1<!-- 2 - Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") 3 - Copyright (C) 2000-2002 Internet Software Consortium. 4 - 5 - Permission to use, copy, modify, and/or distribute this software for any 6 - purpose with or without fee is hereby granted, provided that the above 7 - copyright notice and this permission notice appear in all copies. 8 - 9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 - PERFORMANCE OF THIS SOFTWARE. 16--> 17<!-- Id --> 18<html> 19<head> 20<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 21<title>named-checkzone</title> 22<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 23</head> 24<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> 25<a name="man.named-checkzone"></a><div class="titlepage"></div> 26<div class="refnamediv"> 27<h2>Name</h2> 28<p><span class="application">named-checkzone</span>, <span class="application">named-compilezone</span> — zone file validity checking or converting tool</p> 29</div> 30<div class="refsynopsisdiv"> 31<h2>Synopsis</h2> 32<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div> 33<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> 34</div> 35<div class="refsect1" lang="en"> 36<a name="id2543784"></a><h2>DESCRIPTION</h2> 37<p><span><strong class="command">named-checkzone</strong></span> 38 checks the syntax and integrity of a zone file. It performs the 39 same checks as <span><strong class="command">named</strong></span> does when loading a 40 zone. This makes <span><strong class="command">named-checkzone</strong></span> useful for 41 checking zone files before configuring them into a name server. 42 </p> 43<p> 44 <span><strong class="command">named-compilezone</strong></span> is similar to 45 <span><strong class="command">named-checkzone</strong></span>, but it always dumps the 46 zone contents to a specified file in a specified format. 47 Additionally, it applies stricter check levels by default, 48 since the dump output will be used as an actual zone file 49 loaded by <span><strong class="command">named</strong></span>. 50 When manually specified otherwise, the check levels must at 51 least be as strict as those specified in the 52 <span><strong class="command">named</strong></span> configuration file. 53 </p> 54</div> 55<div class="refsect1" lang="en"> 56<a name="id2543819"></a><h2>OPTIONS</h2> 57<div class="variablelist"><dl> 58<dt><span class="term">-d</span></dt> 59<dd><p> 60 Enable debugging. 61 </p></dd> 62<dt><span class="term">-h</span></dt> 63<dd><p> 64 Print the usage summary and exit. 65 </p></dd> 66<dt><span class="term">-q</span></dt> 67<dd><p> 68 Quiet mode - exit code only. 69 </p></dd> 70<dt><span class="term">-v</span></dt> 71<dd><p> 72 Print the version of the <span><strong class="command">named-checkzone</strong></span> 73 program and exit. 74 </p></dd> 75<dt><span class="term">-j</span></dt> 76<dd><p> 77 When loading a zone file, read the journal if it exists. 78 The journal file name is assumed to be the zone file name 79 appended with the string <code class="filename">.jnl</code>. 80 </p></dd> 81<dt><span class="term">-J <em class="replaceable"><code>filename</code></em></span></dt> 82<dd><p> 83 When loading the zone file read the journal from the given 84 file, if it exists. (Implies -j.) 85 </p></dd> 86<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt> 87<dd><p> 88 Specify the class of the zone. If not specified, "IN" is assumed. 89 </p></dd> 90<dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt> 91<dd> 92<p> 93 Perform post-load zone integrity checks. Possible modes are 94 <span><strong class="command">"full"</strong></span> (default), 95 <span><strong class="command">"full-sibling"</strong></span>, 96 <span><strong class="command">"local"</strong></span>, 97 <span><strong class="command">"local-sibling"</strong></span> and 98 <span><strong class="command">"none"</strong></span>. 99 </p> 100<p> 101 Mode <span><strong class="command">"full"</strong></span> checks that MX records 102 refer to A or AAAA record (both in-zone and out-of-zone 103 hostnames). Mode <span><strong class="command">"local"</strong></span> only 104 checks MX records which refer to in-zone hostnames. 105 </p> 106<p> 107 Mode <span><strong class="command">"full"</strong></span> checks that SRV records 108 refer to A or AAAA record (both in-zone and out-of-zone 109 hostnames). Mode <span><strong class="command">"local"</strong></span> only 110 checks SRV records which refer to in-zone hostnames. 