1<!--
2 - Copyright (C) 2004-2007, 2009-2011, 2013-2015  Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2000-2002  Internet Software Consortium.
4 -
5 - Permission to use, copy, modify, and/or distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
8 -
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
16-->
17
18<!-- Converted by db4-upgrade version 1.0 -->
19<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkzone">
20  <info>
21    <date>2013-04-29</date>
22  </info>
23  <refentryinfo>
24    <corpname>ISC</corpname>
25    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
26  </refentryinfo>
27
28  <refmeta>
29    <refentrytitle><application>named-checkzone</application></refentrytitle>
30    <manvolnum>8</manvolnum>
31    <refmiscinfo>BIND9</refmiscinfo>
32  </refmeta>
33
34  <docinfo>
35    <copyright>
36      <year>2004</year>
37      <year>2005</year>
38      <year>2006</year>
39      <year>2007</year>
40      <year>2009</year>
41      <year>2010</year>
42      <year>2011</year>
43      <year>2013</year>
44      <year>2014</year>
45      <year>2015</year>
46      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
47    </copyright>
48    <copyright>
49      <year>2000</year>
50      <year>2001</year>
51      <year>2002</year>
52      <holder>Internet Software Consortium.</holder>
53    </copyright>
54  </docinfo>
55
56  <refnamediv>
57    <refname><application>named-checkzone</application></refname>
58    <refname><application>named-compilezone</application></refname>
59    <refpurpose>zone file validity checking or converting tool</refpurpose>
60  </refnamediv>
61
62  <refsynopsisdiv>
63    <cmdsynopsis sepchar=" ">
64      <command>named-checkzone</command>
65      <arg choice="opt" rep="norepeat"><option>-d</option></arg>
66      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
67      <arg choice="opt" rep="norepeat"><option>-j</option></arg>
68      <arg choice="opt" rep="norepeat"><option>-q</option></arg>
69      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
70      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
71      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">format</replaceable></option></arg>
72      <arg choice="opt" rep="norepeat"><option>-F <replaceable class="parameter">format</replaceable></option></arg>
73      <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
74      <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
75      <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
76      <arg choice="opt" rep="norepeat"><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
77      <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
78      <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
79      <arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
80      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
81      <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">style</replaceable></option></arg>
82      <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
83      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
84      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
85      <arg choice="opt" rep="norepeat"><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
86      <arg choice="opt" rep="norepeat"><option>-D</option></arg>
87      <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
88      <arg choice="req" rep="norepeat">zonename</arg>
89      <arg choice="req" rep="norepeat">filename</arg>
90    </cmdsynopsis>
91    <cmdsynopsis sepchar=" ">
92      <command>named-compilezone</command>
93      <arg choice="opt" rep="norepeat"><option>-d</option></arg>
94      <arg choice="opt" rep="norepeat"><option>-j</option></arg>
95      <arg choice="opt" rep="norepeat"><option>-q</option></arg>
96      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
97      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
98      <arg choice="opt" rep="norepeat"><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
99      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">format</replaceable></option></arg>
100      <arg choice="opt" rep="norepeat"><option>-F <replaceable class="parameter">format</replaceable></option></arg>
101      <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
102      <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
103      <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
104      <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
105      <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
106      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
107      <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">style</replaceable></option></arg>
108      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
109      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
110      <arg choice="opt" rep="norepeat"><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
111      <arg choice="opt" rep="norepeat"><option>-D</option></arg>
112      <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
113      <arg choice="req" rep="norepeat"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
114      <arg choice="req" rep="norepeat">zonename</arg>
115      <arg choice="req" rep="norepeat">filename</arg>
116    </cmdsynopsis>
117  </refsynopsisdiv>
118
119  <refsection><info><title>DESCRIPTION</title></info>
120
121    <para><command>named-checkzone</command>
122      checks the syntax and integrity of a zone file.  It performs the
123      same checks as <command>named</command> does when loading a
124      zone.  This makes <command>named-checkzone</command> useful for
125      checking zone files before configuring them into a name server.
