1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") 6 - Copyright (C) 2000-2002 Internet Software Consortium. 7 - 8 - Permission to use, copy, modify, and/or distribute this software for any 9 - purpose with or without fee is hereby granted, provided that the above 10 - copyright notice and this permission notice appear in all copies. 11 - 12 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 13 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 14 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 15 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 16 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 17 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 18 - PERFORMANCE OF THIS SOFTWARE. 19--> 20 21<refentry id="man.named-checkzone"> 22 <refentryinfo> 23 <date>February 19, 2014</date> 24 </refentryinfo> 25 26 <refmeta> 27 <refentrytitle><application>named-checkzone</application></refentrytitle> 28 <manvolnum>8</manvolnum> 29 <refmiscinfo>BIND9</refmiscinfo> 30 </refmeta> 31 32 <docinfo> 33 <copyright> 34 <year>2004</year> 35 <year>2005</year> 36 <year>2006</year> 37 <year>2007</year> 38 <year>2009</year> 39 <year>2010</year> 40 <year>2011</year> 41 <year>2012</year> 42 <year>2013</year> 43 <year>2014</year> 44 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 45 </copyright> 46 <copyright> 47 <year>2000</year> 48 <year>2001</year> 49 <year>2002</year> 50 <holder>Internet Software Consortium.</holder> 51 </copyright> 52 </docinfo> 53 54 <refnamediv> 55 <refname><application>named-checkzone</application></refname> 56 <refname><application>named-compilezone</application></refname> 57 <refpurpose>zone file validity checking or converting tool</refpurpose> 58 </refnamediv> 59 60 <refsynopsisdiv> 61 <cmdsynopsis> 62 <command>named-checkzone</command> 63 <arg><option>-d</option></arg> 64 <arg><option>-h</option></arg> 65 <arg><option>-j</option></arg> 66 <arg><option>-q</option></arg> 67 <arg><option>-v</option></arg> 68 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg> 69 <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg> 70 <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg> 71 <arg><option>-J <replaceable class="parameter">filename</replaceable></option></arg> 72 <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg> 73 <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg> 74 <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg> 75 <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg> 76 <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg> 77 <arg><option>-l <replaceable class="parameter">ttl</replaceable></option></arg> 78 <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg> 79 <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg> 80 <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg> 81 <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg> 82 <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg> 83 <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> 84 <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg> 85 <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg> 86 <arg><option>-D</option></arg> 87 <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg> 88 <arg choice="req">zonename</arg> 89 <arg choice="req">filename</arg> 90 </cmdsynopsis> 91 <cmdsynopsis> 92 <command>named-compilezone</command> 93 <arg><option>-d</option></arg> 94 <arg><option>-j</option></arg> 95 <arg><option>-q</option></arg> 96 <arg><option>-v</option></arg> 97 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg> 98 <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg> 99 <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg> 100 <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg> 101 <arg><option>-J <replaceable class="parameter">filename</replaceable></option></arg> 102 <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg> 103 <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg> 104 <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg> 105 <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg> 106 <arg><option>-l <replaceable class="parameter">ttl</replaceable></option></arg> 107 <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg> 108 <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg> 109 <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg> 110 <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> 