1<!-- 2 - Copyright (C) 2004-2007, 2009-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") 3 - Copyright (C) 2000-2002 Internet Software Consortium. 4 - 5 - Permission to use, copy, modify, and/or distribute this software for any 6 - purpose with or without fee is hereby granted, provided that the above 7 - copyright notice and this permission notice appear in all copies. 8 - 9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 - PERFORMANCE OF THIS SOFTWARE. 16--> 17 18<!-- Converted by db4-upgrade version 1.0 --> 19<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkzone"> 20 <info> 21 <date>2013-04-29</date> 22 </info> 23 <refentryinfo> 24 <corpname>ISC</corpname> 25 <corpauthor>Internet Systems Consortium, Inc.</corpauthor> 26 </refentryinfo> 27 28 <refmeta> 29 <refentrytitle><application>named-checkzone</application></refentrytitle> 30 <manvolnum>8</manvolnum> 31 <refmiscinfo>BIND9</refmiscinfo> 32 </refmeta> 33 34 <docinfo> 35 <copyright> 36 <year>2004</year> 37 <year>2005</year> 38 <year>2006</year> 39 <year>2007</year> 40 <year>2009</year> 41 <year>2010</year> 42 <year>2011</year> 43 <year>2013</year> 44 <year>2014</year> 45 <year>2015</year> 46 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 47 </copyright> 48 <copyright> 49 <year>2000</year> 50 <year>2001</year> 51 <year>2002</year> 52 <holder>Internet Software Consortium.</holder> 53 </copyright> 54 </docinfo> 55 56 <refnamediv> 57 <refname><application>named-checkzone</application></refname> 58 <refname><application>named-compilezone</application></refname> 59 <refpurpose>zone file validity checking or converting tool</refpurpose> 60 </refnamediv> 61 62 <refsynopsisdiv> 63 <cmdsynopsis sepchar=" "> 64 <command>named-checkzone</command> 65 <arg choice="opt" rep="norepeat"><option>-d</option></arg> 66 <arg choice="opt" rep="norepeat"><option>-h</option></arg> 67 <arg choice="opt" rep="norepeat"><option>-j</option></arg> 68 <arg choice="opt" rep="norepeat"><option>-q</option></arg> 69 <arg choice="opt" rep="norepeat"><option>-v</option></arg> 70 <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg> 71 <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">format</replaceable></option></arg> 72 <arg choice="opt" rep="norepeat"><option>-F <replaceable class="parameter">format</replaceable></option></arg> 73 <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">mode</replaceable></option></arg> 74 <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">mode</replaceable></option></arg> 75 <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">mode</replaceable></option></arg> 76 <arg choice="opt" rep="norepeat"><option>-M <replaceable class="parameter">mode</replaceable></option></arg> 77 <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">mode</replaceable></option></arg> 78 <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg> 79 <arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">filename</replaceable></option></arg> 80 <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">mode</replaceable></option></arg> 81 <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">style</replaceable></option></arg> 82 <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">mode</replaceable></option></arg> 83 <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg> 84 <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">mode</replaceable></option></arg> 85 <arg choice="opt" rep="norepeat"><option>-w <replaceable class="parameter">directory</replaceable></option></arg> 86 <arg choice="opt" rep="norepeat"><option>-D</option></arg> 87 <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">mode</replaceable></option></arg> 88 <arg choice="req" rep="norepeat">zonename</arg> 89 <arg choice="req" rep="norepeat">filename</arg> 90 </cmdsynopsis> 91 <cmdsynopsis sepchar=" "> 92 <command>named-compilezone</command> 93 <arg choice="opt" rep="norepeat"><option>-d</option></arg> 94 <arg choice="opt" rep="norepeat"><option>-j</option></arg> 95 <arg choice="opt" rep="norepeat"><option>-q</option></arg> 96 <arg choice="opt" rep="norepeat"><option>-v</option></arg> 97 <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg> 98 <arg choice="opt" rep="norepeat"><option>-C <replaceable class="parameter">mode</replaceable></option></arg> 99 <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">format</replaceable></option></arg> 