[axfrdns] Fails to initialize new zones due to servfail

[mweinelt]

NOTE: Have a general question? You'll get a better response on the dnscontrol-discuss email list!

Describe the bug
Using AXFR on a freshly configured zone, that does not have yet any zonedata expectedly fails with rcode2 (SERVFAIL), and therefore cannot be initialized from dnscontrol.

dnscontrol:

Error getting corrections (manda): [Error] AXFRDDNS: nameserver refused to transfer the zone 8.b.d.1.0.0.2.ip6.arpa: dns: bad xfr rcode: 2

knot:

# journalctl -u knot --grep=dnscontrol
knotd[1204]: debug: [8.b.d.1.0.0.2.ip6.arpa.] ACL, allowed, action transfer, remote 192.0.2.0@52766, key dnscontrol.

# knotc zone-status
[8.b.d.1.0.0.2.ip6.arpa.] role: master | serial: -

To Reproduce
Steps to reproduce the behavior:

1. Install and configure Knot
2. Configure a new zone with ACLs for dnscontrol
3. Run dnscontrol check or apply

Expected behavior
A nameserver without zonedata will return SERVFAIL for the zone. Ideally dnscontrol would allow applying the initial zonedata.

DNS Provider

• axfrdns

Additional context
It starts working, once I create zonedata on the nameserver in any way:

knotc zone-begin 8.b.d.1.0.0.2.ip6.arpa.
knotc zone-set 8.b.d.1.0.0.2.ip6.arpa. @ 3600 SOA ns1.example.com. dns.example.com. 1 3600 600 604800 1440
knotc zone-commit 8.b.d.1.0.0.2.ip6.arpa.

[cafferata]

Ping @hnrgrgr, the maintainer of the AXFR+DDNS provider.