{"id":18719502,"url":"https://github.com/dkorunic/axfr2hosts","last_synced_at":"2025-04-12T14:08:56.556Z","repository":{"id":55585717,"uuid":"414318215","full_name":"dkorunic/axfr2hosts","owner":"dkorunic","description":"Fetches one or more DNS zones via AXFR and dumps in Unix hosts format for local use","archived":false,"fork":false,"pushed_at":"2025-03-06T13:02:14.000Z","size":285,"stargazers_count":12,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-26T08:47:33.649Z","etag":null,"topics":["bind","bind9","bind9-dns","dns","dns-server","domain","linux","networking","security","sre","sysops","unix","zone"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dkorunic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-06T17:59:29.000Z","updated_at":"2025-03-06T13:02:04.000Z","dependencies_parsed_at":"2023-02-04T00:31:36.372Z","dependency_job_id":"6581228d-d344-4154-89f3-20970f369a44","html_url":"https://github.com/dkorunic/axfr2hosts","commit_stats":null,"previous_names":[],"tags_count":64,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkorunic%2Faxfr2hosts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkorunic%2Faxfr2hosts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkorunic%2Faxfr2hosts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkorunic%2Faxfr2hosts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dkorunic","download_url":"https://codeload.github.com/dkorunic/axfr2hosts/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248578869,"owners_count":21127713,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bind","bind9","bind9-dns","dns","dns-server","domain","linux","networking","security","sre","sysops","unix","zone"],"created_at":"2024-11-07T13:26:23.342Z","updated_at":"2025-04-12T14:08:56.536Z","avatar_url":"https://github.com/dkorunic.png","language":"Go","readme":"# axfr2hosts\n\n[![GitHub license](https://img.shields.io/github/license/dkorunic/axfr2hosts)](https://github.com/dkorunic/axfr2hosts/blob/master/LICENSE)\n[![GitHub release](https://img.shields.io/github/release/dkorunic/axfr2hosts)](https://github.com/dkorunic/axfr2hosts/releases/latest)\n[![codebeat badge](https://codebeat.co/badges/b535ef48-ba10-413e-81f0-dcb5a17e01c4)](https://codebeat.co/projects/github-com-dkorunic-axfr2hosts-main)\n[![Go Report Card](https://goreportcard.com/badge/github.com/dkorunic/axfr2hosts)](https://goreportcard.com/report/github.com/dkorunic/axfr2hosts)\n\n![](gopher.png)\n\n## About\n\naxfr2hosts is a tool meant to do a [DNS zone transfer](https://en.wikipedia.org/wiki/DNS_zone_transfer) in a form of AXFR transaction of one or more zones towards a single DNS server and convert received A, AAAA and CNAME records from a DNS responses into a [hosts file](\u003chttps://en.wikipedia.org/wiki/Hosts_(file)\u003e) for a local use, for instance when DNS servers are [unreachable](https://blog.cloudflare.com/october-2021-facebook-outage/) and/or down.\n\nBy default hosts entries will be sorted its IP as a key and under each entry individual FQDNs will be sorted alphabetically.\n\nIf needed, axfr2hosts can also read and parse local RFC 1035 zones (for instance BIND 9 zone files) and process A and CNAME records into a hosts file as described above so that a zone transfer is not needed.\n\n## Requirements\n\nEither of:\n\n- Ability to do a full zone transfer (AXFR), usually permitted with `allow-transfer` in [BIND 9](https://www.isc.org/bind/) or with `allow-axfr-ips` in [PowerDNS](https://www.powerdns.com/),\n- Permissions to read RFC 1035 zone files locally.\n\n## Installation\n\nThere are two ways of installing axfr2hosts:\n\n### Manual\n\nDownload your preferred flavor from [the releases](https://github.com/dkorunic/axfr2hosts/releases) page and install manually, typically to `/usr/local/bin/axfr2hosts`.