[net-dns-users] AXFR (was: Re: sep() and is_sep())

Dick Franks rwfranks at acm.org
Mon Jun 2 10:52:01 UTC 2014

On 2 June 2014 08:31, Calle Dybedahl <calle at init.se> wrote:

> I just found that the interface to AXFR has also changed completely.

Wild exaggeration.  TSIG verification has been added.  In all other
respects, the API is unchanged.

> 1) Without the concluding SOA record, how do I tell if the server sent me
> the whole zone or stopped in the middle?

    Returns a list of "Net::DNS::RR" objects, or empty list if the zone
    transfer failed.

    The redundant SOA record that terminates the zone transfer is not
    to the caller.
[perldoc Net::DNS::Resolver]

Although the perldoc for 0.68 says it returns undef if zone transfer
failed, the code never actually did so.

Neither statement is entirely accurate.  If the axfr() fails to get
started, an empty list is returned.  If something went wrong in the middle,
axfr() croaks. Arguably, an exception should be raised for both. Returning
an empty list in both cases is unsatisfactory for the reasons you

2) Returning all RRs in a single list rather than giving me one at a time

$res->axfr() has always returned a single list.

The internal axfr_start() and axfr_next() return a packet. This is
necessary to perform TSIG verification.

> Suggestions?

 Steal 25 lines from sub axfr and bend them to suit your application.  You
will then be living outside the API tent; but there is little risk that
axfr_start() and axfr_next() will ever change, because the current
behaviour is essential to perform TSIG verification.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20140602/087608c9/attachment.htm>

More information about the net-dns-users mailing list