111 <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg> 112 <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg> 113 <arg><option>-D</option></arg> 114 <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg> 115 <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg> 116 <arg choice="req">zonename</arg> 117 <arg choice="req">filename</arg> 118 </cmdsynopsis> 119 </refsynopsisdiv> 120 121 <refsect1> 122 <title>DESCRIPTION</title> 123 <para><command>named-checkzone</command> 124 checks the syntax and integrity of a zone file. It performs the 125 same checks as <command>named</command> does when loading a 126 zone. This makes <command>named-checkzone</command> useful for 127 checking zone files before configuring them into a name server. 128 </para> 129 <para> 130 <command>named-compilezone</command> is similar to 131 <command>named-checkzone</command>, but it always dumps the 132 zone contents to a specified file in a specified format. 133 Additionally, it applies stricter check levels by default, 134 since the dump output will be used as an actual zone file 135 loaded by <command>named</command>. 136 When manually specified otherwise, the check levels must at 137 least be as strict as those specified in the 138 <command>named</command> configuration file. 139 </para> 140 </refsect1> 141 142 <refsect1> 143 <title>OPTIONS</title> 144 145 <variablelist> 146 <varlistentry> 147 <term>-d</term> 148 <listitem> 149 <para> 150 Enable debugging. 151 </para> 152 </listitem> 153 </varlistentry> 154 155 <varlistentry> 156 <term>-h</term> 157 <listitem> 158 <para> 159 Print the usage summary and exit. 160 </para> 161 </listitem> 162 </varlistentry> 163 164 <varlistentry> 165 <term>-q</term> 166 <listitem> 167 <para> 168 Quiet mode - exit code only. 169 </para> 170 </listitem> 171 </varlistentry> 172 173 <varlistentry> 174 <term>-v</term> 175 <listitem> 176 <para> 177 Print the version of the <command>named-checkzone</command> 178 program and exit. 179 </para> 180 </listitem> 181 </varlistentry> 182 183 <varlistentry> 184 <term>-j</term> 185 <listitem> 186 <para> 187 When loading a zone file, read the journal if it exists. 188 The journal file name is assumed to be the zone file name 189 appended with the string <filename>.jnl</filename>. 190 </para> 191 </listitem> 192 </varlistentry> 193 194 <varlistentry> 195 <term>-J <replaceable class="parameter">filename</replaceable></term> 196 <listitem> 197 <para> 198 When loading the zone file read the journal from the given 199 file, if it exists. (Implies -j.) 200 </para> 201 </listitem> 202 </varlistentry> 203 204 <varlistentry> 205 <term>-c <replaceable class="parameter">class</replaceable></term> 206 <listitem> 207 <para> 208 Specify the class of the zone. If not specified, "IN" is assumed. 209 </para> 210 </listitem> 211 </varlistentry> 212 213 <varlistentry> 214 <term>-i <replaceable class="parameter">mode</replaceable></term> 215 <listitem> 216 <para> 217 Perform post-load zone integrity checks. Possible modes are 218 <command>"full"</command> (default), 219 <command>"full-sibling"</command>, 220 <command>"local"</command>, 221 <command>"local-sibling"</command> and 222 <command>"none"</command>. 223 </para> 224 <para> 225 Mode <command>"full"</command> checks that MX records 226 refer to A or AAAA record (both in-zone and out-of-zone 227 hostnames). Mode <command>"local"</command> only 228 checks MX records which refer to in-zone hostnames. 229 </para> 230 <para> 231 Mode <command>"full"</command> checks that SRV records 232 refer to A or AAAA record (both in-zone and out-of-zone 233 hostnames). Mode <command>"local"</command> only 234 checks SRV records which refer to in-zone hostnames. 235 </para> 236 <para> 237 Mode <command>"full"</command> checks that delegation NS 238 records refer to A or AAAA record (both in-zone and out-of-zone 239 hostnames). It also checks that glue address records 240 in the zone match those advertised by the child. 241 Mode <command>"local"</command> only checks NS records which 242 refer to in-zone hostnames or that some required glue exists, 243 that is when the nameserver is in a child zone. 244 </para> 245 <para> 246 Mode <command>"full-sibling"</command> and 247 <command>"local-sibling"</command> disable sibling glue 248 checks but are otherwise the same as <command>"full"</command> 249 and <command>"local"</command> respectively. 