NAME

SYNOPSIS

DESCRIPTION

The resulting ACL is normally written to a file, either as a list of CIDRs or as a BIND acl statement, if the ACL name is given. In both cases, the file is sutable for inclusion in the BIND configuration file. If the file already exists when the command is invoked, its contents is recorded and is used subsequently to determine whether it has changed. The utility will actually modify the output file only if the constructed list differs from the one it contained initially. It will also avoid running zone transfers if the serial records of all involved zones did not change since the last run.

The program exits with code 0 if the file is up to date, 1 if it has successfully updated the file, 2 if some error ocurred and 3 if the command line usage was incorrect.

OPTIONS

--acl=name

Format output as a bind ACL statement with the given name.

--comment=string

Print string as the heading comment to the output. The argument can consist of multiple lines. A "#" sign will be printed before each of them.

--outfile=FILE, -o FILE

Write the result to FILE, instead of the default "netlist".

The following options control the selection of DNS zones and initial contents of the output list:

--add-network=arg

Add given CIDRs to the output list. Argument is a comma-separated list of CIDRs.

--from-file=FILE, -T FILE

Populate the output list with CIDRs read from FILE. The file must list each CIDR on a separate line. Empty lines and comments (introduced by "#" sign) are ignored.

--zones=zonelist, -z zonelist

Defines a list of zones to query. Zonelist is a comma-separated list of zone names.

Options controlling log and debug output:

--log-file=FILE, -l FILE

Write diagnostic output to FILE, instead of standard error.

--debug[=spec[,spec...]], -d[spec[,spec...]]

Set debugging level. Spec is either category or category=level, category is a debugging category name and level is a decimal verbosity level. Valid categories are: "GENERAL" and "DNS".

--dry-run, -n

Don't create output file. Instead print the result on the standard output.

Informational options:

--help, -h

Shows a terse help summary and exit.

--man

Prints the manual page and exits.

CONFIGURATION

a. The file name given by "AXFR2ACL_CONF" environment variable (if set)

b. ~/.axfr2acl.conf

c. /etc/axfr2acl.conf

The first existing file from this list is used. It is an error, if the $AXFR2ACL_CONF variable is set, but points to a file that does not exist. It is not an error, if $AXFR2ACL_CONF is not set and neither of the two remaining files exist. It is, however, an error if any of these file exists, but is not readable.

The configuration file uses a usual UNIX configuration format. Empty lines and UNIX comments are ignored. Each non-empty line is either an option name, or option assignment, i.e. opt=val, with any amount of optional whitespace around the equals sign. Valid option names are the same as the long command line options, but without the leading --. For example:

  zones = example.net,example.com
  acl = mynets
  add-network = 10.0.0.0/8
  outfile = networks.inc

ENVIRONMENT

AXFR2ACL_CONF

The name of the configuration file to read, instead of the default /etc/axfr2acl.conf.

SEE ALSO

AUTHOR