1<!-- 2 - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") 3 - Copyright (C) 2000-2003 Internet Software Consortium. 4 - 5 - Permission to use, copy, modify, and/or distribute this software for any 6 - purpose with or without fee is hereby granted, provided that the above 7 - copyright notice and this permission notice appear in all copies. 8 - 9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 - PERFORMANCE OF THIS SOFTWARE. 16--> 17<!-- $Id: man.named-checkzone.html,v 1.5 2015/09/03 07:33:34 christos Exp $ --> 18<html> 19<head> 20<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 21<title>named-checkzone</title> 22<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 23<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> 24<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages"> 25<link rel="prev" href="man.named-checkconf.html" title="named-checkconf"> 26<link rel="next" href="man.named.html" title="named"> 27</head> 28<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> 29<div class="navheader"> 30<table width="100%" summary="Navigation header"> 31<tr><th colspan="3" align="center"><span class="application">named-checkzone</span></th></tr> 32<tr> 33<td width="20%" align="left"> 34<a accesskey="p" href="man.named-checkconf.html">Prev</a>�</td> 35<th width="60%" align="center">Manual pages</th> 36<td width="20%" align="right">�<a accesskey="n" href="man.named.html">Next</a> 37</td> 38</tr> 39</table> 40<hr> 41</div> 42<div class="refentry" lang="en"> 43<a name="man.named-checkzone"></a><div class="titlepage"></div> 44<div class="refnamediv"> 45<h2>Name</h2> 46<p><span class="application">named-checkzone</span>, <span class="application">named-compilezone</span> — zone file validity checking or converting tool</p> 47</div> 48<div class="refsynopsisdiv"> 49<h2>Synopsis</h2> 50<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div> 51<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> 52</div> 53<div class="refsect1" lang="en"> 54<a name="id2676017"></a><h2>DESCRIPTION</h2> 55<p><span><strong class="command">named-checkzone</strong></span> 56 checks the syntax and integrity of a zone file. It performs the 57 same checks as <span><strong class="command">named</strong></span> does when loading a 58 zone. This makes <span><strong class="command">named-checkzone</strong></span> useful for 59 checking zone files before configuring them into a name server. 60 </p> 61<p> 62 <span><strong class="command">named-compilezone</strong></span> is similar to 63 <span><strong class="command">named-checkzone</strong></span>, but it always dumps the 64 zone contents to a specified file in a specified format. 65 Additionally, it applies stricter check levels by default, 66 since the dump output will be used as an actual zone file 67 loaded by <span><strong class="command">named</strong></span>. 68 When manually specified otherwise, the check levels must at 69 least be as strict as those specified in the 70 <span><strong class="command">named</strong></span> configuration file. 71 </p> 72</div> 73<div class="refsect1" lang="en"> 74<a name="id2676067"></a><h2>OPTIONS</h2> 75<div class="variablelist"><dl> 76<dt><span class="term">-d</span></dt> 77<dd><p> 78 Enable debugging. 79 </p></dd> 80<dt><span class="term">-h</span></dt> 81<dd><p> 82 Print the usage summary and exit. 83 </p></dd> 84<dt><span class="term">-q</span></dt> 85<dd><p> 86 Quiet mode - exit code only. 87 </p></dd> 88<dt><span class="term">-v</span></dt> 89<dd><p> 90 Print the version of the <span><strong class="command">named-checkzone</strong></span> 91 program and exit. 92 </p></dd> 93<dt><span class="term">-j</span></dt> 94<dd><p> 95 When loading a zone file, read the journal if it exists. 96 The journal file name is assumed to be the zone file name 97 appended with the string <code class="filename">.jnl</code>. 98 </p></dd> 99<dt><span class="term">-J <em class="replaceable"><code>filename</code></em></span></dt> 100<dd><p> 101 When loading the zone file read the journal from the given 102 file, if it exists. (Implies -j.) 103 </p></dd> 104<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt> 105<dd><p> 106 Specify the class of the zone. If not specified, "IN" is assumed. 107 </p></dd> 108<dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt> 109<dd> 110<p> 111 Perform post-load zone integrity checks. Possible modes are 112 <span><strong class="command">"full"</strong></span> (default), 113 <span><strong class="command">"full-sibling"</strong></span>, 114 <span><strong class="command">"local"</strong></span>, 115 <span><strong class="command">"local-sibling"</strong></span> and 116 <span><strong class="command">"none"</strong></span>. 117 </p> 118<p> 119 Mode <span><strong class="command">"full"</strong></span> checks that MX records 120 refer to A or AAAA record (both in-zone and out-of-zone 121 hostnames). Mode <span><strong class="command">"local"</strong></span> only 122 checks MX records which refer to in-zone hostnames. 