250 </para> 251 <para> 252 Mode <command>"none"</command> disables the checks. 253 </para> 254 </listitem> 255 </varlistentry> 256 257 <varlistentry> 258 <term>-f <replaceable class="parameter">format</replaceable></term> 259 <listitem> 260 <para> 261 Specify the format of the zone file. 262 Possible formats are <command>"text"</command> (default), 263 <command>"raw"</command>, and <command>"map"</command>. 264 </para> 265 </listitem> 266 </varlistentry> 267 268 <varlistentry> 269 <term>-F <replaceable class="parameter">format</replaceable></term> 270 <listitem> 271 <para> 272 Specify the format of the output file specified. 273 For <command>named-checkzone</command>, 274 this does not cause any effects unless it dumps the zone 275 contents. 276 </para> 277 <para> 278 Possible formats are <command>"text"</command> (default), 279 which is the standard textual representation of the zone, 280 and <command>"map"</command>, <command>"raw"</command>, 281 and <command>"raw=N"</command>, which store the zone in a 282 binary format for rapid loading by <command>named</command>. 283 <command>"raw=N"</command> specifies the format version of 284 the raw zone file: if N is 0, the raw file can be read by 285 any version of <command>named</command>; if N is 1, the file 286 can be read by release 9.9.0 or higher; the default is 1. 287 </para> 288 </listitem> 289 </varlistentry> 290 291 <varlistentry> 292 <term>-k <replaceable class="parameter">mode</replaceable></term> 293 <listitem> 294 <para> 295 Perform <command>"check-names"</command> checks with the 296 specified failure mode. 297 Possible modes are <command>"fail"</command> 298 (default for <command>named-compilezone</command>), 299 <command>"warn"</command> 300 (default for <command>named-checkzone</command>) and 301 <command>"ignore"</command>. 302 </para> 303 </listitem> 304 </varlistentry> 305 306 <varlistentry> 307 <term>-l <replaceable class="parameter">ttl</replaceable></term> 308 <listitem> 309 <para> 310 Sets a maximum permissible TTL for the input file. 311 Any record with a TTL higher than this value will cause 312 the zone to be rejected. This is similar to using the 313 <command>max-zone-ttl</command> option in 314 <filename>named.conf</filename>. 315 </para> 316 </listitem> 317 </varlistentry> 318 319 <varlistentry> 320 <term>-L <replaceable class="parameter">serial</replaceable></term> 321 <listitem> 322 <para> 323 When compiling a zone to "raw" or "map" format, set the 324 "source serial" value in the header to the specified serial 325 number. (This is expected to be used primarily for testing 326 purposes.) 327 </para> 328 </listitem> 329 </varlistentry> 330 331 <varlistentry> 332 <term>-m <replaceable class="parameter">mode</replaceable></term> 333 <listitem> 334 <para> 335 Specify whether MX records should be checked to see if they 336 are addresses. Possible modes are <command>"fail"</command>, 337 <command>"warn"</command> (default) and 338 <command>"ignore"</command>. 339 </para> 340 </listitem> 341 </varlistentry> 342 343 <varlistentry> 344 <term>-M <replaceable class="parameter">mode</replaceable></term> 345 <listitem> 346 <para> 347 Check if a MX record refers to a CNAME. 348 Possible modes are <command>"fail"</command>, 349 <command>"warn"</command> (default) and 350 <command>"ignore"</command>. 351 </para> 352 </listitem> 353 </varlistentry> 354 355 <varlistentry> 356 <term>-n <replaceable class="parameter">mode</replaceable></term> 357 <listitem> 358 <para> 359 Specify whether NS records should be checked to see if they 360 are addresses. 361 Possible modes are <command>"fail"</command> 362 (default for <command>named-compilezone</command>), 363 <command>"warn"</command> 364 (default for <command>named-checkzone</command>) and 365 <command>"ignore"</command>. 366 </para> 367 </listitem> 368 </varlistentry> 369 370 <varlistentry> 371 <term>-o <replaceable class="parameter">filename</replaceable></term> 372 <listitem> 373 <para> 374 Write zone output to <filename>filename</filename>. 375 If <filename>filename</filename> is <filename>-</filename> then 376 write to standard out. 377 This is mandatory for <command>named-compilezone</command>. 