126    </para>
127    <para>
128        <command>named-compilezone</command> is similar to
129	<command>named-checkzone</command>, but it always dumps the
130        zone contents to a specified file in a specified format.
131	Additionally, it applies stricter check levels by default,
132        since the dump output will be used as an actual zone file
133	loaded by <command>named</command>.
134	When manually specified otherwise, the check levels must at
135        least be as strict as those specified in the
136	<command>named</command> configuration file.
137     </para>
138  </refsection>
139
140  <refsection><info><title>OPTIONS</title></info>
141
142
143    <variablelist>
144      <varlistentry>
145        <term>-d</term>
146        <listitem>
147          <para>
148            Enable debugging.
149          </para>
150        </listitem>
151      </varlistentry>
152
153      <varlistentry>
154        <term>-h</term>
155        <listitem>
156          <para>
157            Print the usage summary and exit.
158          </para>
159        </listitem>
160      </varlistentry>
161
162      <varlistentry>
163        <term>-q</term>
164        <listitem>
165          <para>
166            Quiet mode - exit code only.
167          </para>
168        </listitem>
169      </varlistentry>
170
171      <varlistentry>
172        <term>-v</term>
173        <listitem>
174          <para>
175            Print the version of the <command>named-checkzone</command>
176            program and exit.
177          </para>
178        </listitem>
179      </varlistentry>
180
181      <varlistentry>
182        <term>-j</term>
183        <listitem>
184          <para>
185            When loading the zone file read the journal if it exists.
186          </para>
187        </listitem>
188      </varlistentry>
189
190      <varlistentry>
191        <term>-c <replaceable class="parameter">class</replaceable></term>
192        <listitem>
193          <para>
194            Specify the class of the zone.  If not specified, "IN" is assumed.
195          </para>
196        </listitem>
197      </varlistentry>
198
199      <varlistentry>
200        <term>-i <replaceable class="parameter">mode</replaceable></term>
201	<listitem>
202	  <para>
203	      Perform post-load zone integrity checks.  Possible modes are
204	      <command>"full"</command> (default),
205	      <command>"full-sibling"</command>,
206	      <command>"local"</command>,
207	      <command>"local-sibling"</command> and
208	      <command>"none"</command>.
209	  </para>
210	  <para>
211	      Mode <command>"full"</command> checks that MX records
212	      refer to A or AAAA record (both in-zone and out-of-zone
213	      hostnames).  Mode <command>"local"</command> only
214	      checks MX records which refer to in-zone hostnames.
215	  </para>
216	  <para>
217	      Mode <command>"full"</command> checks that SRV records
218	      refer to A or AAAA record (both in-zone and out-of-zone
219	      hostnames).  Mode <command>"local"</command> only
220	      checks SRV records which refer to in-zone hostnames.
221	  </para>
222	  <para>
223	      Mode <command>"full"</command> checks that delegation NS
224	      records refer to A or AAAA record (both in-zone and out-of-zone
225	      hostnames).  It also checks that glue address records
226	      in the zone match those advertised by the child.
227	      Mode <command>"local"</command> only checks NS records which
228	      refer to in-zone hostnames or that some required glue exists,
229	      that is when the nameserver is in a child zone.
230	  </para>
231	  <para>
232	      Mode <command>"full-sibling"</command> and
233	      <command>"local-sibling"</command> disable sibling glue
234	      checks but are otherwise the same as <command>"full"</command>
235	      and <command>"local"</command> respectively.
236	  </para>
237	  <para>
238	      Mode <command>"none"</command> disables the checks.
239	  </para>
240	</listitem>
241      </varlistentry>
242
243      <varlistentry>
244	<term>-f <replaceable class="parameter">format</replaceable></term>
245	<listitem>
246	  <para>
247	    Specify the format of the zone file.
248	    Possible formats are <command>"text"</command> (default)
249	    and <command>"raw"</command>.
