1<!-- 2 - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") 3 - Copyright (C) 2000-2003 Internet Software Consortium. 4 - 5 - Permission to use, copy, modify, and/or distribute this software for any 6 - purpose with or without fee is hereby granted, provided that the above 7 - copyright notice and this permission notice appear in all copies. 8 - 9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 - PERFORMANCE OF THIS SOFTWARE. 16--> 17<!-- $Id$ --> 18<html> 19<head> 20<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 21<title>named-checkzone</title> 22<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 23<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> 24<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages"> 25<link rel="prev" href="man.named-checkconf.html" title="named-checkconf"> 26<link rel="next" href="man.named.html" title="named"> 27</head> 28<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> 29<div class="navheader"> 30<table width="100%" summary="Navigation header"> 31<tr><th colspan="3" align="center"><span class="application">named-checkzone</span></th></tr> 32<tr> 33<td width="20%" align="left"> 34<a accesskey="p" href="man.named-checkconf.html">Prev</a>�</td> 35<th width="60%" align="center">Manual pages</th> 36<td width="20%" align="right">�<a accesskey="n" href="man.named.html">Next</a> 37</td> 38</tr> 39</table> 40<hr> 41</div> 42<div class="refentry" lang="en"> 43<a name="man.named-checkzone"></a><div class="titlepage"></div> 44<div class="refnamediv"> 45<h2>Name</h2> 46<p><span class="application">named-checkzone</span>, <span class="application">named-compilezone</span> — zone file validity checking or converting tool</p> 47</div> 48<div class="refsynopsisdiv"> 49<h2>Synopsis</h2> 50<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div> 51<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> 52</div> 53<div class="refsect1" lang="en"> 54<a name="id2637408"></a><h2>DESCRIPTION</h2> 55<p><span><strong class="command">named-checkzone</strong></span> 56 checks the syntax and integrity of a zone file. It performs the 57 same checks as <span><strong class="command">named</strong></span> does when loading a 58 zone. This makes <span><strong class="command">named-checkzone</strong></span> useful for 59 checking zone files before configuring them into a name server. 60 </p> 61<p> 62 <span><strong class="command">named-compilezone</strong></span> is similar to 63 <span><strong class="command">named-checkzone</strong></span>, but it always dumps the 64 zone contents to a specified file in a specified format. 65 Additionally, it applies stricter check levels by default, 66 since the dump output will be used as an actual zone file 67 loaded by <span><strong class="command">named</strong></span>. 68 When manually specified otherwise, the check levels must at 69 least be as strict as those specified in the 70 <span><strong class="command">named</strong></span> configuration file. 71 </p> 72</div> 73<div class="refsect1" lang="en"> 74<a name="id2637458"></a><h2>OPTIONS</h2> 75<div class="variablelist"><dl> 76<dt><span class="term">-d</span></dt> 77<dd><p> 78 Enable debugging. 79 </p></dd> 80<dt><span class="term">-h</span></dt> 81<dd><p> 82 Print the usage summary and exit. 83 </p></dd> 84<dt><span class="term">-q</span></dt> 85<dd><p> 86 Quiet mode - exit code only. 87 </p></dd> 88<dt><span class="term">-v</span></dt> 89<dd><p> 90 Print the version of the <span><strong class="command">named-checkzone</strong></span> 91 program and exit. 92 </p></dd> 93<dt><span class="term">-j</span></dt> 94<dd><p> 95 When loading the zone file read the journal if it exists. 96 </p></dd> 97<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt> 98<dd><p> 99 Specify the class of the zone. If not specified, "IN" is assumed. 100 </p></dd> 101<dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt> 102<dd> 103<p> 104 Perform post-load zone integrity checks. Possible modes are 105 <span><strong class="command">"full"</strong></span> (default), 106 <span><strong class="command">"full-sibling"</strong></span>, 107 <span><strong class="command">"local"</strong></span>, 108 <span><strong class="command">"local-sibling"</strong></span> and 109 <span><strong class="command">"none"</strong></span>. 110 </p> 111<p> 112 Mode <span><strong class="command">"full"</strong></span> checks that MX records 113 refer to A or AAAA record (both in-zone and out-of-zone 114 hostnames). Mode <span><strong class="command">"local"</strong></span> only 115 checks MX records which refer to in-zone hostnames. 