Response

{
  "success": true,
  "data": {
    "domain": "example.com",
    "allowed": false,
    "explanation": "AXFR was not permitted by the checked authoritative nameservers, so no zone records were returned.",
    "nameservers_checked": [
      "a.iana-servers.net",
      "b.iana-servers.net"
    ],
    "transfer_record_count": 0
  },
  "cost_sats": 12,
  "endpoint": "/api/axfr-check"
}

Good Targets

Your own domains after DNS or provider changes
Authorized client or partner domains during review
Internal checklists for exposed zone-transfer posture

Acceptable Use

Use AXFR Check only on domains you own, administer, or have permission to assess. ArkAPI provides informational output based on publicly reachable DNS behavior only. You are responsible for complying with law, contracts, and acceptable-use policies.