111 </p> 112<p> 113 Mode <span><strong class="command">"full"</strong></span> checks that delegation NS 114 records refer to A or AAAA record (both in-zone and out-of-zone 115 hostnames). It also checks that glue address records 116 in the zone match those advertised by the child. 117 Mode <span><strong class="command">"local"</strong></span> only checks NS records which 118 refer to in-zone hostnames or that some required glue exists, 119 that is when the nameserver is in a child zone. 120 </p> 121<p> 122 Mode <span><strong class="command">"full-sibling"</strong></span> and 123 <span><strong class="command">"local-sibling"</strong></span> disable sibling glue 124 checks but are otherwise the same as <span><strong class="command">"full"</strong></span> 125 and <span><strong class="command">"local"</strong></span> respectively. 126 </p> 127<p> 128 Mode <span><strong class="command">"none"</strong></span> disables the checks. 129 </p> 130</dd> 131<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt> 132<dd><p> 133 Specify the format of the zone file. 134 Possible formats are <span><strong class="command">"text"</strong></span> (default), 135 <span><strong class="command">"raw"</strong></span>, and <span><strong class="command">"map"</strong></span>. 136 </p></dd> 137<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt> 138<dd> 139<p> 140 Specify the format of the output file specified. 141 For <span><strong class="command">named-checkzone</strong></span>, 142 this does not cause any effects unless it dumps the zone 143 contents. 144 </p> 145<p> 146 Possible formats are <span><strong class="command">"text"</strong></span> (default), 147 which is the standard textual representation of the zone, 148 and <span><strong class="command">"map"</strong></span>, <span><strong class="command">"raw"</strong></span>, 149 and <span><strong class="command">"raw=N"</strong></span>, which store the zone in a 150 binary format for rapid loading by <span><strong class="command">named</strong></span>. 151 <span><strong class="command">"raw=N"</strong></span> specifies the format version of 152 the raw zone file: if N is 0, the raw file can be read by 153 any version of <span><strong class="command">named</strong></span>; if N is 1, the file 154 can be read by release 9.9.0 or higher; the default is 1. 155 </p> 156</dd> 157<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt> 158<dd><p> 159 Perform <span><strong class="command">"check-names"</strong></span> checks with the 160 specified failure mode. 161 Possible modes are <span><strong class="command">"fail"</strong></span> 162 (default for <span><strong class="command">named-compilezone</strong></span>), 163 <span><strong class="command">"warn"</strong></span> 164 (default for <span><strong class="command">named-checkzone</strong></span>) and 165 <span><strong class="command">"ignore"</strong></span>. 166 </p></dd> 167<dt><span class="term">-l <em class="replaceable"><code>ttl</code></em></span></dt> 168<dd><p> 169 Sets a maximum permissible TTL for the input file. 170 Any record with a TTL higher than this value will cause 171 the zone to be rejected. This is similar to using the 172 <span><strong class="command">max-zone-ttl</strong></span> option in 173 <code class="filename">named.conf</code>. 174 </p></dd> 175<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt> 176<dd><p> 177 When compiling a zone to "raw" or "map" format, set the 178 "source serial" value in the header to the specified serial 179 number. (This is expected to be used primarily for testing 180 purposes.) 181 </p></dd> 182<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt> 183<dd><p> 184 Specify whether MX records should be checked to see if they 185 are addresses. Possible modes are <span><strong class="command">"fail"</strong></span>, 186 <span><strong class="command">"warn"</strong></span> (default) and 187 <span><strong class="command">"ignore"</strong></span>. 188 </p></dd> 189<dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt> 190<dd><p> 191 Check if a MX record refers to a CNAME. 192 Possible modes are <span><strong class="command">"fail"</strong></span>, 193 <span><strong class="command">"warn"</strong></span> (default) and 194 <span><strong class="command">"ignore"</strong></span>. 195 </p></dd> 196<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt> 197<dd><p> 198 Specify whether NS records should be checked to see if they 199 are addresses. 200 Possible modes are <span><strong class="command">"fail"</strong></span> 201 (default for <span><strong class="command">named-compilezone</strong></span>), 202 <span><strong class="command">"warn"</strong></span> 203 (default for <span><strong class="command">named-checkzone</strong></span>) and 204 <span><strong class="command">"ignore"</strong></span>. 