axfr method with Net::DNS::Resolver returning zero entries

bowei_99 has asked for the wisdom of the Perl Monks concerning the following question:

I'm writing a script to query DNS for a list of all servers in a domain, since we'll be taking it over soon. Using the axfr method of Net::DNS::Resolver, I get a response, but not an array of values (DNS RR records) as I'd expect. I looked at this node, but it didn't help. I use the same code as what's there. Does anyone know if the DNS server has to be configured, or if it might be tied down so it sends me a NXDOMAIN result (see below), e.g. for security reasons?

I have the following code:

ZoneXFer('domain.name');
...

sub ZoneXFer {
        my $domain = pop @_;
        print "Querying DNS for $domain - Zone transfer ...\n";
        my $res  = Net::DNS::Resolver->new (
                recurse => 1,
                debug   => 1,
        );

        my @zone = $res->axfr($domain);
        print Dumper($res);

        foreach $rr (@zone) {
                $rr->print;
        }
        print "\n";
}
[download]

When I run it, I get the following:

$ perl cmp_hosts.pl
Querying DNS for domain.name - Zone transfer ...
;; axfr_start(domain.name, IN)
;; axfr_start nameserver = 198.205.83.10
;; read_tcp: expecting 2 bytes
;; read_tcp: received 2 bytes
;; read_tcp: expecting 37 bytes
;; read_tcp: received 37 bytes
;; received 37 bytes
;; HEADER SECTION
;; id = 32651
;; qr = 1    opcode = QUERY    aa = 0    tc = 0    rd = 1
;; ra = 0    ad = 0    cd = 0    rcode  = NXDOMAIN
;; qdcount = 1  ancount = 0  nscount = 0  arcount = 0

;; QUESTION SECTION (1 record)
;; domain.name. IN      AXFR

;; ANSWER SECTION (0 records)

;; AUTHORITY SECTION (0 records)

;; ADDITIONAL SECTION (0 records)
;; Response code from server: NXDOMAIN

$VAR1 = bless( {
                 'persistent_tcp' => 0,
                 'cdflag' => 1,
                 'stayopen' => 0,
                 'querytime' => undef,
                 'udppacketsize' => 0,
                 'srcaddr' => '0.0.0.0',
                 'domain' => 'domain.name',
                 'answersize' => 0,
                 'answerfrom' => '',
                 'sockets' => {
                                'dns_server1_ip:53' => bless( \*Symbol
+::GEN0, 'IO::Socket::INET' )
                              },
                 'debug' => 1,
                 'axfr_soa_count' => 0,
                 'searchlist' => [
                                   'domain.name'
                                 ],
                 'defnames' => 1,
                 'retrans' => 5,
                 'tcp_timeout' => 120,
                 'errorstring' => 'Response code from server: NXDOMAIN
+',
                 'nameservers' => [
                                    'dns_server1_ip',
                                    'dns_server2_ip'
                                  ],
                 'port' => 53,
                 'axfr_sel' => bless( [
                                        ',
                                        1,
                                        undef,
                                        undef,
                                        undef,
                                        $VAR1->{'sockets'}{'dns_server
+1_ip:53'}
                                      ], 'IO::Select' ),
                 'usevc' => 0,
                 'retry' => 4,
                 'axfr_rr' => [],
                 'igntc' => 0,
                 'dnsrch' => 1,
                 'recurse' => 1,
                 'udp_timeout' => undef,
                 'persistent_udp' => 0,
                 'dnssec' => 0,
                 'tsig_rr' => undef,
                 'srcport' => 0
               }, 'Net::DNS::Resolver' );
[download]

I also tried putting in this code instead, but it never prints 'here':

        $res->axfr_start("$domain");
        print Dumper($res);

        while (my $rr = $res->axfr_next) {
               print "here\n";
            #$rr->print;
        }
[download]

-- Burvil

Comment on axfr method with Net::DNS::Resolver returning zero entries Select or Download Code

Replies are listed 'Best First'.
Re: axfr method with Net::DNS::Resolver returning zero entries by rhesa (Vicar) on Oct 10, 2007 at 19:13 UTC
The DNS server you're querying has to explicitly allow your host to do AXFR requests. If you're not on the list, you're out of luck. Since you're going to take over the domain, isn't it possible to ask the current owner for the zone file?	[reply]
Re^2: axfr method with Net::DNS::Resolver returning zero entries by bowei_99 (Friar) on Oct 10, 2007 at 20:47 UTC
Thanks. Exactly what I was thinking. Yeah, I got the zone files from the DNS admin, but he's not always in, and since he's the only one handling DNS for that domain, it's kind of a hassle to keep asking him for updates. I'd rather have write a script for perl to do it. That way also, right before it's migrated, I can have a snapshot to compare to. OK, I'll ask if my box can get added to his list to allow it to do axfr requests. -- Burvil	[reply]
Re: axfr method with Net::DNS::Resolver returning zero entries by shmem (Chancellor) on Oct 10, 2007 at 20:13 UTC
It is always a good idea to query for SOA first - that name server might not be authoritative? `;; AUTHORITY SECTION (0 records)` [download] --shmem _($_=" "x(1<<5)."?\n".q·/)Oo. G°\ / /\_¯/(q / ---------------------------- \__(m.====·.(_("always off the crowd"))."· ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}	[reply] [d/l]