1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
5 - Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
6 - Copyright (C) 2000-2002 Internet Software Consortium.
8 - Permission to use, copy, modify, and/or distribute this software for any
9 - purpose with or without fee is hereby granted, provided that the above
10 - copyright notice and this permission notice appear in all copies.
12 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
13 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
16 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
17 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
18 - PERFORMANCE OF THIS SOFTWARE.
21 <!-- $Id: named-checkzone.docbook,v 1.44 2011/12/22 07:32:39 each Exp $ -->
22 <refentry id="man.named-checkzone">
24 <date>June 13, 2000</date>
28 <refentrytitle><application>named-checkzone</application></refentrytitle>
29 <manvolnum>8</manvolnum>
30 <refmiscinfo>BIND9</refmiscinfo>
43 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
49 <holder>Internet Software Consortium.</holder>
54 <refname><application>named-checkzone</application></refname>
55 <refname><application>named-compilezone</application></refname>
56 <refpurpose>zone file validity checking or converting tool</refpurpose>
61 <command>named-checkzone</command>
62 <arg><option>-d</option></arg>
63 <arg><option>-h</option></arg>
64 <arg><option>-j</option></arg>
65 <arg><option>-q</option></arg>
66 <arg><option>-v</option></arg>
67 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
68 <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
69 <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
70 <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
71 <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
72 <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
73 <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
74 <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
75 <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
76 <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
77 <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
78 <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
79 <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
80 <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
81 <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
82 <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
83 <arg><option>-D</option></arg>
84 <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
85 <arg choice="req">zonename</arg>
86 <arg choice="req">filename</arg>
89 <command>named-compilezone</command>
90 <arg><option>-d</option></arg>
91 <arg><option>-j</option></arg>
92 <arg><option>-q</option></arg>
93 <arg><option>-v</option></arg>
94 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
95 <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
96 <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
97 <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
98 <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
99 <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
100 <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
101 <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
102 <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
103 <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
104 <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
105 <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
106 <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
107 <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
108 <arg><option>-D</option></arg>
109 <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
110 <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
111 <arg choice="req">zonename</arg>
112 <arg choice="req">filename</arg>
117 <title>DESCRIPTION</title>
118 <para><command>named-checkzone</command>
119 checks the syntax and integrity of a zone file. It performs the
120 same checks as <command>named</command> does when loading a
121 zone. This makes <command>named-checkzone</command> useful for
122 checking zone files before configuring them into a name server.
125 <command>named-compilezone</command> is similar to
126 <command>named-checkzone</command>, but it always dumps the
127 zone contents to a specified file in a specified format.
128 Additionally, it applies stricter check levels by default,
129 since the dump output will be used as an actual zone file
130 loaded by <command>named</command>.
131 When manually specified otherwise, the check levels must at
132 least be as strict as those specified in the
133 <command>named</command> configuration file.
138 <title>OPTIONS</title>
154 Print the usage summary and exit.
163 Quiet mode - exit code only.
172 Print the version of the <command>named-checkzone</command>
182 When loading the zone file read the journal if it exists.
188 <term>-c <replaceable class="parameter">class</replaceable></term>
191 Specify the class of the zone. If not specified, "IN" is assumed.
197 <term>-i <replaceable class="parameter">mode</replaceable></term>
200 Perform post-load zone integrity checks. Possible modes are
201 <command>"full"</command> (default),
202 <command>"full-sibling"</command>,
203 <command>"local"</command>,
204 <command>"local-sibling"</command> and
205 <command>"none"</command>.
208 Mode <command>"full"</command> checks that MX records
209 refer to A or AAAA record (both in-zone and out-of-zone
210 hostnames). Mode <command>"local"</command> only
211 checks MX records which refer to in-zone hostnames.
214 Mode <command>"full"</command> checks that SRV records
215 refer to A or AAAA record (both in-zone and out-of-zone
216 hostnames). Mode <command>"local"</command> only
217 checks SRV records which refer to in-zone hostnames.
220 Mode <command>"full"</command> checks that delegation NS
221 records refer to A or AAAA record (both in-zone and out-of-zone
222 hostnames). It also checks that glue address records
223 in the zone match those advertised by the child.
224 Mode <command>"local"</command> only checks NS records which
225 refer to in-zone hostnames or that some required glue exists,
226 that is when the nameserver is in a child zone.
229 Mode <command>"full-sibling"</command> and
230 <command>"local-sibling"</command> disable sibling glue
231 checks but are otherwise the same as <command>"full"</command>
232 and <command>"local"</command> respectively.
235 Mode <command>"none"</command> disables the checks.
241 <term>-f <replaceable class="parameter">format</replaceable></term>
244 Specify the format of the zone file.
245 Possible formats are <command>"text"</command> (default)
246 and <command>"raw"</command>.
