MFC: r253983-253984

[FreeBSD/stable/8.git] / contrib / bind9 / bin / check / named-checkzone.docbook

<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
               [<!ENTITY mdash "&#8212;">]>
<!--
 - Copyright (C) 2004-2007, 2009, 2010, 2013  Internet Systems Consortium, Inc. ("ISC")
 - Copyright (C) 2000-2002  Internet Software Consortium.
 -
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->

<!-- $Id: named-checkzone.docbook,v 1.40 2010/01/16 23:48:15 tbox Exp $ -->
<refentry id="man.named-checkzone">
  <refentryinfo>
    <date>June 13, 2000</date>
  </refentryinfo>

  <refmeta>
    <refentrytitle><application>named-checkzone</application></refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo>BIND9</refmiscinfo>
  </refmeta>

  <docinfo>
    <copyright>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <year>2009</year>
      <year>2010</year>
      <year>2013</year>
      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
    </copyright>
    <copyright>
      <year>2000</year>
      <year>2001</year>
      <year>2002</year>
      <holder>Internet Software Consortium.</holder>
    </copyright>
  </docinfo>

  <refnamediv>
    <refname><application>named-checkzone</application></refname>
    <refname><application>named-compilezone</application></refname>
    <refpurpose>zone file validity checking or converting tool</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>named-checkzone</command>
      <arg><option>-d</option></arg>
      <arg><option>-h</option></arg>
      <arg><option>-j</option></arg>
      <arg><option>-q</option></arg>
      <arg><option>-v</option></arg>
      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
      <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
      <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
      <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
      <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
      <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
      <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
      <arg><option>-D</option></arg>
      <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
      <arg choice="req">zonename</arg>
      <arg choice="req">filename</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>named-compilezone</command>
      <arg><option>-d</option></arg>
      <arg><option>-j</option></arg>
      <arg><option>-q</option></arg>
      <arg><option>-v</option></arg>
      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
      <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
      <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
      <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
      <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
      <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
      <arg><option>-D</option></arg>
      <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
      <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
      <arg choice="req">zonename</arg>
      <arg choice="req">filename</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>DESCRIPTION</title>
    <para><command>named-checkzone</command>
      checks the syntax and integrity of a zone file.  It performs the
      same checks as <command>named</command> does when loading a
      zone.  This makes <command>named-checkzone</command> useful for
      checking zone files before configuring them into a name server.
    </para>
    <para>
        <command>named-compilezone</command> is similar to
        <command>named-checkzone</command>, but it always dumps the
        zone contents to a specified file in a specified format.
        Additionally, it applies stricter check levels by default,
        since the dump output will be used as an actual zone file
        loaded by <command>named</command>.
        When manually specified otherwise, the check levels must at
        least be as strict as those specified in the
        <command>named</command> configuration file.
     </para>
  </refsect1>