205 </p></dd> 206<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt> 207<dd><p> 208 Write zone output to <code class="filename">filename</code>. 209 If <code class="filename">filename</code> is <code class="filename">-</code> then 210 write to standard out. 211 This is mandatory for <span><strong class="command">named-compilezone</strong></span>. 212 </p></dd> 213<dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt> 214<dd><p> 215 Check for records that are treated as different by DNSSEC but 216 are semantically equal in plain DNS. 217 Possible modes are <span><strong class="command">"fail"</strong></span>, 218 <span><strong class="command">"warn"</strong></span> (default) and 219 <span><strong class="command">"ignore"</strong></span>. 220 </p></dd> 221<dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt> 222<dd><p> 223 Specify the style of the dumped zone file. 224 Possible styles are <span><strong class="command">"full"</strong></span> (default) 225 and <span><strong class="command">"relative"</strong></span>. 226 The full format is most suitable for processing 227 automatically by a separate script. 228 On the other hand, the relative format is more 229 human-readable and is thus suitable for editing by hand. 230 For <span><strong class="command">named-checkzone</strong></span> 231 this does not cause any effects unless it dumps the zone 232 contents. 233 It also does not have any meaning if the output format 234 is not text. 235 </p></dd> 236<dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt> 237<dd><p> 238 Check if a SRV record refers to a CNAME. 239 Possible modes are <span><strong class="command">"fail"</strong></span>, 240 <span><strong class="command">"warn"</strong></span> (default) and 241 <span><strong class="command">"ignore"</strong></span>. 242 </p></dd> 243<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> 244<dd><p> 245 Chroot to <code class="filename">directory</code> so that 246 include 247 directives in the configuration file are processed as if 248 run by a similarly chrooted named. 249 </p></dd> 250<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt> 251<dd><p> 252 Check if Sender Policy Framework (SPF) records exist 253 and issues a warning if an SPF-formatted TXT record is 254 not also present. Possible modes are <span><strong class="command">"warn"</strong></span> 255 (default), <span><strong class="command">"ignore"</strong></span>. 256 </p></dd> 257<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt> 258<dd><p> 259 chdir to <code class="filename">directory</code> so that 260 relative 261 filenames in master file $INCLUDE directives work. This 262 is similar to the directory clause in 263 <code class="filename">named.conf</code>. 264 </p></dd> 265<dt><span class="term">-D</span></dt> 266<dd><p> 267 Dump zone file in canonical format. 268 This is always enabled for <span><strong class="command">named-compilezone</strong></span>. 269 </p></dd> 270<dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt> 271<dd><p> 272 Specify whether to check for non-terminal wildcards. 273 Non-terminal wildcards are almost always the result of a 274 failure to understand the wildcard matching algorithm (RFC 1034). 275 Possible modes are <span><strong class="command">"warn"</strong></span> (default) 276 and 277 <span><strong class="command">"ignore"</strong></span>. 278 </p></dd> 279<dt><span class="term">zonename</span></dt> 280<dd><p> 281 The domain name of the zone being checked. 282 </p></dd> 283<dt><span class="term">filename</span></dt> 284<dd><p> 285 The name of the zone file. 286 </p></dd> 287</dl></div> 288</div> 289<div class="refsect1" lang="en"> 290<a name="id2544710"></a><h2>RETURN VALUES</h2> 291<p><span><strong class="command">named-checkzone</strong></span> 292 returns an exit status of 1 if 293 errors were detected and 0 otherwise. 294 </p> 295</div> 296<div class="refsect1" lang="en"> 297<a name="id2544722"></a><h2>SEE ALSO</h2> 298<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, 299 <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, 300 <em class="citetitle">RFC 1035</em>, 301 <em class="citetitle">BIND 9 Administrator Reference Manual</em>. 302 </p> 303</div> 304<div class="refsect1" lang="en"> 305<a name="id2544755"></a><h2>AUTHOR</h2> 306<p><span class="corpauthor">Internet Systems Consortium</span> 307 </p> 308</div> 309</div></body> 310</html> 311