1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
5 - Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC")
6 - Copyright (C) 2000-2002 Internet Software Consortium.
8 - Permission to use, copy, modify, and/or distribute this software for any
9 - purpose with or without fee is hereby granted, provided that the above
10 - copyright notice and this permission notice appear in all copies.
12 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
13 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
16 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
17 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
18 - PERFORMANCE OF THIS SOFTWARE.
21 <refentry id="man.named-checkzone">
23 <date>February 19, 2014</date>
27 <refentrytitle><application>named-checkzone</application></refentrytitle>
28 <manvolnum>8</manvolnum>
29 <refmiscinfo>BIND9</refmiscinfo>
44 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
50 <holder>Internet Software Consortium.</holder>
55 <refname><application>named-checkzone</application></refname>
56 <refname><application>named-compilezone</application></refname>
57 <refpurpose>zone file validity checking or converting tool</refpurpose>
62 <command>named-checkzone</command>
63 <arg><option>-d</option></arg>
64 <arg><option>-h</option></arg>
65 <arg><option>-j</option></arg>
66 <arg><option>-q</option></arg>
67 <arg><option>-v</option></arg>
68 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
69 <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
70 <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
71 <arg><option>-J <replaceable class="parameter">filename</replaceable></option></arg>
72 <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
73 <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
74 <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
75 <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
76 <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
77 <arg><option>-l <replaceable class="parameter">ttl</replaceable></option></arg>
78 <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
79 <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
80 <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
81 <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
82 <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
83 <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
84 <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
85 <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
86 <arg><option>-D</option></arg>
87 <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
88 <arg choice="req">zonename</arg>
89 <arg choice="req">filename</arg>
92 <command>named-compilezone</command>
93 <arg><option>-d</option></arg>
94 <arg><option>-j</option></arg>
95 <arg><option>-q</option></arg>
96 <arg><option>-v</option></arg>
97 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
98 <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
99 <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
100 <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
101 <arg><option>-J <replaceable class="parameter">filename</replaceable></option></arg>
102 <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
103 <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
104 <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
105 <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
106 <arg><option>-l <replaceable class="parameter">ttl</replaceable></option></arg>
107 <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
108 <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
109 <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
110 <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
111 <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
112 <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
113 <arg><option>-D</option></arg>
114 <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
115 <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
116 <arg choice="req">zonename</arg>
117 <arg choice="req">filename</arg>
122 <title>DESCRIPTION</title>
123 <para><command>named-checkzone</command>
124 checks the syntax and integrity of a zone file. It performs the
125 same checks as <command>named</command> does when loading a
126 zone. This makes <command>named-checkzone</command> useful for
127 checking zone files before configuring them into a name server.
130 <command>named-compilezone</command> is similar to
131 <command>named-checkzone</command>, but it always dumps the
132 zone contents to a specified file in a specified format.
133 Additionally, it applies stricter check levels by default,
134 since the dump output will be used as an actual zone file
135 loaded by <command>named</command>.
136 When manually specified otherwise, the check levels must at
137 least be as strict as those specified in the
138 <command>named</command> configuration file.
143 <title>OPTIONS</title>
159 Print the usage summary and exit.
168 Quiet mode - exit code only.
177 Print the version of the <command>named-checkzone</command>
187 When loading a zone file, read the journal if it exists.
188 The journal file name is assumed to be the zone file name
189 appended with the string <filename>.jnl</filename>.
195 <term>-J <replaceable class="parameter">filename</replaceable></term>
198 When loading the zone file read the journal from the given
199 file, if it exists. (Implies -j.)
205 <term>-c <replaceable class="parameter">class</replaceable></term>
208 Specify the class of the zone. If not specified, "IN" is assumed.
214 <term>-i <replaceable class="parameter">mode</replaceable></term>
217 Perform post-load zone integrity checks. Possible modes are
218 <command>"full"</command> (default),
219 <command>"full-sibling"</command>,
220 <command>"local"</command>,
221 <command>"local-sibling"</command> and
222 <command>"none"</command>.
225 Mode <command>"full"</command> checks that MX records
226 refer to A or AAAA record (both in-zone and out-of-zone
227 hostnames). Mode <command>"local"</command> only
228 checks MX records which refer to in-zone hostnames.
231 Mode <command>"full"</command> checks that SRV records
232 refer to A or AAAA record (both in-zone and out-of-zone
233 hostnames). Mode <command>"local"</command> only
234 checks SRV records which refer to in-zone hostnames.
237 Mode <command>"full"</command> checks that delegation NS
238 records refer to A or AAAA record (both in-zone and out-of-zone
239 hostnames). It also checks that glue address records
240 in the zone match those advertised by the child.
241 Mode <command>"local"</command> only checks NS records which
242 refer to in-zone hostnames or that some required glue exists,
243 that is when the nameserver is in a child zone.
246 Mode <command>"full-sibling"</command> and
247 <command>"local-sibling"</command> disable sibling glue
248 checks but are otherwise the same as <command>"full"</command>
249 and <command>"local"</command> respectively.
252 Mode <command>"none"</command> disables the checks.
258 <term>-f <replaceable class="parameter">format</replaceable></term>
261 Specify the format of the zone file.
262 Possible formats are <command>"text"</command> (default),
263 <command>"raw"</command>, and <command>"map"</command>.