250	  </para>
251	</listitem>
252      </varlistentry>
253
254      <varlistentry>
255	<term>-F <replaceable class="parameter">format</replaceable></term>
256	<listitem>
257	  <para>
258	    Specify the format of the output file specified.
259	    For <command>named-checkzone</command>,
260	    this does not cause any effects unless it dumps the zone
261	    contents.
262	  </para>
263	  <para>
264	    Possible formats are <command>"text"</command> (default)
265	    and <command>"raw"</command> or <command>"raw=N"</command>,
266            which store the zone in a binary format for rapid loading
267            by <command>named</command>.  <command>"raw=N"</command>
268            specifies the format version of the raw zone file: if N
269            is 0, the raw file can be read by any version of
270            <command>named</command>; if N is 1, the file can be read
271            by release 9.9.0 or higher.  The default is 1.
272	  </para>
273	</listitem>
274      </varlistentry>
275
276      <varlistentry>
277        <term>-k <replaceable class="parameter">mode</replaceable></term>
278        <listitem>
279          <para>
280            Perform <command>"check-names"</command> checks with the
281	    specified failure mode.
282            Possible modes are <command>"fail"</command>
283	    (default for <command>named-compilezone</command>),
284            <command>"warn"</command>
285	    (default for <command>named-checkzone</command>) and
286            <command>"ignore"</command>.
287          </para>
288        </listitem>
289      </varlistentry>
290
291      <varlistentry>
292        <term>-L <replaceable class="parameter">serial</replaceable></term>
293        <listitem>
294          <para>
295            When compiling a zone to 'raw' format, set the "source serial"
296            value in the header to the specified serial number.  (This is
297            expected to be used primarily for testing purposes.)
298          </para>
299        </listitem>
300      </varlistentry>
301
302      <varlistentry>
303        <term>-m <replaceable class="parameter">mode</replaceable></term>
304        <listitem>
305          <para>
306            Specify whether MX records should be checked to see if they
307            are addresses.  Possible modes are <command>"fail"</command>,
308            <command>"warn"</command> (default) and
309            <command>"ignore"</command>.
310          </para>
311        </listitem>
312      </varlistentry>
313
314      <varlistentry>
315	<term>-M <replaceable class="parameter">mode</replaceable></term>
316        <listitem>
317	  <para>
318	    Check if a MX record refers to a CNAME.
319            Possible modes are <command>"fail"</command>,
320            <command>"warn"</command> (default) and
321            <command>"ignore"</command>.
322	  </para>
323        </listitem>
324      </varlistentry>
325
326      <varlistentry>
327        <term>-n <replaceable class="parameter">mode</replaceable></term>
328        <listitem>
329          <para>
330            Specify whether NS records should be checked to see if they
331            are addresses.
332	    Possible modes are <command>"fail"</command>
333	    (default for <command>named-compilezone</command>),
334            <command>"warn"</command>
335	    (default for <command>named-checkzone</command>) and
336            <command>"ignore"</command>.
337          </para>
338        </listitem>
339      </varlistentry>
340
341      <varlistentry>
342        <term>-o <replaceable class="parameter">filename</replaceable></term>
343        <listitem>
344          <para>
345            Write zone output to <filename>filename</filename>.
346	    If <filename>filename</filename> is <filename>-</filename> then
347	    write to standard out.
348	    This is mandatory for <command>named-compilezone</command>.
349          </para>
350        </listitem>
351      </varlistentry>
352
353      <varlistentry>
354	<term>-r <replaceable class="parameter">mode</replaceable></term>
355        <listitem>
356	  <para>
357            Check for records that are treated as different by DNSSEC but
358	    are semantically equal in plain DNS.
359            Possible modes are <command>"fail"</command>,
360            <command>"warn"</command> (default) and
361            <command>"ignore"</command>.
