Wenn man DNS Zonen transferieren oder vergleichen möchte, so kann dies über verschiedene Wege funktionieren.
Der beste Weg ist die Erstellung eines Slave-Servers, der die Zonendateien durch Zonentransfer axfr in seiner Directory-Struktur erzeugt. Diese Dateien haben dann auch immer das korrekte Format.
Sofern man allerdings nicht die Möglichkeit hat, einen Slave Server zu verwenden, kann man dig 1) verwenden.
Syntax
dig @127.0.0.1 tiri.li axfr in +nocomments +nosearch +noqr +multiline
dig -h
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain are in the Domain Name System
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-x dot-notation (shortcut for in-addr lookups)
-n (nibble form for reverse IPv6 lookups)
-f filename (batch mode)
-b address (bind to source address)
-p port (specify port number)
-t type (specify query type)
-c class (specify query class)
-k keyfile (specify tsig key file)
-y name:key (specify named base64 tsig key)
d-opt is of the form +keyword[=value], where keyword is:
+[no]vc (TCP mode)
+[no]tcp (TCP mode, alternate syntax)
+time=### (Set query timeout) [5]
+tries=### (Set number of UDP attempts) [3]
+domain=### (Set default domainname)
+bufsize=### (Set EDNS0 Max UDP packet size)
+ndots=### (Set NDOTS value)
+[no]search (Set whether to use searchlist)
+[no]defname (Ditto)
+[no]recursive (Recursive mode)
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]fail (Don't try next server on SERVFAIL)
+[no]besteffort (Try to parse even illegal messages)
+[no]aaonly (Set AA flag in query)
+[no]adflag (Set AD flag in query)
+[no]cdflag (Set CD flag in query)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]question (Control display of question)
+[no]answer (Control display of answer)
+[no]authority (Control display of authority)
+[no]additional (Control display of additional)
+[no]stats (Control display of statistics)
+[no]short (Disable everything except short
form of answer)
+[no]all (Set or clear all display flags)
+[no]qr (Print question before sending)
+[no]nssearch (Search all authoritative nameservers)
+[no]identify (ID responders in short answers)
+[no]trace (Trace delegation down from root)
+[no]dnssec (Request DNSSEC records)
+[no]multiline (Print records in an expanded format)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.