269 <term>-F <replaceable class="parameter">format</replaceable></term>
272 Specify the format of the output file specified.
273 For <command>named-checkzone</command>,
274 this does not cause any effects unless it dumps the zone
278 Possible formats are <command>"text"</command> (default),
279 which is the standard textual representation of the zone,
280 and <command>"map"</command>, <command>"raw"</command>,
281 and <command>"raw=N"</command>, which store the zone in a
282 binary format for rapid loading by <command>named</command>.
283 <command>"raw=N"</command> specifies the format version of
284 the raw zone file: if N is 0, the raw file can be read by
285 any version of <command>named</command>; if N is 1, the file
286 can be read by release 9.9.0 or higher; the default is 1.
292 <term>-k <replaceable class="parameter">mode</replaceable></term>
295 Perform <command>"check-names"</command> checks with the
296 specified failure mode.
297 Possible modes are <command>"fail"</command>
298 (default for <command>named-compilezone</command>),
299 <command>"warn"</command>
300 (default for <command>named-checkzone</command>) and
301 <command>"ignore"</command>.
307 <term>-l <replaceable class="parameter">ttl</replaceable></term>
310 Sets a maximum permissible TTL for the input file.
311 Any record with a TTL higher than this value will cause
312 the zone to be rejected. This is similar to using the
313 <command>max-zone-ttl</command> option in
314 <filename>named.conf</filename>.
320 <term>-L <replaceable class="parameter">serial</replaceable></term>
323 When compiling a zone to "raw" or "map" format, set the
324 "source serial" value in the header to the specified serial
325 number. (This is expected to be used primarily for testing
332 <term>-m <replaceable class="parameter">mode</replaceable></term>
335 Specify whether MX records should be checked to see if they
336 are addresses. Possible modes are <command>"fail"</command>,
337 <command>"warn"</command> (default) and
338 <command>"ignore"</command>.
344 <term>-M <replaceable class="parameter">mode</replaceable></term>
347 Check if a MX record refers to a CNAME.
348 Possible modes are <command>"fail"</command>,
349 <command>"warn"</command> (default) and
350 <command>"ignore"</command>.
356 <term>-n <replaceable class="parameter">mode</replaceable></term>
359 Specify whether NS records should be checked to see if they
361 Possible modes are <command>"fail"</command>
362 (default for <command>named-compilezone</command>),
363 <command>"warn"</command>
364 (default for <command>named-checkzone</command>) and
365 <command>"ignore"</command>.
371 <term>-o <replaceable class="parameter">filename</replaceable></term>
374 Write zone output to <filename>filename</filename>.
375 If <filename>filename</filename> is <filename>-</filename> then
376 write to standard out.
377 This is mandatory for <command>named-compilezone</command>.
383 <term>-r <replaceable class="parameter">mode</replaceable></term>
386 Check for records that are treated as different by DNSSEC but
387 are semantically equal in plain DNS.
388 Possible modes are <command>"fail"</command>,
389 <command>"warn"</command> (default) and
390 <command>"ignore"</command>.
396 <term>-s <replaceable class="parameter">style</replaceable></term>
399 Specify the style of the dumped zone file.
400 Possible styles are <command>"full"</command> (default)
401 and <command>"relative"</command>.
402 The full format is most suitable for processing
403 automatically by a separate script.
404 On the other hand, the relative format is more
405 human-readable and is thus suitable for editing by hand.
406 For <command>named-checkzone</command>
407 this does not cause any effects unless it dumps the zone
409 It also does not have any meaning if the output format
416 <term>-S <replaceable class="parameter">mode</replaceable></term>
419 Check if a SRV record refers to a CNAME.
420 Possible modes are <command>"fail"</command>,
421 <command>"warn"</command> (default) and
422 <command>"ignore"</command>.
428 <term>-t <replaceable class="parameter">directory</replaceable></term>
431 Chroot to <filename>directory</filename> so that
433 directives in the configuration file are processed as if
434 run by a similarly chrooted named.
440 <term>-T <replaceable class="parameter">mode</replaceable></term>
443 Check if Sender Policy Framework (SPF) records exist
444 and issues a warning if an SPF-formatted TXT record is
445 not also present. Possible modes are <command>"warn"</command>
446 (default), <command>"ignore"</command>.
452 <term>-w <replaceable class="parameter">directory</replaceable></term>
455 chdir to <filename>directory</filename> so that
457 filenames in master file $INCLUDE directives work. This
458 is similar to the directory clause in
459 <filename>named.conf</filename>.
468 Dump zone file in canonical format.
469 This is always enabled for <command>named-compilezone</command>.
475 <term>-W <replaceable class="parameter">mode</replaceable></term>
478 Specify whether to check for non-terminal wildcards.
479 Non-terminal wildcards are almost always the result of a
480 failure to understand the wildcard matching algorithm (RFC 1034).
481 Possible modes are <command>"warn"</command> (default)
483 <command>"ignore"</command>.
489 <term>zonename</term>
492 The domain name of the zone being checked.
498 <term>filename</term>
501 The name of the zone file.
511 <title>RETURN VALUES</title>
512 <para><command>named-checkzone</command>
513 returns an exit status of 1 if
514 errors were detected and 0 otherwise.
519 <title>SEE ALSO</title>
521 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
524 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
526 <citetitle>RFC 1035</citetitle>,
527 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
532 <title>AUTHOR</title>
533 <para><corpauthor>Internet Systems Consortium</corpauthor>