MFV r306384:

[FreeBSD/stable/9.git] / contrib / bind9 / bin / check / named-checkzone.8

.\" Copyright (C) 2004-2007, 2009-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\" 
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\" 
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.hy 0
.ad l
'\" t
.\"     Title: named-checkzone
.\"    Author: 
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\"      Date: 2013-04-29
.\"    Manual: BIND9
.\"    Source: ISC
.\"  Language: English
.\"
.TH "NAMED\-CHECKZONE" "8" "2013\-04\-29" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
named-checkzone, named-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
.HP \w'\fBnamed\-checkzone\fR\ 'u
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP \w'\fBnamed\-compilezone\fR\ 'u
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkzone\fR
checks the syntax and integrity of a zone file\&. It performs the same checks as
\fBnamed\fR
does when loading a zone\&. This makes
\fBnamed\-checkzone\fR
useful for checking zone files before configuring them into a name server\&.
.PP
\fBnamed\-compilezone\fR
is similar to
\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format\&. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
\fBnamed\fR\&. When manually specified otherwise, the check levels must at least be as strict as those specified in the
\fBnamed\fR
configuration file\&.
.SH "OPTIONS"
.PP
\-d
.RS 4
Enable debugging\&.
.RE
.PP
\-h
.RS 4
Print the usage summary and exit\&.
.RE
.PP
\-q
.RS 4
Quiet mode \- exit code only\&.
.RE
.PP
\-v
.RS 4
Print the version of the
\fBnamed\-checkzone\fR
program and exit\&.
.RE
.PP
\-j
.RS 4
When loading the zone file read the journal if it exists\&.
.RE
.PP
\-c \fIclass\fR
.RS 4
Specify the class of the zone\&. If not specified, "IN" is assumed\&.
.RE
.PP
\-i \fImode\fR
.RS 4
Perform post\-load zone integrity checks\&. Possible modes are
\fB"full"\fR
(default),
\fB"full\-sibling"\fR,
\fB"local"\fR,
\fB"local\-sibling"\fR
and
\fB"none"\fR\&.
.sp
Mode
\fB"full"\fR
checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode
\fB"local"\fR
only checks MX records which refer to in\-zone hostnames\&.
.sp
Mode
\fB"full"\fR
checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode
\fB"local"\fR
only checks SRV records which refer to in\-zone hostnames\&.
.sp
Mode
\fB"full"\fR
checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. It also checks that glue address records in the zone match those advertised by the child\&. Mode
\fB"local"\fR
only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone\&.
.sp
Mode
\fB"full\-sibling"\fR
and
\fB"local\-sibling"\fR
disable sibling glue checks but are otherwise the same as
\fB"full"\fR
and
\fB"local"\fR
respectively\&.
.sp
Mode
\fB"none"\fR
disables the checks\&.
.RE
.PP
\-f \fIformat\fR
.RS 4
Specify the format of the zone file\&. Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR\&.
.RE
.PP
\-F \fIformat\fR
.RS 4
Specify the format of the output file specified\&. For
\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents\&.
.sp
Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR
or
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
\fBnamed\fR\&.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
\fBnamed\fR; if N is 1, the file can be read by release 9\&.9\&.0 or higher\&. The default is 1\&.
.RE
.PP
\-k \fImode\fR
.RS 4
Perform
\fB"check\-names"\fR
checks with the specified failure mode\&. Possible modes are
\fB"fail"\fR
(default for
\fBnamed\-compilezone\fR),
\fB"warn"\fR
(default for
\fBnamed\-checkzone\fR) and
\fB"ignore"\fR\&.
.RE
.PP
\-L \fIserial\fR
.RS 4
When compiling a zone to \*(Aqraw\*(Aq format, set the "source serial" value in the header to the specified serial number\&. (This is expected to be used primarily for testing purposes\&.)
.RE
.PP
\-m \fImode\fR
.RS 4
Specify whether MX records should be checked to see if they are addresses\&. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR\&.
.RE
.PP
\-M \fImode\fR
.RS 4
Check if a MX record refers to a CNAME\&. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR\&.
.RE
.PP
\-n \fImode\fR
.RS 4
Specify whether NS records should be checked to see if they are addresses\&. Possible modes are
\fB"fail"\fR
(default for
\fBnamed\-compilezone\fR),
\fB"warn"\fR
(default for
\fBnamed\-checkzone\fR) and
\fB"ignore"\fR\&.
.RE
.PP
\-o \fIfilename\fR
.RS 4
Write zone output to
filename\&. If
filename
is
\-
then write to standard out\&. This is mandatory for
\fBnamed\-compilezone\fR\&.
.RE
.PP
\-r \fImode\fR
.RS 4
Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS\&. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR\&.
.RE
.PP
\-s \fIstyle\fR
.RS 4
Specify the style of the dumped zone file\&. Possible styles are
\fB"full"\fR
(default) and
\fB"relative"\fR\&. The full format is most suitable for processing automatically by a separate script\&. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand\&. For
\fBnamed\-checkzone\fR
this does not cause any effects unless it dumps the zone contents\&. It also does not have any meaning if the output format is not text\&.
.RE
.PP
\-S \fImode\fR
.RS 4
Check if a SRV record refers to a CNAME\&. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
\fB"ignore"\fR\&.
.RE
.PP
\-t \fIdirectory\fR
.RS 4
Chroot to
directory
so that include directives in the configuration file are processed as if run by a similarly chrooted named\&.
.RE
.PP
\-T \fImode\fR
.RS 4
Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present\&. Possible modes are
\fB"warn"\fR
(default),
\fB"ignore"\fR\&.
.RE
.PP
\-w \fIdirectory\fR
.RS 4
chdir to
directory
so that relative filenames in master file $INCLUDE directives work\&. This is similar to the directory clause in
named\&.conf\&.
.RE
.PP
\-D
.RS 4
Dump zone file in canonical format\&. This is always enabled for
\fBnamed\-compilezone\fR\&.
.RE
.PP
\-W \fImode\fR
.RS 4
Specify whether to check for non\-terminal wildcards\&. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034)\&. Possible modes are
\fB"warn"\fR
(default) and
\fB"ignore"\fR\&.
.RE
.PP
zonename
.RS 4
The domain name of the zone being checked\&.
.RE
.PP
filename
.RS 4
The name of the zone file\&.
.RE
.SH "RETURN VALUES"
.PP
\fBnamed\-checkzone\fR
returns an exit status of 1 if errors were detected and 0 otherwise\&.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
\fBnamed-checkconf\fR(8),
RFC 1035,
BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2004-2007, 2009-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000-2002 Internet Software Consortium.
.br