100 <arg choice="opt" rep="norepeat"><option>-F <replaceable class="parameter">format</replaceable></option></arg> 101 <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">mode</replaceable></option></arg> 102 <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">mode</replaceable></option></arg> 103 <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">mode</replaceable></option></arg> 104 <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">mode</replaceable></option></arg> 105 <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg> 106 <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">mode</replaceable></option></arg> 107 <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">style</replaceable></option></arg> 108 <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg> 109 <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">mode</replaceable></option></arg> 110 <arg choice="opt" rep="norepeat"><option>-w <replaceable class="parameter">directory</replaceable></option></arg> 111 <arg choice="opt" rep="norepeat"><option>-D</option></arg> 112 <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">mode</replaceable></option></arg> 113 <arg choice="req" rep="norepeat"><option>-o <replaceable class="parameter">filename</replaceable></option></arg> 114 <arg choice="req" rep="norepeat">zonename</arg> 115 <arg choice="req" rep="norepeat">filename</arg> 116 </cmdsynopsis> 117 </refsynopsisdiv> 118 119 <refsection><info><title>DESCRIPTION</title></info> 120 121 <para><command>named-checkzone</command> 122 checks the syntax and integrity of a zone file. It performs the 123 same checks as <command>named</command> does when loading a 124 zone. This makes <command>named-checkzone</command> useful for 125 checking zone files before configuring them into a name server. 126 </para> 127 <para> 128 <command>named-compilezone</command> is similar to 129 <command>named-checkzone</command>, but it always dumps the 130 zone contents to a specified file in a specified format. 131 Additionally, it applies stricter check levels by default, 132 since the dump output will be used as an actual zone file 133 loaded by <command>named</command>. 134 When manually specified otherwise, the check levels must at 135 least be as strict as those specified in the 136 <command>named</command> configuration file. 137 </para> 138 </refsection> 139 140 <refsection><info><title>OPTIONS</title></info> 141 142 143 <variablelist> 144 <varlistentry> 145 <term>-d</term> 146 <listitem> 147 <para> 148 Enable debugging. 149 </para> 150 </listitem> 151 </varlistentry> 152 153 <varlistentry> 154 <term>-h</term> 155 <listitem> 156 <para> 157 Print the usage summary and exit. 158 </para> 159 </listitem> 160 </varlistentry> 161 162 <varlistentry> 163 <term>-q</term> 164 <listitem> 165 <para> 166 Quiet mode - exit code only. 167 </para> 168 </listitem> 169 </varlistentry> 170 171 <varlistentry> 172 <term>-v</term> 173 <listitem> 174 <para> 175 Print the version of the <command>named-checkzone</command> 176 program and exit. 177 </para> 178 </listitem> 179 </varlistentry> 180 181 <varlistentry> 182 <term>-j</term> 183 <listitem> 184 <para> 185 When loading the zone file read the journal if it exists. 186 </para> 187 </listitem> 188 </varlistentry> 189 190 <varlistentry> 191 <term>-c <replaceable class="parameter">class</replaceable></term> 192 <listitem> 193 <para> 194 Specify the class of the zone. If not specified, "IN" is assumed. 195 </para> 196 </listitem> 197 </varlistentry> 198 199 <varlistentry> 200 <term>-i <replaceable class="parameter">mode</replaceable></term> 201 <listitem> 202 <para> 203 Perform post-load zone integrity checks. Possible modes are 204 <command>"full"</command> (default), 205 <command>"full-sibling"</command>, 206 <command>"local"</command>, 207 <command>"local-sibling"</command> and 208 <command>"none"</command>. 209 </para> 210 <para> 211 Mode <command>"full"</command> checks that MX records 212 refer to A or AAAA record (both in-zone and out-of-zone 213 hostnames). Mode <command>"local"</command> only 214 checks MX records which refer to in-zone hostnames. 215 </para> 216 <para> 217 Mode <command>"full"</command> checks that SRV records 218 refer to A or AAAA record (both in-zone and out-of-zone 219 hostnames). Mode <command>"local"</command> only 220 checks SRV records which refer to in-zone hostnames. 