\n\n### Using go get\n\n```shell\ngo install github.com/dkorunic/axfr2hosts@latest\n```\n\n## Usage\n\n```shell\nUsage: ./axfr2hosts [options] zone [zone2 [zone3 ...]] [@server[:port]]\n  -cidr_list string\n    \tUse only targets from CIDR whitelist (comma separated list)\n  -cpu_profile string\n    \tCPU profile output file\n  -greedy_cname\n    \tResolve out-of-zone CNAME targets (default true)\n  -ignore_star\n    \tIgnore wildcard records (default true)\n  -max_retries uint\n    \tMaximum DNS zone transfer attempts (default 3)\n  -max_transfers uint\n    \tMaximum parallel zone transfers (default 10)\n  -mem_profile string\n    \tmemory profile output file\n  -resolver_address string\n    \tDNS resolver (DNS recursor) IP address\n  -resolver_timeout duration\n    \tDNS queries timeout (should be 2-10s) (default 10s)\n  -strip_domain\n    \tStrip domain name from FQDN hosts entries\n  -strip_unstrip\n    \tKeep both FQDN names and domain-stripped names\n  -verbose\n    \tEnable more verbosity\n1) If server was not specified, zones will be parsed as RFC 1035 zone files on a local filesystem,\n2) We also permit zone=domain argument format to infer a domain name for zone files.\n\nFor more information visit project home: https://github.com/dkorunic/axfr2hosts\n```\n\nAt minimum, a single zone and a single server are needed for any meaningful action.\n\nTypical use case would be:\n\n```shell\naxfr2hosts dkorunic.net pkorunic.net @172.64.33.146\n```\n\n### CNAME handling\n\nHowever the tool by default follows CNAMEs even if they are out-of-zone and resolves to one or more IP addresses if possible and lists all of them. That behaviour can be changed with `-greedy_cname=false` flag.\n\n### Wildcard handling\n\nAlso, by default tool lists wildcard (DNS labels containing `*`) like they are ordinary labels and that can be changed with `-ignore_star=true` flag, which simply skips over those records.\n\n### Filter results by CIDR\n\nFinally if there is a need to list only a subset of records matching one or more CIDR ranges, `-cidr_list` flag can be used.\n\n### Many zones transfer\n\nIf there is a lot of zones that need to be fetched at once, tool works well with `xargs`. Individual zone errors will be displayed and such zones will be skipped over:\n\n```shell\nxargs axfr2hosts @nameserver \u003c list\n```\n\nMaximum of concurrent zone transfers is limited by `-max_transfers` flag and defaults to `10`, aligned with BIND 9 default (`transfers-out` in BIND 9 `named.conf`).\n\n### Strip domain name\n\nIt is also possible to output hosts file with domain names stripped by using `-strip_domain=true` flag. It is also possible to keep both domain-stripped labels and FQDNs at the same time by using `-strip_unstrip=true` flag. When using many domains at once, either of these options do not make much sense.\n\n### Process local zone files\n\nIt is also possible to directly process RFC 1035 zone files on a local filesystem when a nameserver is not been specified. We would typically recommend specifying a domain name manually by suffixing the zone file with `=` and domain name as shown below, as one inferred from a zone can possibly be invalid (due to lack of top-level `$ORIGIN` and/or all records being non-FQDN and/or being suffixed with `@` macro):\n\n```shell\naxfr2hosts dkorunic.net.zone=dkorunic.net\n```\n\n### DNS error code responses\n\nIn case you are wondering what `dns: bad xfr rcode: 9` means, here is a list of DNS response codes:\n\n| Response Code | Return Message | Explanation          |\n| :------------ | :------------- | :------------------- |\n| 0             | NOERROR        | No error             |\n| 1             | FORMERR        | Format error         |\n| 2             | SERVFAIL       | Server failure       |\n| 3             | NXDOMAIN       | Name does not exist  |\n| 4             | NOTIMP         | Not implemented      |\n| 5             | REFUSED        | Refused              |\n| 6             | YXDOMAIN       | Name exists          |\n| 7             | YRRSET         | RRset exists         |\n| 8             | NXRRSET        | RRset does not exist |\n| 9             | NOTAUTH        | Not authoritative    |\n| 10            | NOTZONE        | Name not in zone     |\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdkorunic%2Faxfr2hosts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdkorunic%2Faxfr2hosts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdkorunic%2Faxfr2hosts/lists"}