the zone-transfer server (ldapaxfr) works similar to djbdns axfrdns except that
it pulls "zones" out of the ldap server.

the zone-transfer server REQUIRES that the AXFR environment variable be set to:
	a single dot
or	a root of the attempted zone
before allowing a zone transfer to occur. AXFR can be disabled (by not setting
the AXFR environment variable, or setting it to an empty string) and ldapaxfr
will still answer regular queries via TCP.

this change is primarily to support APNIC (asia and australia) domains that
insist on TCP service but the administrator does not want wide-open zone
transfers...

sample/axfr contains a default configuration for this.