221 </para> 222 <para> 223 Mode <command>"full"</command> checks that delegation NS 224 records refer to A or AAAA record (both in-zone and out-of-zone 225 hostnames). It also checks that glue address records 226 in the zone match those advertised by the child. 227 Mode <command>"local"</command> only checks NS records which 228 refer to in-zone hostnames or that some required glue exists, 229 that is when the nameserver is in a child zone. 230 </para> 231 <para> 232 Mode <command>"full-sibling"</command> and 233 <command>"local-sibling"</command> disable sibling glue 234 checks but are otherwise the same as <command>"full"</command> 235 and <command>"local"</command> respectively. 236 </para> 237 <para> 238 Mode <command>"none"</command> disables the checks. 239 </para> 240 </listitem> 241 </varlistentry> 242 243 <varlistentry> 244 <term>-f <replaceable class="parameter">format</replaceable></term> 245 <listitem> 246 <para> 247 Specify the format of the zone file. 248 Possible formats are <command>"text"</command> (default) 249 and <command>"raw"</command>. 250 </para> 251 </listitem> 252 </varlistentry> 253 254 <varlistentry> 255 <term>-F <replaceable class="parameter">format</replaceable></term> 256 <listitem> 257 <para> 258 Specify the format of the output file specified. 259 For <command>named-checkzone</command>, 260 this does not cause any effects unless it dumps the zone 261 contents. 262 </para> 263 <para> 264 Possible formats are <command>"text"</command> (default) 265 and <command>"raw"</command> or <command>"raw=N"</command>, 266 which store the zone in a binary format for rapid loading 267 by <command>named</command>. <command>"raw=N"</command> 268 specifies the format version of the raw zone file: if N 269 is 0, the raw file can be read by any version of 270 <command>named</command>; if N is 1, the file can be read 271 by release 9.9.0 or higher. The default is 1. 272 </para> 273 </listitem> 274 </varlistentry> 275 276 <varlistentry> 277 <term>-k <replaceable class="parameter">mode</replaceable></term> 278 <listitem> 279 <para> 280 Perform <command>"check-names"</command> checks with the 281 specified failure mode. 282 Possible modes are <command>"fail"</command> 283 (default for <command>named-compilezone</command>), 284 <command>"warn"</command> 285 (default for <command>named-checkzone</command>) and 286 <command>"ignore"</command>. 287 </para> 288 </listitem> 289 </varlistentry> 290 291 <varlistentry> 292 <term>-L <replaceable class="parameter">serial</replaceable></term> 293 <listitem> 294 <para> 295 When compiling a zone to 'raw' format, set the "source serial" 296 value in the header to the specified serial number. (This is 297 expected to be used primarily for testing purposes.) 298 </para> 299 </listitem> 300 </varlistentry> 301 302 <varlistentry> 303 <term>-m <replaceable class="parameter">mode</replaceable></term> 304 <listitem> 305 <para> 306 Specify whether MX records should be checked to see if they 307 are addresses. Possible modes are <command>"fail"</command>, 308 <command>"warn"</command> (default) and 309 <command>"ignore"</command>. 310 </para> 311 </listitem> 312 </varlistentry> 313 314 <varlistentry> 315 <term>-M <replaceable class="parameter">mode</replaceable></term> 316 <listitem> 317 <para> 318 Check if a MX record refers to a CNAME. 319 Possible modes are <command>"fail"</command>, 320 <command>"warn"</command> (default) and 321 <command>"ignore"</command>. 322 </para> 323 </listitem> 324 </varlistentry> 325 326 <varlistentry> 327 <term>-n <replaceable class="parameter">mode</replaceable></term> 328 <listitem> 329 <para> 330 Specify whether NS records should be checked to see if they 331 are addresses. 332 Possible modes are <command>"fail"</command> 333 (default for <command>named-compilezone</command>), 334 <command>"warn"</command> 335 (default for <command>named-checkzone</command>) and 336 <command>"ignore"</command>. 337 </para> 338 </listitem> 339 </varlistentry> 340 341 <varlistentry> 342 <term>-o <replaceable class="parameter">filename</replaceable></term> 343 <listitem> 344 <para> 345 Write zone output to <filename>filename</filename>. 346 If <filename>filename</filename> is <filename>-</filename> then 347 write to standard out. 348 This is mandatory for <command>named-compilezone</command>. 