All zones are transferable from all servers. This gives users the option to set up their own systems as 'hidden' slaves; they will not get NOTIFY messages, and they are not announced in the zones, but you can use it to test transfers.
This also gives you the option to inspect the full zones in case there is some interesting behaviour.
Aside from plain transfers, there are also TSIG keys configured:
(NOTE: Yadifa and PowerDNS don't have TSIG keys configured just yet)
- domain: ok.bad-dnssec.wb.sidnlabs.nl. acl: any acl: awb_md5 acl: awb_sha1 acl: awb_sha1_longkey acl: awb_sha256 file: "/var/dns-workbench/zones/ok.bad-dnssec.wb.sidnlabs.nl"