362	  </para>
363        </listitem>
364      </varlistentry>
365
366      <varlistentry>
367	<term>-s <replaceable class="parameter">style</replaceable></term>
368	<listitem>
369	  <para>
370	    Specify the style of the dumped zone file.
371	    Possible styles are <command>"full"</command> (default)
372	    and <command>"relative"</command>.
373	    The full format is most suitable for processing
374	    automatically by a separate script.
375	    On the other hand, the relative format is more
376	    human-readable and is thus suitable for editing by hand.
377	    For <command>named-checkzone</command>
378	    this does not cause any effects unless it dumps the zone
379	    contents.
380	    It also does not have any meaning if the output format
381	    is not text.
382	  </para>
383	</listitem>
384      </varlistentry>
385
386      <varlistentry>
387	<term>-S <replaceable class="parameter">mode</replaceable></term>
388        <listitem>
389	  <para>
390	    Check if a SRV record refers to a CNAME.
391            Possible modes are <command>"fail"</command>,
392            <command>"warn"</command> (default) and
393            <command>"ignore"</command>.
394	  </para>
395        </listitem>
396      </varlistentry>
397
398      <varlistentry>
399        <term>-t <replaceable class="parameter">directory</replaceable></term>
400        <listitem>
401          <para>
402            Chroot to <filename>directory</filename> so that
403            include
404            directives in the configuration file are processed as if
405            run by a similarly chrooted named.
406          </para>
407        </listitem>
408      </varlistentry>
409
410      <varlistentry>
411	<term>-T <replaceable class="parameter">mode</replaceable></term>
412	<listitem>
413	  <para>
414	    Check if Sender Policy Framework (SPF) records exist
415	    and issues a warning if an SPF-formatted TXT record is
416	    not also present.  Possible modes are <command>"warn"</command>
417	    (default), <command>"ignore"</command>.
418	  </para>
419	</listitem>
420      </varlistentry>
421
422      <varlistentry>
423        <term>-w <replaceable class="parameter">directory</replaceable></term>
424        <listitem>
425          <para>
426            chdir to <filename>directory</filename> so that
427            relative
428            filenames in master file $INCLUDE directives work.  This
429            is similar to the directory clause in
430            <filename>named.conf</filename>.
431          </para>
432        </listitem>
433      </varlistentry>
434
435      <varlistentry>
436        <term>-D</term>
437        <listitem>
438          <para>
439            Dump zone file in canonical format.
440	    This is always enabled for <command>named-compilezone</command>.
441          </para>
442        </listitem>
443      </varlistentry>
444
445      <varlistentry>
446        <term>-W <replaceable class="parameter">mode</replaceable></term>
447        <listitem>
448          <para>
449            Specify whether to check for non-terminal wildcards.
450            Non-terminal wildcards are almost always the result of a
451            failure to understand the wildcard matching algorithm (RFC 1034).
452            Possible modes are <command>"warn"</command> (default)
453            and
454            <command>"ignore"</command>.
455          </para>
456        </listitem>
457      </varlistentry>
458
459      <varlistentry>
460        <term>zonename</term>
461        <listitem>
462          <para>
463            The domain name of the zone being checked.
464          </para>
465        </listitem>
466      </varlistentry>
467
468      <varlistentry>
469        <term>filename</term>
470        <listitem>
471          <para>
472            The name of the zone file.
473          </para>
474        </listitem>
475      </varlistentry>
476
477    </variablelist>
478
479  </refsection>
480
481  <refsection><info><title>RETURN VALUES</title></info>
482
483    <para><command>named-checkzone</command>
484      returns an exit status of 1 if
485      errors were detected and 0 otherwise.
486    </para>
487  </refsection>
488
489  <refsection><info><title>SEE ALSO</title></info>
490
491    <para><citerefentry>
492        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
493      </citerefentry>,
494      <citerefentry>
495        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
496      </citerefentry>,
497      <citetitle>RFC 1035</citetitle>,
498      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
499    </para>
500  </refsection>
501
502</refentry>
503