349 </para> 350 </listitem> 351 </varlistentry> 352 353 <varlistentry> 354 <term>-r <replaceable class="parameter">mode</replaceable></term> 355 <listitem> 356 <para> 357 Check for records that are treated as different by DNSSEC but 358 are semantically equal in plain DNS. 359 Possible modes are <command>"fail"</command>, 360 <command>"warn"</command> (default) and 361 <command>"ignore"</command>. 362 </para> 363 </listitem> 364 </varlistentry> 365 366 <varlistentry> 367 <term>-s <replaceable class="parameter">style</replaceable></term> 368 <listitem> 369 <para> 370 Specify the style of the dumped zone file. 371 Possible styles are <command>"full"</command> (default) 372 and <command>"relative"</command>. 373 The full format is most suitable for processing 374 automatically by a separate script. 375 On the other hand, the relative format is more 376 human-readable and is thus suitable for editing by hand. 377 For <command>named-checkzone</command> 378 this does not cause any effects unless it dumps the zone 379 contents. 380 It also does not have any meaning if the output format 381 is not text. 382 </para> 383 </listitem> 384 </varlistentry> 385 386 <varlistentry> 387 <term>-S <replaceable class="parameter">mode</replaceable></term> 388 <listitem> 389 <para> 390 Check if a SRV record refers to a CNAME. 391 Possible modes are <command>"fail"</command>, 392 <command>"warn"</command> (default) and 393 <command>"ignore"</command>. 394 </para> 395 </listitem> 396 </varlistentry> 397 398 <varlistentry> 399 <term>-t <replaceable class="parameter">directory</replaceable></term> 400 <listitem> 401 <para> 402 Chroot to <filename>directory</filename> so that 403 include 404 directives in the configuration file are processed as if 405 run by a similarly chrooted named. 406 </para> 407 </listitem> 408 </varlistentry> 409 410 <varlistentry> 411 <term>-T <replaceable class="parameter">mode</replaceable></term> 412 <listitem> 413 <para> 414 Check if Sender Policy Framework (SPF) records exist 415 and issues a warning if an SPF-formatted TXT record is 416 not also present. Possible modes are <command>"warn"</command> 417 (default), <command>"ignore"</command>. 418 </para> 419 </listitem> 420 </varlistentry> 421 422 <varlistentry> 423 <term>-w <replaceable class="parameter">directory</replaceable></term> 424 <listitem> 425 <para> 426 chdir to <filename>directory</filename> so that 427 relative 428 filenames in master file $INCLUDE directives work. This 429 is similar to the directory clause in 430 <filename>named.conf</filename>. 431 </para> 432 </listitem> 433 </varlistentry> 434 435 <varlistentry> 436 <term>-D</term> 437 <listitem> 438 <para> 439 Dump zone file in canonical format. 440 This is always enabled for <command>named-compilezone</command>. 441 </para> 442 </listitem> 443 </varlistentry> 444 445 <varlistentry> 446 <term>-W <replaceable class="parameter">mode</replaceable></term> 447 <listitem> 448 <para> 449 Specify whether to check for non-terminal wildcards. 450 Non-terminal wildcards are almost always the result of a 451 failure to understand the wildcard matching algorithm (RFC 1034). 452 Possible modes are <command>"warn"</command> (default) 453 and 454 <command>"ignore"</command>. 455 </para> 456 </listitem> 457 </varlistentry> 458 459 <varlistentry> 460 <term>zonename</term> 461 <listitem> 462 <para> 463 The domain name of the zone being checked. 464 </para> 465 </listitem> 466 </varlistentry> 467 468 <varlistentry> 469 <term>filename</term> 470 <listitem> 471 <para> 472 The name of the zone file. 473 </para> 474 </listitem> 475 </varlistentry> 476 477 </variablelist> 478 479 </refsection> 480 481 <refsection><info><title>RETURN VALUES</title></info> 482 483 <para><command>named-checkzone</command> 484 returns an exit status of 1 if 485 errors were detected and 0 otherwise. 486 </para> 487 </refsection> 488 489 <refsection><info><title>SEE ALSO</title></info> 490 491 <para><citerefentry> 492 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 493 </citerefentry>, 494 <citerefentry> 495 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> 496 </citerefentry>, 497 <citetitle>RFC 1035</citetitle>, 498 <citetitle>BIND 9 Administrator Reference Manual</citetitle>. 499 </para> 500 </refsection> 501 502</refentry> 503