123 </p> 124<p> 125 Mode <span><strong class="command">"full"</strong></span> checks that SRV records 126 refer to A or AAAA record (both in-zone and out-of-zone 127 hostnames). Mode <span><strong class="command">"local"</strong></span> only 128 checks SRV records which refer to in-zone hostnames. 129 </p> 130<p> 131 Mode <span><strong class="command">"full"</strong></span> checks that delegation NS 132 records refer to A or AAAA record (both in-zone and out-of-zone 133 hostnames). It also checks that glue address records 134 in the zone match those advertised by the child. 135 Mode <span><strong class="command">"local"</strong></span> only checks NS records which 136 refer to in-zone hostnames or that some required glue exists, 137 that is when the nameserver is in a child zone. 138 </p> 139<p> 140 Mode <span><strong class="command">"full-sibling"</strong></span> and 141 <span><strong class="command">"local-sibling"</strong></span> disable sibling glue 142 checks but are otherwise the same as <span><strong class="command">"full"</strong></span> 143 and <span><strong class="command">"local"</strong></span> respectively. 144 </p> 145<p> 146 Mode <span><strong class="command">"none"</strong></span> disables the checks. 147 </p> 148</dd> 149<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt> 150<dd><p> 151 Specify the format of the zone file. 152 Possible formats are <span><strong class="command">"text"</strong></span> (default), 153 <span><strong class="command">"raw"</strong></span>, and <span><strong class="command">"map"</strong></span>. 154 </p></dd> 155<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt> 156<dd> 157<p> 158 Specify the format of the output file specified. 159 For <span><strong class="command">named-checkzone</strong></span>, 160 this does not cause any effects unless it dumps the zone 161 contents. 162 </p> 163<p> 164 Possible formats are <span><strong class="command">"text"</strong></span> (default), 165 which is the standard textual representation of the zone, 166 and <span><strong class="command">"map"</strong></span>, <span><strong class="command">"raw"</strong></span>, 167 and <span><strong class="command">"raw=N"</strong></span>, which store the zone in a 168 binary format for rapid loading by <span><strong class="command">named</strong></span>. 169 <span><strong class="command">"raw=N"</strong></span> specifies the format version of 170 the raw zone file: if N is 0, the raw file can be read by 171 any version of <span><strong class="command">named</strong></span>; if N is 1, the file 172 can be read by release 9.9.0 or higher; the default is 1. 173 </p> 174</dd> 175<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt> 176<dd><p> 177 Perform <span><strong class="command">"check-names"</strong></span> checks with the 178 specified failure mode. 179 Possible modes are <span><strong class="command">"fail"</strong></span> 180 (default for <span><strong class="command">named-compilezone</strong></span>), 181 <span><strong class="command">"warn"</strong></span> 182 (default for <span><strong class="command">named-checkzone</strong></span>) and 183 <span><strong class="command">"ignore"</strong></span>. 184 </p></dd> 185<dt><span class="term">-l <em class="replaceable"><code>ttl</code></em></span></dt> 186<dd><p> 187 Sets a maximum permissible TTL for the input file. 188 Any record with a TTL higher than this value will cause 189 the zone to be rejected. This is similar to using the 190 <span><strong class="command">max-zone-ttl</strong></span> option in 191 <code class="filename">named.conf</code>. 192 </p></dd> 193<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt> 194<dd><p> 195 When compiling a zone to "raw" or "map" format, set the 196 "source serial" value in the header to the specified serial 197 number. (This is expected to be used primarily for testing 198 purposes.) 199 </p></dd> 200<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt> 201<dd><p> 202 Specify whether MX records should be checked to see if they 203 are addresses. Possible modes are <span><strong class="command">"fail"</strong></span>, 204 <span><strong class="command">"warn"</strong></span> (default) and 205 <span><strong class="command">"ignore"</strong></span>. 206 </p></dd> 207<dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt> 208<dd><p> 209 Check if a MX record refers to a CNAME. 210 Possible modes are <span><strong class="command">"fail"</strong></span>, 211 <span><strong class="command">"warn"</strong></span> (default) and 212 <span><strong class="command">"ignore"</strong></span>. 213 </p></dd> 214<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt> 215<dd><p> 216 Specify whether NS records should be checked to see if they 217 are addresses. 218 Possible modes are <span><strong class="command">"fail"</strong></span> 219 (default for <span><strong class="command">named-compilezone</strong></span>), 220 <span><strong class="command">"warn"</strong></span> 221 (default for <span><strong class="command">named-checkzone</strong></span>) and 222 <span><strong class="command">"ignore"</strong></span>. 