378 </para> 379 </listitem> 380 </varlistentry> 381 382 <varlistentry> 383 <term>-r <replaceable class="parameter">mode</replaceable></term> 384 <listitem> 385 <para> 386 Check for records that are treated as different by DNSSEC but 387 are semantically equal in plain DNS. 388 Possible modes are <command>"fail"</command>, 389 <command>"warn"</command> (default) and 390 <command>"ignore"</command>. 391 </para> 392 </listitem> 393 </varlistentry> 394 395 <varlistentry> 396 <term>-s <replaceable class="parameter">style</replaceable></term> 397 <listitem> 398 <para> 399 Specify the style of the dumped zone file. 400 Possible styles are <command>"full"</command> (default) 401 and <command>"relative"</command>. 402 The full format is most suitable for processing 403 automatically by a separate script. 404 On the other hand, the relative format is more 405 human-readable and is thus suitable for editing by hand. 406 For <command>named-checkzone</command> 407 this does not cause any effects unless it dumps the zone 408 contents. 409 It also does not have any meaning if the output format 410 is not text. 411 </para> 412 </listitem> 413 </varlistentry> 414 415 <varlistentry> 416 <term>-S <replaceable class="parameter">mode</replaceable></term> 417 <listitem> 418 <para> 419 Check if a SRV record refers to a CNAME. 420 Possible modes are <command>"fail"</command>, 421 <command>"warn"</command> (default) and 422 <command>"ignore"</command>. 423 </para> 424 </listitem> 425 </varlistentry> 426 427 <varlistentry> 428 <term>-t <replaceable class="parameter">directory</replaceable></term> 429 <listitem> 430 <para> 431 Chroot to <filename>directory</filename> so that 432 include 433 directives in the configuration file are processed as if 434 run by a similarly chrooted named. 435 </para> 436 </listitem> 437 </varlistentry> 438 439 <varlistentry> 440 <term>-T <replaceable class="parameter">mode</replaceable></term> 441 <listitem> 442 <para> 443 Check if Sender Policy Framework (SPF) records exist 444 and issues a warning if an SPF-formatted TXT record is 445 not also present. Possible modes are <command>"warn"</command> 446 (default), <command>"ignore"</command>. 447 </para> 448 </listitem> 449 </varlistentry> 450 451 <varlistentry> 452 <term>-w <replaceable class="parameter">directory</replaceable></term> 453 <listitem> 454 <para> 455 chdir to <filename>directory</filename> so that 456 relative 457 filenames in master file $INCLUDE directives work. This 458 is similar to the directory clause in 459 <filename>named.conf</filename>. 460 </para> 461 </listitem> 462 </varlistentry> 463 464 <varlistentry> 465 <term>-D</term> 466 <listitem> 467 <para> 468 Dump zone file in canonical format. 469 This is always enabled for <command>named-compilezone</command>. 470 </para> 471 </listitem> 472 </varlistentry> 473 474 <varlistentry> 475 <term>-W <replaceable class="parameter">mode</replaceable></term> 476 <listitem> 477 <para> 478 Specify whether to check for non-terminal wildcards. 479 Non-terminal wildcards are almost always the result of a 480 failure to understand the wildcard matching algorithm (RFC 1034). 481 Possible modes are <command>"warn"</command> (default) 482 and 483 <command>"ignore"</command>. 484 </para> 485 </listitem> 486 </varlistentry> 487 488 <varlistentry> 489 <term>zonename</term> 490 <listitem> 491 <para> 492 The domain name of the zone being checked. 493 </para> 494 </listitem> 495 </varlistentry> 496 497 <varlistentry> 498 <term>filename</term> 499 <listitem> 500 <para> 501 The name of the zone file. 502 </para> 503 </listitem> 504 </varlistentry> 505 506 </variablelist> 507 508 </refsect1> 509 510 <refsect1> 511 <title>RETURN VALUES</title> 512 <para><command>named-checkzone</command> 513 returns an exit status of 1 if 514 errors were detected and 0 otherwise. 515 </para> 516 </refsect1> 517 518 <refsect1> 519 <title>SEE ALSO</title> 520 <para><citerefentry> 521 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 522 </citerefentry>, 523 <citerefentry> 524 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> 525 </citerefentry>, 526 <citetitle>RFC 1035</citetitle>, 527 <citetitle>BIND 9 Administrator Reference Manual</citetitle>. 528 </para> 529 </refsect1> 530 531 <refsect1> 532 <title>AUTHOR</title> 533 <para><corpauthor>Internet Systems Consortium</corpauthor> 534 </para> 535 </refsect1> 536 537</refentry><!-- 538 - Local variables: 539 - mode: sgml 540 - End: 541--> 542