named-checkzone.8 9.56 KB
Newer Older
Tinderbox User's avatar
Tinderbox User committed
1
.\" Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
regen    
Mark Andrews committed
2
.\" Copyright (C) 2000-2002 Internet Software Consortium.
Rob Austein's avatar
regen    
Rob Austein committed
3
.\" 
Automatic Updater's avatar
regen    
Automatic Updater committed
4
.\" Permission to use, copy, modify, and/or distribute this software for any
Mark Andrews's avatar
Mark Andrews committed
5
6
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
Rob Austein's avatar
regen    
Rob Austein committed
7
.\" 
Mark Andrews's avatar
Mark Andrews committed
8
9
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
Rob Austein's avatar
regen    
Rob Austein committed
10
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
Mark Andrews's avatar
Mark Andrews committed
11
12
13
14
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
Rob Austein's avatar
regen    
Rob Austein committed
15
.\"
Tinderbox User's avatar
Tinderbox User committed
16
.\" $Id$
Rob Austein's avatar
regen    
Rob Austein committed
17
.\"
Rob Austein's avatar
regen    
Rob Austein committed
18
19
.hy 0
.ad l
Mark Andrews's avatar
regen    
Mark Andrews committed
20
21
.\"     Title: named\-checkzone
.\"    Author: 
Mark Andrews's avatar
regen    
Mark Andrews committed
22
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
Tinderbox User's avatar
Tinderbox User committed
23
.\"      Date: February 19, 2014
Mark Andrews's avatar
regen    
Mark Andrews committed
24
25
26
.\"    Manual: BIND9
.\"    Source: BIND9
.\"
Tinderbox User's avatar
Tinderbox User committed
27
.TH "NAMED\-CHECKZONE" "8" "February 19, 2014" "BIND9" "BIND9"
Mark Andrews's avatar
regen    
Mark Andrews committed
28
29
30
31
32
33
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
Rob Austein's avatar
regen    
Rob Austein committed
34
35
.SH "SYNOPSIS"
.HP 16
Tinderbox User's avatar
Tinderbox User committed
36
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
37
.HP 18
Tinderbox User's avatar
Tinderbox User committed
38
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
39
40
.SH "DESCRIPTION"
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
41
42
43
44
45
46
\fBnamed\-checkzone\fR
checks the syntax and integrity of a zone file. It performs the same checks as
\fBnamed\fR
does when loading a zone. This makes
\fBnamed\-checkzone\fR
useful for checking zone files before configuring them into a name server.
47
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
48
49
50
\fBnamed\-compilezone\fR
is similar to
\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
Mark Andrews's avatar
regen    
Mark Andrews committed
51
\fBnamed\fR. When manually specified otherwise, the check levels must at least be as strict as those specified in the
Mark Andrews's avatar
regen    
Mark Andrews committed
52
53
\fBnamed\fR
configuration file.
54
.SH "OPTIONS"
Mark Andrews's avatar
regen    
Mark Andrews committed
55
.PP
Rob Austein's avatar
regen    
Rob Austein committed
56
\-d
Mark Andrews's avatar
regen    
Mark Andrews committed
57
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
58
Enable debugging.
Mark Andrews's avatar
regen    
Mark Andrews committed
59
60
.RE
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
61
62
63
64
65
\-h
.RS 4
Print the usage summary and exit.
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
66
\-q
Mark Andrews's avatar
regen    
Mark Andrews committed
67
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
68
Quiet mode \- exit code only.
Mark Andrews's avatar
regen    
Mark Andrews committed
69
70
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
71
\-v
Mark Andrews's avatar
regen    
Mark Andrews committed
72
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
73
74
75
Print the version of the
\fBnamed\-checkzone\fR
program and exit.
Mark Andrews's avatar
regen    
Mark Andrews committed
76
77
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
78
\-j
Mark Andrews's avatar
regen    
Mark Andrews committed
79
.RS 4
Tinderbox User's avatar
Tinderbox User committed
80
81
82
83
84
85
86
When loading a zone file, read the journal if it exists. The journal file name is assumed to be the zone file name appended with the string
\fI.jnl\fR.
