D. J. Bernstein

Internet publication

DNScache

The axfr-get program

axfr-get is a DNS zone-transfer client. It sends a zone-transfer request in DNS-over-TCP format to descriptor 7, reads the results from descriptor 6, and saves the results in a file.

Normally axfr-get is run under tcpclient, which sets up descriptors 6 and 7 as a TCP connection to a remote host.

Interface

     axfr-get z fn fn.tmp
axfr-get performs a zone transfer for domain z. It writes the results to fn.tmp in a format that can be used as input to tinydns-data. If the zone transfer completes successfully, axfr-get atomically renames fn.tmp as fn. fn.tmp and fn must be on the same filesystem.

axfr-get writes the zone serial number as a comment at the top of fn.tmp. It skips the zone transfer, leaving fn alone, if fn already exists, fn has a serial number matching (or above) the zone serial number, and both serial numbers are nonzero.

Zone transfers include many duplicate records. You should feed the axfr-get results through sort -u.

axfr-get discards all records outside the domain z. It accepts records in child zones, but it marks all child zones as non-authoritative, so tinydns-data will not report those records except as glue. If you plan to merge the axfr-get results for a domain and a child of the same domain, creating a file authoritative for both zones, make sure to eliminate records in the first output that are within the child zone.

axfr-get will accept arbitrarily large zone transfers. To limit the maximum file size to 1 megabyte, run axfr-get under softlimit -f 1048576.

Compatibility notes

axfr-get handles BIND's RFC-1034-violating multiple-answers zone-transfer format.

axfr-get uses undocumented features of tinydns-data to simulate BIND's handling of SOA records, CNAME records, and *.dom, with the following exceptions: