SkillAgentSearch skills...

Axfr2hosts

Fetches one or more DNS zones via AXFR and dumps in Unix hosts format for local use

GenerateConvertImprove

Install / Use

/learn @dkorunic/Axfr2hosts
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

axfr2hosts

GitHub license GitHub release

About

axfr2hosts performs a DNS zone transfer (AXFR) against one or more zones on a single DNS server and converts the received A, AAAA, and CNAME records into a hosts file for local use — for example, when DNS servers are unreachable or down.

Output entries are sorted by IP address. For each IP address, all associated hostnames are listed in alphabetical order.

axfr2hosts can also read and parse local RFC 1035 zone files (such as BIND 9 zone files) and process A and CNAME records into a hosts file without requiring a zone transfer.

Requirements

One of the following:

  • Permission to perform a full zone transfer (AXFR), typically granted via allow-transfer in BIND 9 or allow-axfr-ips in PowerDNS,
  • Read access to RFC 1035 zone files on the local filesystem.

Installation

Manual

Download your preferred release from the releases page and install it manually, typically to /usr/local/bin/axfr2hosts.

Using go install

go install github.com/dkorunic/axfr2hosts@latest

Usage

Usage: ./axfr2hosts [options] zone [zone2 [zone3 ...]] [@server[:port]]
  -cidr_list string
        Use only targets from CIDR whitelist (comma separated list)
  -cpu_profile string
        CPU profile output file
  -greedy_cname
        Resolve out-of-zone CNAME targets (default true)
  -ignore_star
        Ignore wildcard records (default true)
  -max_retries uint
        Maximum DNS zone transfer attempts (default 3)
  -max_transfers uint
        Maximum parallel zone transfers (default 10)
  -mem_profile string
        memory profile output file
  -resolver_address string
        DNS resolver (DNS recursor) IP address
  -resolver_timeout duration
        DNS queries timeout (should be 2-10s) (default 10s)
  -strip_domain
        Strip domain name from FQDN hosts entries
  -strip_unstrip
        Keep both FQDN names and domain-stripped names
  -verbose
        Enable more verbosity
  -version
        Show version and exit
1) If server was not specified, zones will be parsed as RFC 1035 zone files on a local filesystem,
2) We also permit zone=domain argument format to infer a domain name for zone files.

For more information visit project home: https://github.com/dkorunic/axfr2hosts

At minimum, a single zone and a single server are required for any meaningful action.

A typical invocation looks like:

axfr2hosts dkorunic.net pkorunic.net @172.64.33.146

CNAME handling

By default, the tool follows CNAME records even when they point to targets outside the transferred zone and resolves them to one or more IP addresses. This behavior can be disabled with -greedy_cname=false, which restricts CNAME resolution to in-zone targets only.

Wildcard handling

By default, the tool ignores wildcard records (DNS labels containing *). To include wildcard records and treat them as ordinary labels, use -ignore_star=false.

Filter results by CIDR

To include only records whose IP addresses fall within specific subnets, use the -cidr_list flag with a comma-separated list of CIDR ranges.

Transferring many zones

When transferring a large number of zones at once, the tool works well with xargs. Zones that fail to transfer are skipped, and their errors are printed to stderr:

xargs axfr2hosts @nameserver < list

The maximum number of concurrent zone transfers is controlled by -max_transfers, which defaults to 10 — matching BIND 9's default transfers-out setting in named.conf.

Strip domain name

Use -strip_domain to emit hosts file entries with the domain portion stripped, leaving only the short hostname label. Use -strip_unstrip to include both the full FQDN and the stripped short name for each entry. Note that either option produces less meaningful results when processing multiple domains simultaneously.

Process local zone files

To process RFC 1035 zone files on the local filesystem, omit the @server argument. It is recommended to supply the domain name explicitly by appending =domain to the zone file path, because the domain inferred from the zone file itself may be incorrect (for instance, when the file lacks a top-level $ORIGIN directive, all records are non-FQDN, or records use the @ macro):

axfr2hosts dkorunic.net.zone=dkorunic.net

DNS error code responses

If you encounter an error such as dns: bad xfr rcode: 9, the following table maps DNS response codes to their meanings:

| Response Code | Return Message | Explanation | | :------------ | :------------- | :------------------- | | 0 | NOERROR | No error | | 1 | FORMERR | Format error | | 2 | SERVFAIL | Server failure | | 3 | NXDOMAIN | Name does not exist | | 4 | NOTIMP | Not implemented | | 5 | REFUSED | Refused | | 6 | YXDOMAIN | Name exists | | 7 | YRRSET | RRset exists | | 8 | NXRRSET | RRset does not exist | | 9 | NOTAUTH | Not authoritative | | 10 | NOTZONE | Name not in zone |

dkorunic

View profile

View on GitHub
GitHub Stars14
CategoryDevelopment
Updated15d ago
Forks0
dkorunic/axfr2hosts

Languages

Go

Security Score

95/100

Audited on Mar 23, 2026

No findings