  <refsect1>
    <title>OPTIONS</title>

    <variablelist>
      <varlistentry>
        <term>-d</term>
        <listitem>
          <para>
            Enable debugging.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-h</term>
        <listitem>
          <para>
            Print the usage summary and exit.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-q</term>
        <listitem>
          <para>
            Quiet mode - exit code only.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-v</term>
        <listitem>
          <para>
            Print the version of the <command>named-checkzone</command>
            program and exit.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-j</term>
        <listitem>
          <para>
            When loading the zone file read the journal if it exists.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-c <replaceable class="parameter">class</replaceable></term>
        <listitem>
          <para>
            Specify the class of the zone.  If not specified, "IN" is assumed.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-i <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
              Perform post-load zone integrity checks.  Possible modes are
              <command>"full"</command> (default),
              <command>"full-sibling"</command>,
              <command>"local"</command>,
              <command>"local-sibling"</command> and
              <command>"none"</command>.
          </para>
          <para>
              Mode <command>"full"</command> checks that MX records
              refer to A or AAAA record (both in-zone and out-of-zone
              hostnames).  Mode <command>"local"</command> only
              checks MX records which refer to in-zone hostnames.
          </para>
          <para>
              Mode <command>"full"</command> checks that SRV records
              refer to A or AAAA record (both in-zone and out-of-zone
              hostnames).  Mode <command>"local"</command> only
              checks SRV records which refer to in-zone hostnames.
          </para>
          <para>
              Mode <command>"full"</command> checks that delegation NS
              records refer to A or AAAA record (both in-zone and out-of-zone
              hostnames).  It also checks that glue address records
              in the zone match those advertised by the child.
              Mode <command>"local"</command> only checks NS records which
              refer to in-zone hostnames or that some required glue exists,
              that is when the nameserver is in a child zone.
          </para>
          <para>
              Mode <command>"full-sibling"</command> and
              <command>"local-sibling"</command> disable sibling glue
              checks but are otherwise the same as <command>"full"</command>
              and <command>"local"</command> respectively.
          </para>
          <para>
              Mode <command>"none"</command> disables the checks.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-f <replaceable class="parameter">format</replaceable></term>
        <listitem>
          <para>
            Specify the format of the zone file.
            Possible formats are <command>"text"</command> (default)
            and <command>"raw"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-F <replaceable class="parameter">format</replaceable></term>
        <listitem>
          <para>
            Specify the format of the output file specified.
            Possible formats are <command>"text"</command> (default)
            and <command>"raw"</command>.
            For <command>named-checkzone</command>,
            this does not cause any effects unless it dumps the zone
            contents.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-k <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
            Perform <command>"check-names"</command> checks with the
            specified failure mode.
            Possible modes are <command>"fail"</command>
            (default for <command>named-compilezone</command>),
            <command>"warn"</command>
            (default for <command>named-checkzone</command>) and
            <command>"ignore"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-m <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
            Specify whether MX records should be checked to see if they
            are addresses.  Possible modes are <command>"fail"</command>,
            <command>"warn"</command> (default) and
            <command>"ignore"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-M <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
            Check if a MX record refers to a CNAME.
            Possible modes are <command>"fail"</command>,
            <command>"warn"</command> (default) and
            <command>"ignore"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-n <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
            Specify whether NS records should be checked to see if they
            are addresses.
            Possible modes are <command>"fail"</command>
            (default for <command>named-compilezone</command>),
            <command>"warn"</command>
            (default for <command>named-checkzone</command>) and
            <command>"ignore"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-o <replaceable class="parameter">filename</replaceable></term>
        <listitem>
          <para>
            Write zone output to <filename>filename</filename>.
            If <filename>filename</filename> is <filename>-</filename> then
            write to standard out.
            This is mandatory for <command>named-compilezone</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-r <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
            Check for records that are treated as different by DNSSEC but
            are semantically equal in plain DNS.  
            Possible modes are <command>"fail"</command>,
            <command>"warn"</command> (default) and
            <command>"ignore"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-s <replaceable class="parameter">style</replaceable></term>
        <listitem>
          <para>
            Specify the style of the dumped zone file.
            Possible styles are <command>"full"</command> (default)
            and <command>"relative"</command>.
            The full format is most suitable for processing
            automatically by a separate script.
            On the other hand, the relative format is more
            human-readable and is thus suitable for editing by hand.
            For <command>named-checkzone</command>
            this does not cause any effects unless it dumps the zone
            contents.
            It also does not have any meaning if the output format
            is not text.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-S <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
            Check if a SRV record refers to a CNAME.
            Possible modes are <command>"fail"</command>,
            <command>"warn"</command> (default) and
            <command>"ignore"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-t <replaceable class="parameter">directory</replaceable></term>
        <listitem>
          <para>
            Chroot to <filename>directory</filename> so that
            include
            directives in the configuration file are processed as if
            run by a similarly chrooted named.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-T <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
            Check if Sender Policy Framework records (TXT and SPF)
            both exist or both don't exist.  A warning is issued
            if they don't match.  Possible modes are
            <command>"warn"</command> (default), <command>"ignore"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-w <replaceable class="parameter">directory</replaceable></term>
        <listitem>
          <para>
            chdir to <filename>directory</filename> so that
            relative
            filenames in master file $INCLUDE directives work.  This
            is similar to the directory clause in
            <filename>named.conf</filename>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-D</term>
        <listitem>
          <para>
            Dump zone file in canonical format.
            This is always enabled for <command>named-compilezone</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-W <replaceable class="parameter">mode</replaceable></term>
        <listitem>
          <para>
            Specify whether to check for non-terminal wildcards.
            Non-terminal wildcards are almost always the result of a
            failure to understand the wildcard matching algorithm (RFC 1034).
            Possible modes are <command>"warn"</command> (default)
            and
            <command>"ignore"</command>.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>zonename</term>
        <listitem>
          <para>
            The domain name of the zone being checked.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>filename</term>
        <listitem>
          <para>
            The name of the zone file.
          </para>
        </listitem>
      </varlistentry>

    </variablelist>

  </refsect1>

  <refsect1>
    <title>RETURN VALUES</title>
    <para><command>named-checkzone</command>
      returns an exit status of 1 if
      errors were detected and 0 otherwise.
    </para>
  </refsect1>

  <refsect1>
    <title>SEE ALSO</title>
    <para><citerefentry>
        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>  
      </citerefentry>,
      <citetitle>RFC 1035</citetitle>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
    </para>
  </refsect1>

  <refsect1>
    <title>AUTHOR</title>
    <para><corpauthor>Internet Systems Consortium</corpauthor>
    </para>
  </refsect1>

</refentry><!--
 - Local variables:
 - mode: sgml
 - End:
-->