9.9 Transferring a Zone Programmatically

9.9.1 Problem

You want to transfer a zone within a computer program.

9.9.2 Solution

One of the easiest ways to work with DNS programmatically is to use Perl's Net::DNS module, whether you're looking up discrete records or transferring an entire zone. Here's a short Perl script to transfer a zone specified on the command line and print the results:

#!/usr/bin/perl -w
 
use Net::DNS;
 
# If the user didn't specify the domain name of a zone and the domain name
# or address of a name server to transfer from, exit
die "Usage:  $0 <zone> <name server>" unless (@ARGV == 2);
 
# Create a resolver object
my $res  = Net::DNS::Resolver->new;
 
# Use the specified name server
$res->nameservers($ARGV[1]);
 
# Transfer the zone
my @zone = $res->axfr($ARGV[0]);
 
# Print each record in the zone
foreach $rr (@zone) {
        $rr->print;
}

9.9.3 Discussion

A more sophisticated script might require only the domain name of the zone, and would then look up the zone's NS records to find its authoritative name servers. And a more bulletproof script would do a whole lot more error checking.

Remember that you can only transfer a zone from a name server authoritative for that zone, and only if said name server allows you to. If you restrict zone transfers using TSIG, you can still use newer versions of Net::DNS to sign zone transfer requests. See Section 9.11 for details.

9.9.4 See Also

Section 9.11 for sending TSIG-signed requests.