This an experimental plugin that implements DNS zone transfer protocol (AXFR) RFC5936 for hsd
dig @127.0.0.1 -p 5349 . axfr > root.zone
That's it! root.zone should now have the complete handshake root zone (merged with ICANN names).
For now the plugin must be inside hsd directory
$ git clone https://github.com/handshake-org/hsd && cd hsd
$ git clone https://github.com/buffrr/hsd-axfr axfr
npm install --production
$ ./bin/hsd --plugins=$(pwd)/axfr
--axfr-prefer-icann: Prefers ICANN TLDs in case of a name collision--axfr-no-icann: Dump Handshake names only.--axfr-icann-servers: Set AXFR Servers used to load the ICANN root zone--axfr-allow-ips: Set IP addresses permitted to request a zone transfer
Since the default behavior in hsd is falling back to ICANN, the plugin also does the same. You can use --axfr-prefer-icann to change this behavior.
You can see name collisions in the logs. Example:
[warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: false)
The following servers are used by default for AXFR:
b.root-servers.net
c.root-servers.net
f.root-servers.net
You can change these by setting --axfr-icann-servers='<server1 server2 ...>'
You should keep hsd as an internal server. By default, AXFR queries are only allowed from lookpback address.
The --axfr-allow-ips='<ip1 ip2 ...>' option specifies which ip addresses are allowed to request a transfer.
MIT