axfrdns - DNS zone-transfer server


       axfrdns reads a zone-transfer request in DNS-over-TCP format from its
       standard input, and responds with locally configured information.


       Normally axfrdns is set up by the axfrdns-conf program.

       axfrdns runs chrooted in the directory specified by the $ROOT
       environment variable, under the uid and gid specified by the $UID and
       $GID environment variables.

       Normally axfrdns runs under tcpserver or sslserver to handle TCP
       connections on port 53 of a local IP address.

       tcpserver and sslserver are responsible for rejecting connections from
       hosts not authorized to perform zone transfers.

       axfrdns looks up zone-transfer results in data.cdb, a binary file
       created by tinydns-data.  It also responds to normal client queries,
       such as SOA queries, which usually precede zone-transfer requests.

       axfrdns allows zone transfers for any zone listed in the $AXFR
       environment variable.

       $AXFR is a slash-separated list of domain names.  If $AXFR is not set,
       axfrdns allows zone transfers for all zones available in data.cdb.

       axfrdns aborts if it runs out of memory, or has trouble reading
       data.cdb, or receives a request larger than 512 bytes, or receives a
       truncated request, or receives a zone-transfer request disallowed by
       $AXFR, or receives a request not answered by data.cdb, or waits 60
       seconds with nothing happening.


       axfrdns provides every record it can find inside the target domain.
       This may include records in child zones.  Some of these records (such
       as glue inside a child zone) are essential; others are not.  It is up
       to the client to decide which out-of-zone records to keep.

       axfrdns does not provide glue records outside the target domain.

       The zone-transfer protocol does not support timestamps.  If a record is
       scheduled to be created in the future, axfrdns does not send it; after
       the starting time, the zone-transfer client will continue claiming that
       the record doesn't exist, until it contacts axfrdns again.  Similarly,
       if a record is scheduled to die in the future, axfrdns sends it (with a
       2-second TTL); after the ending time, the zone-transfer client will
       continue providing the old record, until it contacts axfrdns again.

       Zone-transfer clients rely on zone serial numbers changing for every
       zone modification.

       tinydns-data uses the modification time of the data file as its serial
       number for all zones.  Do not make more than one modification per

       BIND's zone-transfer client, named-xfer, converts zone-transfer data to
       zone-file format.  Beware that zone-file format has no generic
       mechanism to express records of arbitrary types;
       named-xfer chokes if it does not recognize a record type used in


axfrdns-conf(8), axfrdns-get(8), tinydns-data(8), tcpserver(1), sslserver(1).


Man(1) output converted with man2html