252 <term>-F <replaceable class="parameter">format</replaceable></term>
255 Specify the format of the output file specified.
256 For <command>named-checkzone</command>,
257 this does not cause any effects unless it dumps the zone
261 Possible formats are <command>"text"</command> (default)
262 and <command>"raw"</command> or <command>"raw=N"</command>,
263 which store the zone in a binary format for rapid loading
264 by <command>named</command>. <command>"raw=N"</command>
265 specifies the format version of the raw zone file: if N
266 is 0, the raw file can be read by any version of
267 <command>named</command>; if N is 1, the file can be read
268 by release 9.9.0 or higher. The default is 1.
274 <term>-k <replaceable class="parameter">mode</replaceable></term>
277 Perform <command>"check-names"</command> checks with the
278 specified failure mode.
279 Possible modes are <command>"fail"</command>
280 (default for <command>named-compilezone</command>),
281 <command>"warn"</command>
282 (default for <command>named-checkzone</command>) and
283 <command>"ignore"</command>.
289 <term>-L <replaceable class="parameter">serial</replaceable></term>
292 When compiling a zone to 'raw' format, set the "source serial"
293 value in the header to the specified serial number. (This is
294 expected to be used primarily for testing purposes.)
300 <term>-m <replaceable class="parameter">mode</replaceable></term>
303 Specify whether MX records should be checked to see if they
304 are addresses. Possible modes are <command>"fail"</command>,
305 <command>"warn"</command> (default) and
306 <command>"ignore"</command>.
312 <term>-M <replaceable class="parameter">mode</replaceable></term>
315 Check if a MX record refers to a CNAME.
316 Possible modes are <command>"fail"</command>,
317 <command>"warn"</command> (default) and
318 <command>"ignore"</command>.
324 <term>-n <replaceable class="parameter">mode</replaceable></term>
327 Specify whether NS records should be checked to see if they
329 Possible modes are <command>"fail"</command>
330 (default for <command>named-compilezone</command>),
331 <command>"warn"</command>
332 (default for <command>named-checkzone</command>) and
333 <command>"ignore"</command>.
339 <term>-o <replaceable class="parameter">filename</replaceable></term>
342 Write zone output to <filename>filename</filename>.
343 If <filename>filename</filename> is <filename>-</filename> then
344 write to standard out.
345 This is mandatory for <command>named-compilezone</command>.
351 <term>-r <replaceable class="parameter">mode</replaceable></term>
354 Check for records that are treated as different by DNSSEC but
355 are semantically equal in plain DNS.
356 Possible modes are <command>"fail"</command>,
357 <command>"warn"</command> (default) and
358 <command>"ignore"</command>.
364 <term>-s <replaceable class="parameter">style</replaceable></term>
367 Specify the style of the dumped zone file.
368 Possible styles are <command>"full"</command> (default)
369 and <command>"relative"</command>.
370 The full format is most suitable for processing
371 automatically by a separate script.
372 On the other hand, the relative format is more
373 human-readable and is thus suitable for editing by hand.
374 For <command>named-checkzone</command>
375 this does not cause any effects unless it dumps the zone
377 It also does not have any meaning if the output format
384 <term>-S <replaceable class="parameter">mode</replaceable></term>
387 Check if a SRV record refers to a CNAME.
388 Possible modes are <command>"fail"</command>,
389 <command>"warn"</command> (default) and
390 <command>"ignore"</command>.
396 <term>-t <replaceable class="parameter">directory</replaceable></term>
399 Chroot to <filename>directory</filename> so that
401 directives in the configuration file are processed as if
402 run by a similarly chrooted named.
408 <term>-T <replaceable class="parameter">mode</replaceable></term>
411 Check if Sender Policy Framework records (TXT and SPF)
412 both exist or both don't exist. A warning is issued
413 if they don't match. Possible modes are
414 <command>"warn"</command> (default), <command>"ignore"</command>.
420 <term>-w <replaceable class="parameter">directory</replaceable></term>
423 chdir to <filename>directory</filename> so that
425 filenames in master file $INCLUDE directives work. This
426 is similar to the directory clause in
427 <filename>named.conf</filename>.
436 Dump zone file in canonical format.
437 This is always enabled for <command>named-compilezone</command>.
443 <term>-W <replaceable class="parameter">mode</replaceable></term>
446 Specify whether to check for non-terminal wildcards.
447 Non-terminal wildcards are almost always the result of a
448 failure to understand the wildcard matching algorithm (RFC 1034).
449 Possible modes are <command>"warn"</command> (default)
451 <command>"ignore"</command>.
457 <term>zonename</term>
460 The domain name of the zone being checked.
466 <term>filename</term>
469 The name of the zone file.
479 <title>RETURN VALUES</title>
480 <para><command>named-checkzone</command>
481 returns an exit status of 1 if
482 errors were detected and 0 otherwise.
487 <title>SEE ALSO</title>
489 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
492 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
494 <citetitle>RFC 1035</citetitle>,
495 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
500 <title>AUTHOR</title>
501 <para><corpauthor>Internet Systems Consortium</corpauthor>