223 </p></dd> 224<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt> 225<dd><p> 226 Write zone output to <code class="filename">filename</code>. 227 If <code class="filename">filename</code> is <code class="filename">-</code> then 228 write to standard out. 229 This is mandatory for <span><strong class="command">named-compilezone</strong></span>. 230 </p></dd> 231<dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt> 232<dd><p> 233 Check for records that are treated as different by DNSSEC but 234 are semantically equal in plain DNS. 235 Possible modes are <span><strong class="command">"fail"</strong></span>, 236 <span><strong class="command">"warn"</strong></span> (default) and 237 <span><strong class="command">"ignore"</strong></span>. 238 </p></dd> 239<dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt> 240<dd><p> 241 Specify the style of the dumped zone file. 242 Possible styles are <span><strong class="command">"full"</strong></span> (default) 243 and <span><strong class="command">"relative"</strong></span>. 244 The full format is most suitable for processing 245 automatically by a separate script. 246 On the other hand, the relative format is more 247 human-readable and is thus suitable for editing by hand. 248 For <span><strong class="command">named-checkzone</strong></span> 249 this does not cause any effects unless it dumps the zone 250 contents. 251 It also does not have any meaning if the output format 252 is not text. 253 </p></dd> 254<dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt> 255<dd><p> 256 Check if a SRV record refers to a CNAME. 257 Possible modes are <span><strong class="command">"fail"</strong></span>, 258 <span><strong class="command">"warn"</strong></span> (default) and 259 <span><strong class="command">"ignore"</strong></span>. 260 </p></dd> 261<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> 262<dd><p> 263 Chroot to <code class="filename">directory</code> so that 264 include 265 directives in the configuration file are processed as if 266 run by a similarly chrooted named. 267 </p></dd> 268<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt> 269<dd><p> 270 Check if Sender Policy Framework (SPF) records exist 271 and issues a warning if an SPF-formatted TXT record is 272 not also present. Possible modes are <span><strong class="command">"warn"</strong></span> 273 (default), <span><strong class="command">"ignore"</strong></span>. 274 </p></dd> 275<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt> 276<dd><p> 277 chdir to <code class="filename">directory</code> so that 278 relative 279 filenames in master file $INCLUDE directives work. This 280 is similar to the directory clause in 281 <code class="filename">named.conf</code>. 282 </p></dd> 283<dt><span class="term">-D</span></dt> 284<dd><p> 285 Dump zone file in canonical format. 286 This is always enabled for <span><strong class="command">named-compilezone</strong></span>. 287 </p></dd> 288<dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt> 289<dd><p> 290 Specify whether to check for non-terminal wildcards. 291 Non-terminal wildcards are almost always the result of a 292 failure to understand the wildcard matching algorithm (RFC 1034). 293 Possible modes are <span><strong class="command">"warn"</strong></span> (default) 294 and 295 <span><strong class="command">"ignore"</strong></span>. 296 </p></dd> 297<dt><span class="term">zonename</span></dt> 298<dd><p> 299 The domain name of the zone being checked. 300 </p></dd> 301<dt><span class="term">filename</span></dt> 302<dd><p> 303 The name of the zone file. 304 </p></dd> 305</dl></div> 306</div> 307<div class="refsect1" lang="en"> 308<a name="id2677036"></a><h2>RETURN VALUES</h2> 309<p><span><strong class="command">named-checkzone</strong></span> 310 returns an exit status of 1 if 311 errors were detected and 0 otherwise. 312 </p> 313</div> 314<div class="refsect1" lang="en"> 315<a name="id2677050"></a><h2>SEE ALSO</h2> 316<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, 317 <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, 318 <em class="citetitle">RFC 1035</em>, 319 <em class="citetitle">BIND 9 Administrator Reference Manual</em>. 320 </p> 321</div> 322<div class="refsect1" lang="en"> 323<a name="id2677083"></a><h2>AUTHOR</h2> 324<p><span class="corpauthor">Internet Systems Consortium</span> 325 </p> 326</div> 327</div> 328<div class="navfooter"> 329<hr> 330<table width="100%" summary="Navigation footer"> 331<tr> 332<td width="40%" align="left"> 333<a accesskey="p" href="man.named-checkconf.html">Prev</a>�</td> 334<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td> 335<td width="40%" align="right">�<a accesskey="n" href="man.named.html">Next</a> 336</td> 337</tr> 338<tr> 339<td width="40%" align="left" valign="top"> 340<span class="application">named-checkconf</span>�</td> 341<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td> 342<td width="40%" align="right" valign="top">�<span class="application">named</span> 343</td> 344</tr> 345</table> 346</div> 347<p style="text-align: center;">BIND 9.10.2-P4</p> 348</body> 349</html> 350