axfr2hosts

command module

v0.13.2 Latest Latest Go to latest Published: Mar 6, 2024 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dkorunic/axfr2hosts

Links

Open Source Insights

README ¶

axfr2hosts

About

axfr2hosts is a tool meant to do a DNS zone transfer in a form of AXFR transaction of one or more zones towards a single DNS server and convert received A, AAAA and CNAME records from a DNS responses into a hosts file for a local use, for instance when DNS servers are unreachable and/or down.

By default hosts entries will be sorted its IP as a key and under each entry individual FQDNs will be sorted alphabetically.

If needed, axfr2hosts can also read and parse local RFC 1035 zones (for instance BIND 9 zone files) and process A and CNAME records into a hosts file as described above so that a zone transfer is not needed.

Requirements

Either of:

Ability to do a full zone transfer (AXFR), usually permitted with allow-transfer in BIND 9 or with allow-axfr-ips in PowerDNS,
Permissions to read RFC 1035 zone files locally.

Installation

There are two ways of installing axfr2hosts:

Manual

Download your preferred flavor from the releases page and install manually, typically to /usr/local/bin/axfr2hosts.

Using go get

go install github.com/dkorunic/axfr2hosts@latest

Usage

Usage: ./axfr2hosts [options] zone [zone2 [zone3 ...]] [@server[:port]]
  -cidr_list string
    	Use only targets from CIDR whitelist (comma separated list)
  -cpu_profile string
    	CPU profile output file
  -greedy_cname
    	Resolve out-of-zone CNAME targets (default true)
  -ignore_star
    	Ignore wildcard records (default true)
  -max_retries uint
    	Maximum DNS zone transfer attempts (default 3)
  -max_transfers uint
    	Maximum parallel zone transfers (default 10)
  -mem_profile string
    	memory profile output file
  -resolver_address string
    	DNS resolver (DNS recursor) IP address
  -resolver_timeout duration
    	DNS queries timeout (should be 2-10s) (default 10s)
  -strip_domain
    	Strip domain name from FQDN hosts entries
  -strip_unstrip
    	Keep both FQDN names and domain-stripped names
  -verbose
    	Enable more verbosity
1) If server was not specified, zones will be parsed as RFC 1035 zone files on a local filesystem,
2) We also permit zone=domain argument format to infer a domain name for zone files.

For more information visit project home: https://github.com/dkorunic/axfr2hosts

At minimum, a single zone and a single server are needed for any meaningful action.

Typical use case would be:

axfr2hosts dkorunic.net pkorunic.net @172.64.33.146

CNAME handling

However the tool by default follows CNAMEs even if they are out-of-zone and resolves to one or more IP addresses if possible and lists all of them. That behaviour can be changed with -greedy_cname=false flag.

Wildcard handling

Also, by default tool lists wildcard (DNS labels containing *) like they are ordinary labels and that can be changed with -ignore_star=true flag, which simply skips over those records.

Filter results by CIDR

Finally if there is a need to list only a subset of records matching one or more CIDR ranges, -cidr_list flag can be used.

Many zones transfer

If there is a lot of zones that need to be fetched at once, tool works well with xargs. Individual zone errors will be displayed and such zones will be skipped over:

xargs axfr2hosts @nameserver < list

Maximum of concurrent zone transfers is limited by -max_transfers flag and defaults to 10, aligned with BIND 9 default (transfers-out in BIND 9 named.conf).

Strip domain name

It is also possible to output hosts file with domain names stripped by using -strip_domain=true flag. It is also possible to keep both domain-stripped labels and FQDNs at the same time by using -strip_unstrip=true flag. When using many domains at once, either of these options do not make much sense.

Process local zone files

It is also possible to directly process RFC 1035 zone files on a local filesystem when a nameserver is not been specified. We would typically recommend specifying a domain name manually by suffixing the zone file with = and domain name as shown below, as one inferred from a zone can possibly be invalid (due to lack of top-level $ORIGIN and/or all records being non-FQDN and/or being suffixed with @ macro):

axfr2hosts dkorunic.net.zone=dkorunic.net

DNS error code responses

In case you are wondering what dns: bad xfr rcode: 9 means, here is a list of DNS response codes:

Response Code	Return Message	Explanation
0	NOERROR	No error
1	FORMERR	Format error
2	SERVFAIL	Server failure
3	NXDOMAIN	Name does not exist
4	NOTIMP	Not implemented
5	REFUSED	Refused
6	YXDOMAIN	Name exists
7	YRRSET	RRset exists
8	NXRRSET	RRset does not exist
9	NOTAUTH	Not authoritative
10	NOTZONE	Name not in zone

Documentation ¶

Rendered for

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL