Transferring a Zone Programmatically

9.9.1 Problem

You want to transfer a zone within a computer program.

9.9.2 Solution

One of the easiest ways to work with DNS programmatically is to use Perl's Net::DNS module, whether you're looking up discrete records or transferring an entire zone. Here's a short Perl script to transfer a zone specified on the command line and print the results:

#!/usr/bin/perl -w use Net::DNS; # If the user didn't specify the domain name of a zone and the domain name # or address of a name server to transfer from, exit die "Usage: $0 " unless (@ARGV == 2); # Create a resolver object my $res = Net::DNS::Resolver->new; # Use the specified name server $res->nameservers($ARGV[1]); # Transfer the zone my @zone = $res->axfr($ARGV[0]); # Print each record in the zone foreach $rr (@zone) { $rr->print; }

9.9.3 Discussion

A more sophisticated script might require only the domain name of the zone, and would then look up the zone's NS records to find its authoritative name servers. And a more bulletproof script would do a whole lot more error checking.

Remember that you can only transfer a zone from a name server authoritative for that zone, and only if said name server allows you to. If you restrict zone transfers using TSIG, you can still use newer versions of Net::DNS to sign zone transfer requests. See Section 9.11 for details.

9.9.4 See Also

Section 9.11 for sending TSIG-signed requests.