.RE
.PP
\-J \fIfilename\fR
.RS 4
When loading the zone file read the journal from the given file, if it exists. (Implies \-j.)
Mark Andrews's avatar
regen    
Mark Andrews committed
87
88
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
89
\-c \fIclass\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
90
.RS 4
Automatic Updater's avatar
regen    
Automatic Updater committed
91
Specify the class of the zone. If not specified, "IN" is assumed.
Mark Andrews's avatar
regen    
Mark Andrews committed
92
93
.RE
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
94
\-i \fImode\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
95
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
96
Perform post\-load zone integrity checks. Possible modes are
Mark Andrews's avatar
regen    
Mark Andrews committed
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
\fB"full"\fR
(default),
\fB"full\-sibling"\fR,
\fB"local"\fR,
\fB"local\-sibling"\fR
and
\fB"none"\fR.
.sp
Mode
\fB"full"\fR
checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode
\fB"local"\fR
only checks MX records which refer to in\-zone hostnames.
.sp
Mode
\fB"full"\fR
checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode
\fB"local"\fR
only checks SRV records which refer to in\-zone hostnames.
.sp
Mode
\fB"full"\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
119
checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode
Mark Andrews's avatar
regen    
Mark Andrews committed
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
\fB"local"\fR
only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
.sp
Mode
\fB"full\-sibling"\fR
and
\fB"local\-sibling"\fR
disable sibling glue checks but are otherwise the same as
\fB"full"\fR
and
\fB"local"\fR
respectively.
.sp
Mode
\fB"none"\fR
disables the checks.
Mark Andrews's avatar
regen    
Mark Andrews committed
136
137
.RE
.PP
138
\-f \fIformat\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
139
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
140
141
Specify the format of the zone file. Possible formats are
\fB"text"\fR
Tinderbox User's avatar
Tinderbox User committed
142
143
(default),
\fB"raw"\fR, and
Tinderbox User's avatar
Tinderbox User committed
144
\fB"map"\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
145
146
.RE
.PP
147
\-F \fIformat\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
148
.RS 4
Automatic Updater's avatar
Automatic Updater committed
149
150
151
152
Specify the format of the output file specified. For
\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
.sp
Possible formats are
Mark Andrews's avatar
regen    
Mark Andrews committed
153
\fB"text"\fR
Tinderbox User's avatar
Tinderbox User committed
154
(default), which is the standard textual representation of the zone, and
Tinderbox User's avatar
Tinderbox User committed
155
\fB"map"\fR,
Tinderbox User's avatar
Tinderbox User committed
156
\fB"raw"\fR, and
Automatic Updater's avatar
Automatic Updater committed
157
158
159
160
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
\fBnamed\fR.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
Tinderbox User's avatar
Tinderbox User committed
161
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher; the default is 1.
Mark Andrews's avatar
regen    
Mark Andrews committed
162
163
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
164
\-k \fImode\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
165
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
166
Perform
Mark Andrews's avatar
regen    
Mark Andrews committed
167
\fB"check\-names"\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
168
169
170
171
172
173
174
175
checks with the specified failure mode. Possible modes are
\fB"fail"\fR
(default for
\fBnamed\-compilezone\fR),
\fB"warn"\fR
(default for
\fBnamed\-checkzone\fR) and
\fB"ignore"\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
176
177
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
178
179
180
181
182
183
184
185
\-l \fIttl\fR
.RS 4
Sets a maximum permissible TTL for the input file. Any record with a TTL higher than this value will cause the zone to be rejected. This is similar to using the
\fBmax\-zone\-ttl\fR
option in
\fInamed.conf\fR.
