AXFR2ACL(1) User Contributed Perl Documentation AXFR2ACL(1)NAMEaxfr2acl - create a BIND ACL containing "A" records from a set of zones
SYNOPSISaxfr2acl [options]
DESCRIPTION
Axfr2acl collects all A records from a set of supplied DNS zones and
writes out a DNS ACL containing all of them. If possible, the
addresses are compressed into CIDRs. The resulting list is sorted
lexicographically.
The resulting ACL is normally written to a file, either as a list of
CIDRs or as a BIND acl statement, if the ACL name is given. In both
cases, the file is sutable for inclusion in the BIND configuration
file. If the file already exists when the command is invoked, its
contents is recorded and is used subsequently to determine whether it
has changed. The utility will actually modify the output file only if
the constructed list differs from the one it contained initially. It
will also avoid running zone transfers if the serial records of all
involved zones did not change since the last run.
The program exits with code 0 if the file is up to date, 1 if it has
successfully updated the file, 2 if some error ocurred and 3 if the
command line usage was incorrect.
OPTIONS
The following option control the output:
--acl=name
Format output as a bind ACL statement with the given name.
--comment=string
Print string as the heading comment to the output. The argument
can consist of multiple lines. A "#" sign will be printed before
each of them.
--outfile=FILE, -o FILE
Write the result to FILE, instead of the default "netlist".
The following options control the selection of DNS zones and initial
contents of the output list:
--add-network=arg
Add given CIDRs to the output list. Argument is a comma-separated
list of CIDRs.
--from-file=FILE, -T FILE
Populate the output list with CIDRs read from FILE. The file must
list each CIDR on a separate line. Empty lines and comments
(introduced by "#" sign) are ignored.
--zones=zonelist, -z zonelist
Defines a list of zones to query. Zonelist is a comma-separated
list of zone names.
Options controlling log and debug output:
--log-file=FILE, -l FILE
Write diagnostic output to FILE, instead of standard error.
--debug[=spec[,spec...]], -d[spec[,spec...]]
Set debugging level. Spec is either category or category=level,
category is a debugging category name and level is a decimal
verbosity level. Valid categories are: "GENERAL" and "DNS".
--dry-run, -n
Don't create output file. Instead print the result on the standard
output.
Informational options:
--help, -h
Shows a terse help summary and exit.
--man
Prints the manual page and exits.
CONFIGURATION
The program reads its configuration from one of the following
locations:
a. The file name given by "AXFR2ACL_CONF" environment variable (if set)
b. ~/.axfr2acl.conf
c. /etc/axfr2acl.conf
The first existing file from this list is used. It is an error, if the
$AXFR2ACL_CONF variable is set, but points to a file that does not
exist. It is not an error, if $AXFR2ACL_CONF is not set and neither of
the two remaining files exist. It is, however, an error if any of
these file exists, but is not readable.
The configuration file uses a usual UNIX configuration format. Empty
lines and UNIX comments are ignored. Each non-empty line is either an
option name, or option assignment, i.e. opt=val, with any amount of
optional whitespace around the equals sign. Valid option names are the
same as the long command line options, but without the leading --. For
example:
zones = example.net,example.com
acl = mynets
add-network = 10.0.0.0/8
outfile = networks.inc
ENVIRONMENT
AXFR2ACL_CONF
The name of the configuration file to read, instead of the default
/etc/axfr2acl.conf.
SEE ALSOrpsl2acl(1).
AUTHOR
Sergey Poznyakoff <gray@gnu.org>
perl v5.20.2 2012-07-07 AXFR2ACL(1)
