axfrdns - DNS zone-transfer server
axfrdns reads a zone-transfer request in DNS-over-TCP format from its
standard input, and responds with locally configured information.
Normally axfrdns is set up by the axfrdns-conf program.
axfrdns runs chrooted in the directory specified by the $ROOT
environment variable, under the uid and gid specified by the $UID and
$GID environment variables.
Normally axfrdns runs under tcpserver or sslserver to handle TCP
connections on port 53 of a local IP address.
tcpserver and sslserver are responsible for rejecting connections from
hosts not authorized to perform zone transfers.
axfrdns looks up zone-transfer results in data.cdb, a binary file
created by tinydns-data. It also responds to normal client queries,
such as SOA queries, which usually precede zone-transfer requests.
axfrdns allows zone transfers for any zone listed in the $AXFR
$AXFR is a slash-separated list of domain names. If $AXFR is not set,
axfrdns allows zone transfers for all zones available in data.cdb.
axfrdns aborts if it runs out of memory, or has trouble reading
data.cdb, or receives a request larger than 512 bytes, or receives a
truncated request, or receives a zone-transfer request disallowed by
$AXFR, or receives a request not answered by data.cdb, or waits 60
seconds with nothing happening.
FURTHER NOTES ON ZONE TRANSFERS
axfrdns provides every record it can find inside the target domain.
This may include records in child zones. Some of these records (such
as glue inside a child zone) are essential; others are not. It is up
to the client to decide which out-of-zone records to keep.
axfrdns does not provide glue records outside the target domain.
The zone-transfer protocol does not support timestamps. If a record is
scheduled to be created in the future, axfrdns does not send it; after
the starting time, the zone-transfer client will continue claiming that
the record doesn't exist, until it contacts axfrdns again. Similarly,
if a record is scheduled to die in the future, axfrdns sends it (with a
2-second TTL); after the ending time, the zone-transfer client will
continue providing the old record, until it contacts axfrdns again.
Zone-transfer clients rely on zone serial numbers changing for every
tinydns-data uses the modification time of the data file as its serial
number for all zones. Do not make more than one modification per
BIND's zone-transfer client, named-xfer, converts zone-transfer data to
zone-file format. Beware that zone-file format has no generic
mechanism to express records of arbitrary types;
named-xfer chokes if it does not recognize a record type used in
axfrdns-conf(8), axfrdns-get(8), tinydns-data(8), tcpserver(1),
Man(1) output converted with