[dns-operations] Minimalistic DNS server for SOA and AXFR

Anand Buddhdev anandb at ripe.net
Tue Jul 17 13:07:33 UTC 2012

Thanks to all who responded, both publicly and privately.

I had forgotten to mention that the clients will be under my control,
and I don't plan on using TSIG, so I'm not going to bother implementing it.

I'm also not going to bother with the NOTIMP responses, and just return
REFUSED for queries I don't support.

About responding to SOA queries over TCP: BIND doesn't do that (it uses
UDP to query for the SOA record) and neither does NSD (it always asks
for AXFR/IXFR, and looks at the SOA record in there, abandoning the
connection if it doesn't need the XFR). So I can get away with
implementing just AXFR over TCP, and nothing else (including returning
AXFR in response to IXFR).



On 16/07/2012 16:49, Anand Buddhdev wrote:
> Hello DNS gurus,
> I'm writing a minimalistic DNS server (in python, using the dnspython
> module), whose purpose will simply be to provide AXFR for a fixed set of
> zones. The clients will be BIND and/or NSD. It will send NOTIFY messages
> to the clients, and provide (some) responses.
> As far as I can see, my small DNS server needs to do the following:
> 1. Listen on UDP/53, and:
> 1a. return REFUSED responses for any zones I haven't loaded;
> 1b. return NOTIMP responses to queries other than SOA; and
> 1c. return a NOERROR response for zones I have, with the SOA record in
> the answer section, setting the AA bit. Do I need to fill the authority
> section too?
> 2. Listen on TCP/53, and:
> 2a. return REFUSED responses for any zones I haven't loaded; and
> 2b. return NOTIMP responses to queries other than AXFR; and
> 2c. return the zone in response to AXFR.
> Have I missed anything obvious?
> Regards,
> Anand

More information about the dns-operations mailing list