116 </p> 117<p> 118 Mode <span><strong class="command">"full"</strong></span> checks that SRV records 119 refer to A or AAAA record (both in-zone and out-of-zone 120 hostnames). Mode <span><strong class="command">"local"</strong></span> only 121 checks SRV records which refer to in-zone hostnames. 122 </p> 123<p> 124 Mode <span><strong class="command">"full"</strong></span> checks that delegation NS 125 records refer to A or AAAA record (both in-zone and out-of-zone 126 hostnames). It also checks that glue address records 127 in the zone match those advertised by the child. 128 Mode <span><strong class="command">"local"</strong></span> only checks NS records which 129 refer to in-zone hostnames or that some required glue exists, 130 that is when the nameserver is in a child zone. 131 </p> 132<p> 133 Mode <span><strong class="command">"full-sibling"</strong></span> and 134 <span><strong class="command">"local-sibling"</strong></span> disable sibling glue 135 checks but are otherwise the same as <span><strong class="command">"full"</strong></span> 136 and <span><strong class="command">"local"</strong></span> respectively. 137 </p> 138<p> 139 Mode <span><strong class="command">"none"</strong></span> disables the checks. 140 </p> 141</dd> 142<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt> 143<dd><p> 144 Specify the format of the zone file. 145 Possible formats are <span><strong class="command">"text"</strong></span> (default) 146 and <span><strong class="command">"raw"</strong></span>. 147 </p></dd> 148<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt> 149<dd> 150<p> 151 Specify the format of the output file specified. 152 For <span><strong class="command">named-checkzone</strong></span>, 153 this does not cause any effects unless it dumps the zone 154 contents. 155 </p> 156<p> 157 Possible formats are <span><strong class="command">"text"</strong></span> (default) 158 and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>, 159 which store the zone in a binary format for rapid loading 160 by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span> 161 specifies the format version of the raw zone file: if N 162 is 0, the raw file can be read by any version of 163 <span><strong class="command">named</strong></span>; if N is 1, the file can be read 164 by release 9.9.0 or higher. The default is 1. 165 </p> 166</dd> 167<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt> 168<dd><p> 169 Perform <span><strong class="command">"check-names"</strong></span> checks with the 170 specified failure mode. 171 Possible modes are <span><strong class="command">"fail"</strong></span> 172 (default for <span><strong class="command">named-compilezone</strong></span>), 173 <span><strong class="command">"warn"</strong></span> 174 (default for <span><strong class="command">named-checkzone</strong></span>) and 175 <span><strong class="command">"ignore"</strong></span>. 176 </p></dd> 177<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt> 178<dd><p> 179 When compiling a zone to 'raw' format, set the "source serial" 180 value in the header to the specified serial number. (This is 181 expected to be used primarily for testing purposes.) 182 </p></dd> 183<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt> 184<dd><p> 185 Specify whether MX records should be checked to see if they 186 are addresses. Possible modes are <span><strong class="command">"fail"</strong></span>, 187 <span><strong class="command">"warn"</strong></span> (default) and 188 <span><strong class="command">"ignore"</strong></span>. 189 </p></dd> 190<dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt> 191<dd><p> 192 Check if a MX record refers to a CNAME. 193 Possible modes are <span><strong class="command">"fail"</strong></span>, 194 <span><strong class="command">"warn"</strong></span> (default) and 195 <span><strong class="command">"ignore"</strong></span>. 196 </p></dd> 197<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt> 198<dd><p> 199 Specify whether NS records should be checked to see if they 200 are addresses. 201 Possible modes are <span><strong class="command">"fail"</strong></span> 202 (default for <span><strong class="command">named-compilezone</strong></span>), 203 <span><strong class="command">"warn"</strong></span> 204 (default for <span><strong class="command">named-checkzone</strong></span>) and 205 <span><strong class="command">"ignore"</strong></span>. 206 </p></dd> 207<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt> 208<dd><p> 209 Write zone output to <code class="filename">filename</code>. 210 If <code class="filename">filename</code> is <code class="filename">-</code> then 211 write to standard out. 212 This is mandatory for <span><strong class="command">named-compilezone</strong></span>. 