.\" $NetBSD: named-checkzone.8,v 1.3 2019/02/24 20:01:26 christos Exp $ .\" .\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC") .\" .\" This Source Code Form is subject to the terms of the Mozilla Public .\" License, v. 2.0. If a copy of the MPL was not distributed with this .\" file, You can obtain one at http://mozilla.org/MPL/2.0/. .\" .hy 0 .ad l '\" t .\" Title: named-checkzone .\" Author: .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 2014-02-19 .\" Manual: BIND9 .\" Source: ISC .\" Language: English .\" .TH "NAMED\-CHECKZONE" "8" "2014\-02\-19" "ISC" "BIND9" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" named-checkzone, named-compilezone \- zone file validity checking or converting tool .SH "SYNOPSIS" .HP \w'\fBnamed\-checkzone\fR\ 'u \fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} .HP \w'\fBnamed\-compilezone\fR\ 'u \fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} .SH "DESCRIPTION" .PP \fBnamed\-checkzone\fR checks the syntax and integrity of a zone file\&. It performs the same checks as \fBnamed\fR does when loading a zone\&. This makes \fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server\&. .PP \fBnamed\-compilezone\fR is similar to \fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format\&. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by \fBnamed\fR\&. When manually specified otherwise, the check levels must at least be as strict as those specified in the \fBnamed\fR configuration file\&. .SH "OPTIONS" .PP \-d .RS 4 Enable debugging\&. .RE .PP \-h .RS 4 Print the usage summary and exit\&. .RE .PP \-q .RS 4 Quiet mode \- exit code only\&. .RE .PP \-v .RS 4 Print the version of the \fBnamed\-checkzone\fR program and exit\&. .RE .PP \-j .RS 4 When loading a zone file, read the journal if it exists\&. The journal file name is assumed to be the zone file name appended with the string \&.jnl\&. .RE .PP \-J \fIfilename\fR .RS 4 When loading the zone file read the journal from the given file, if it exists\&. (Implies \-j\&.) .RE .PP \-c \fIclass\fR .RS 4 Specify the class of the zone\&. If not specified, "IN" is assumed\&. .RE .PP \-i \fImode\fR .RS 4 Perform post\-load zone integrity checks\&. Possible modes are \fB"full"\fR (default), \fB"full\-sibling"\fR, \fB"local"\fR, \fB"local\-sibling"\fR and \fB"none"\fR\&. .sp Mode \fB"full"\fR checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode \fB"local"\fR only checks MX records which refer to in\-zone hostnames\&. .sp Mode \fB"full"\fR checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode \fB"local"\fR only checks SRV records which refer to in\-zone hostnames\&. .sp Mode \fB"full"\fR checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. It also checks that glue address records in the zone match those advertised by the child\&. Mode \fB"local"\fR only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone\&. .sp Mode \fB"full\-sibling"\fR and \fB"local\-sibling"\fR disable sibling glue checks but are otherwise the same as \fB"full"\fR and \fB"local"\fR respectively\&. .sp Mode \fB"none"\fR disables the checks\&. .RE .PP \-f \fIformat\fR .RS 4 Specify the format of the zone file\&. Possible formats are \fB"text"\fR (default), \fB"raw"\fR, and \fB"map"\fR\&. .RE .PP \-F \fIformat\fR .RS 4 Specify the format of the output file specified\&. For \fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents\&. .sp Possible formats are \fB"text"\fR (default), which is the standard textual representation of the zone, and \fB"map"\fR, \fB"raw"\fR, and \fB"raw=N"\fR, which store the zone in a binary format for rapid loading by \fBnamed\fR\&. \fB"raw=N"\fR specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of \fBnamed\fR; if N is 1, the file can be read by release 9\&.9\&.0 or higher; the default is 1\&. .RE .PP \-k \fImode\fR .RS 4 Perform \fB"check\-names"\fR checks with the specified failure mode\&. Possible modes are \fB"fail"\fR (default for \fBnamed\-compilezone\fR), \fB"warn"\fR (default for \fBnamed\-checkzone\fR) and \fB"ignore"\fR\&. .RE .PP \-l \fIttl\fR .RS 4 Sets a maximum permissible TTL for the input file\&. Any record with a TTL higher than this value will cause the zone to be rejected\&. This is similar to using the \fBmax\-zone\-ttl\fR option in named\&.conf\&. .RE .PP \-L \fIserial\fR .RS 4 When compiling a zone to "raw" or "map" format, set the "source serial" value in the header to the specified serial number\&. (This is expected to be used primarily for testing purposes\&.) .RE .PP \-m \fImode\fR .RS 4 Specify whether MX records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&. .RE .PP \-M \fImode\fR .RS 4 Check if a MX record refers to a CNAME\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&. .RE .PP \-n \fImode\fR .RS 4 Specify whether NS records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR (default for \fBnamed\-compilezone\fR), \fB"warn"\fR (default for \fBnamed\-checkzone\fR) and \fB"ignore"\fR\&. .RE .PP \-o \fIfilename\fR .RS 4 Write zone output to filename\&. If filename is \- then write to standard out\&. This is mandatory for \fBnamed\-compilezone\fR\&. .RE .PP \-r \fImode\fR .RS 4 Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&. .RE .PP \-s \fIstyle\fR .RS 4 Specify the style of the dumped zone file\&. Possible styles are \fB"full"\fR (default) and \fB"relative"\fR\&. The full format is most suitable for processing automatically by a separate script\&. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand\&. For \fBnamed\-checkzone\fR this does not cause any effects unless it dumps the zone contents\&. It also does not have any meaning if the output format is not text\&. .RE .PP \-S \fImode\fR .RS 4 Check if a SRV record refers to a CNAME\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&. .RE .PP \-t \fIdirectory\fR .RS 4 Chroot to directory so that include directives in the configuration file are processed as if run by a similarly chrooted \fBnamed\fR\&. .RE .PP \-T \fImode\fR .RS 4 Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present\&. Possible modes are \fB"warn"\fR (default), \fB"ignore"\fR\&. .RE .PP \-w \fIdirectory\fR .RS 4 chdir to directory so that relative filenames in master file $INCLUDE directives work\&. This is similar to the directory clause in named\&.conf\&. .RE .PP \-D .RS 4 Dump zone file in canonical format\&. This is always enabled for \fBnamed\-compilezone\fR\&. .RE .PP \-W \fImode\fR .RS 4 Specify whether to check for non\-terminal wildcards\&. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034)\&. Possible modes are \fB"warn"\fR (default) and \fB"ignore"\fR\&. .RE .PP zonename .RS 4 The domain name of the zone being checked\&. .RE .PP filename .RS 4 The name of the zone file\&. .RE .SH "RETURN VALUES" .PP \fBnamed\-checkzone\fR returns an exit status of 1 if errors were detected and 0 otherwise\&. .SH "SEE ALSO" .PP \fBnamed\fR(8), \fBnamed-checkconf\fR(8), RFC 1035, BIND 9 Administrator Reference Manual\&. .SH "AUTHOR" .PP \fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" .br Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC") .br