.RE
.PP
Automatic Updater's avatar
Automatic Updater committed
186
187
\-L \fIserial\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
188
When compiling a zone to "raw" or "map" format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
Automatic Updater's avatar
Automatic Updater committed
189
190
.RE
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
191
\-m \fImode\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
192
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
193
194
195
196
197
Specify whether MX records should be checked to see if they are addresses. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
198
199
.RE
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
200
\-M \fImode\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
201
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
202
203
204
205
206
Check if a MX record refers to a CNAME. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
207
208
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
209
\-n \fImode\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
210
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
211
212
213
214
215
216
217
218
Specify whether NS records should be checked to see if they are addresses. Possible modes are
\fB"fail"\fR
(default for
\fBnamed\-compilezone\fR),
\fB"warn"\fR
(default for
\fBnamed\-checkzone\fR) and
\fB"ignore"\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
219
220
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
221
\-o \fIfilename\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
222
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
223
Write zone output to
Mark Andrews's avatar
regen    
Mark Andrews committed
224
225
226
227
228
\fIfilename\fR. If
\fIfilename\fR
is
\fI\-\fR
then write to standard out. This is mandatory for
Mark Andrews's avatar
regen    
Mark Andrews committed
229
\fBnamed\-compilezone\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
230
231
.RE
.PP
Automatic Updater's avatar
regen    
Automatic Updater committed
232
233
234
235
236
237
238
239
240
\-r \fImode\fR
.RS 4
Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
.RE
.PP
241
\-s \fIstyle\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
242
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
243
244
245
Specify the style of the dumped zone file. Possible styles are
\fB"full"\fR
(default) and
Mark Andrews's avatar
regen    
Mark Andrews committed
246
\fB"relative"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand. For
Mark Andrews's avatar
regen    
Mark Andrews committed
247
248
\fBnamed\-checkzone\fR
this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text.
Mark Andrews's avatar
regen    
Mark Andrews committed
249
250
.RE
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
251
\-S \fImode\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
252
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
253
254
255
256
257
Check if a SRV record refers to a CNAME. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
258
259
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
260
\-t \fIdirectory\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
261
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
262
Chroot to
Mark Andrews's avatar
regen    
Mark Andrews committed
263
264
\fIdirectory\fR
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
Mark Andrews's avatar
regen    
Mark Andrews committed
265
266
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
267
268
\-T \fImode\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
269
Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present. Possible modes are
Tinderbox User's avatar
Tinderbox User committed
270
271
272
273
274
\fB"warn"\fR
(default),
\fB"ignore"\fR.
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
275
\-w \fIdirectory\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
276
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
277
278
279
280
chdir to
\fIdirectory\fR
so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
\fInamed.conf\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
281
282
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
283
\-D
Mark Andrews's avatar
regen    
Mark Andrews committed
284
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
285
286
Dump zone file in canonical format. This is always enabled for
\fBnamed\-compilezone\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
287
288
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
289
\-W \fImode\fR
Mark Andrews's avatar
regen    
Mark Andrews committed
290
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
291
292
293
294
Specify whether to check for non\-terminal wildcards. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are
\fB"warn"\fR
(default) and
\fB"ignore"\fR.
Mark Andrews's avatar
regen    
Mark Andrews committed
295
296
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
297
zonename
Mark Andrews's avatar
regen    
Mark Andrews committed
298
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
299
The domain name of the zone being checked.
Mark Andrews's avatar
regen    
Mark Andrews committed
300
301
.RE
.PP
Rob Austein's avatar
regen    
Rob Austein committed
302
filename
Mark Andrews's avatar
regen    
Mark Andrews committed
303
.RS 4
Mark Andrews's avatar
regen    
Mark Andrews committed
304
The name of the zone file.
Mark Andrews's avatar
regen    
Mark Andrews committed
305
.RE
306
307
.SH "RETURN VALUES"
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
308
309
\fBnamed\-checkzone\fR
returns an exit status of 1 if errors were detected and 0 otherwise.
310
311
.SH "SEE ALSO"
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
312
\fBnamed\fR(8),
Mark Andrews's avatar
regen    
Mark Andrews committed
313
\fBnamed\-checkconf\fR(8),
Mark Andrews's avatar
regen    
Mark Andrews committed
314
315
RFC 1035,
BIND 9 Administrator Reference Manual.
316
317
.SH "AUTHOR"
.PP
Mark Andrews's avatar
regen    
Mark Andrews committed
318
Internet Systems Consortium
Mark Andrews's avatar
regen    
Mark Andrews committed
319
.SH "COPYRIGHT"
Tinderbox User's avatar
Tinderbox User committed
320
Copyright \(co 2004\-2007, 2009\-2014 Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
regen    
Mark Andrews committed
321
322
323
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br