213 </p></dd> 214<dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt> 215<dd><p> 216 Check for records that are treated as different by DNSSEC but 217 are semantically equal in plain DNS. 218 Possible modes are <span><strong class="command">"fail"</strong></span>, 219 <span><strong class="command">"warn"</strong></span> (default) and 220 <span><strong class="command">"ignore"</strong></span>. 221 </p></dd> 222<dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt> 223<dd><p> 224 Specify the style of the dumped zone file. 225 Possible styles are <span><strong class="command">"full"</strong></span> (default) 226 and <span><strong class="command">"relative"</strong></span>. 227 The full format is most suitable for processing 228 automatically by a separate script. 229 On the other hand, the relative format is more 230 human-readable and is thus suitable for editing by hand. 231 For <span><strong class="command">named-checkzone</strong></span> 232 this does not cause any effects unless it dumps the zone 233 contents. 234 It also does not have any meaning if the output format 235 is not text. 236 </p></dd> 237<dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt> 238<dd><p> 239 Check if a SRV record refers to a CNAME. 240 Possible modes are <span><strong class="command">"fail"</strong></span>, 241 <span><strong class="command">"warn"</strong></span> (default) and 242 <span><strong class="command">"ignore"</strong></span>. 243 </p></dd> 244<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> 245<dd><p> 246 Chroot to <code class="filename">directory</code> so that 247 include 248 directives in the configuration file are processed as if 249 run by a similarly chrooted named. 250 </p></dd> 251<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt> 252<dd><p> 253 Check if Sender Policy Framework records (TXT and SPF) 254 both exist or both don't exist. A warning is issued 255 if they don't match. Possible modes are 256 <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>. 257 </p></dd> 258<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt> 259<dd><p> 260 chdir to <code class="filename">directory</code> so that 261 relative 262 filenames in master file $INCLUDE directives work. This 263 is similar to the directory clause in 264 <code class="filename">named.conf</code>. 265 </p></dd> 266<dt><span class="term">-D</span></dt> 267<dd><p> 268 Dump zone file in canonical format. 269 This is always enabled for <span><strong class="command">named-compilezone</strong></span>. 270 </p></dd> 271<dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt> 272<dd><p> 273 Specify whether to check for non-terminal wildcards. 274 Non-terminal wildcards are almost always the result of a 275 failure to understand the wildcard matching algorithm (RFC 1034). 276 Possible modes are <span><strong class="command">"warn"</strong></span> (default) 277 and 278 <span><strong class="command">"ignore"</strong></span>. 279 </p></dd> 280<dt><span class="term">zonename</span></dt> 281<dd><p> 282 The domain name of the zone being checked. 283 </p></dd> 284<dt><span class="term">filename</span></dt> 285<dd><p> 286 The name of the zone file. 287 </p></dd> 288</dl></div> 289</div> 290<div class="refsect1" lang="en"> 291<a name="id2670998"></a><h2>RETURN VALUES</h2> 292<p><span><strong class="command">named-checkzone</strong></span> 293 returns an exit status of 1 if 294 errors were detected and 0 otherwise. 295 </p> 296</div> 297<div class="refsect1" lang="en"> 298<a name="id2671080"></a><h2>SEE ALSO</h2> 299<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, 300 <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, 301 <em class="citetitle">RFC 1035</em>, 302 <em class="citetitle">BIND 9 Administrator Reference Manual</em>. 303 </p> 304</div> 305<div class="refsect1" lang="en"> 306<a name="id2671113"></a><h2>AUTHOR</h2> 307<p><span class="corpauthor">Internet Systems Consortium</span> 308 </p> 309</div> 310</div> 311<div class="navfooter"> 312<hr> 313<table width="100%" summary="Navigation footer"> 314<tr> 315<td width="40%" align="left"> 316<a accesskey="p" href="man.named-checkconf.html">Prev</a>�</td> 317<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td> 318<td width="40%" align="right">�<a accesskey="n" href="man.named.html">Next</a> 319</td> 320</tr> 321<tr> 322<td width="40%" align="left" valign="top"> 323<span class="application">named-checkconf</span>�</td> 324<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td> 325<td width="40%" align="right" valign="top">�<span class="application">named</span> 326</td> 327</tr> 328</table> 329</div> 330</body> 331</html> 332