etc/services - sync with NetBSD-8
[minix.git] / external / bsd / bind / dist / bin / check / named-checkzone.docbook
blob9e827f398d31a6ce158e6226949be03cf3676b17
1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3                [<!ENTITY mdash "&#8212;">]>
4 <!--
5  - Copyright (C) 2004-2007, 2009-2014  Internet Systems Consortium, Inc. ("ISC")
6  - Copyright (C) 2000-2002  Internet Software Consortium.
7  -
8  - Permission to use, copy, modify, and/or distribute this software for any
9  - purpose with or without fee is hereby granted, provided that the above
10  - copyright notice and this permission notice appear in all copies.
11  -
12  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
13  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14  - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
16  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
17  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
18  - PERFORMANCE OF THIS SOFTWARE.
19 -->
21 <refentry id="man.named-checkzone">
22   <refentryinfo>
23     <date>February 19, 2014</date>
24   </refentryinfo>
26   <refmeta>
27     <refentrytitle><application>named-checkzone</application></refentrytitle>
28     <manvolnum>8</manvolnum>
29     <refmiscinfo>BIND9</refmiscinfo>
30   </refmeta>
32   <docinfo>
33     <copyright>
34       <year>2004</year>
35       <year>2005</year>
36       <year>2006</year>
37       <year>2007</year>
38       <year>2009</year>
39       <year>2010</year>
40       <year>2011</year>
41       <year>2012</year>
42       <year>2013</year>
43       <year>2014</year>
44       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
45     </copyright>
46     <copyright>
47       <year>2000</year>
48       <year>2001</year>
49       <year>2002</year>
50       <holder>Internet Software Consortium.</holder>
51     </copyright>
52   </docinfo>
54   <refnamediv>
55     <refname><application>named-checkzone</application></refname>
56     <refname><application>named-compilezone</application></refname>
57     <refpurpose>zone file validity checking or converting tool</refpurpose>
58   </refnamediv>
60   <refsynopsisdiv>
61     <cmdsynopsis>
62       <command>named-checkzone</command>
63       <arg><option>-d</option></arg>
64       <arg><option>-h</option></arg>
65       <arg><option>-j</option></arg>
66       <arg><option>-q</option></arg>
67       <arg><option>-v</option></arg>
68       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
69       <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
70       <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
71       <arg><option>-J <replaceable class="parameter">filename</replaceable></option></arg>
72       <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
73       <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
74       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
75       <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
76       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
77       <arg><option>-l <replaceable class="parameter">ttl</replaceable></option></arg>
78       <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
79       <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
80       <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
81       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
82       <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
83       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
84       <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
85       <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
86       <arg><option>-D</option></arg>
87       <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
88       <arg choice="req">zonename</arg>
89       <arg choice="req">filename</arg>
90     </cmdsynopsis>
91     <cmdsynopsis>
92       <command>named-compilezone</command>
93       <arg><option>-d</option></arg>
94       <arg><option>-j</option></arg>
95       <arg><option>-q</option></arg>
96       <arg><option>-v</option></arg>
97       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
98       <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
99       <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
100       <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
101       <arg><option>-J <replaceable class="parameter">filename</replaceable></option></arg>
102       <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
103       <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
104       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
105       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
106       <arg><option>-l <replaceable class="parameter">ttl</replaceable></option></arg>
107       <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
108       <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
109       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
110       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
111       <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
112       <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
113       <arg><option>-D</option></arg>
114       <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
115       <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
116       <arg choice="req">zonename</arg>
117       <arg choice="req">filename</arg>
118     </cmdsynopsis>
119   </refsynopsisdiv>
121   <refsect1>
122     <title>DESCRIPTION</title>
123     <para><command>named-checkzone</command>
124       checks the syntax and integrity of a zone file.  It performs the
125       same checks as <command>named</command> does when loading a
126       zone.  This makes <command>named-checkzone</command> useful for
127       checking zone files before configuring them into a name server.
128     </para>
129     <para>
130         <command>named-compilezone</command> is similar to
131         <command>named-checkzone</command>, but it always dumps the
132         zone contents to a specified file in a specified format.
133         Additionally, it applies stricter check levels by default,
134         since the dump output will be used as an actual zone file
135         loaded by <command>named</command>.
136         When manually specified otherwise, the check levels must at
137         least be as strict as those specified in the
138         <command>named</command> configuration file.
139      </para>
140   </refsect1>
142   <refsect1>
143     <title>OPTIONS</title>
145     <variablelist>
146       <varlistentry>
147         <term>-d</term>
148         <listitem>
149           <para>
150             Enable debugging.
151           </para>
152         </listitem>
153       </varlistentry>
155       <varlistentry>
156         <term>-h</term>
157         <listitem>
158           <para>
159             Print the usage summary and exit.
160           </para>
161         </listitem>
162       </varlistentry>
164       <varlistentry>
165         <term>-q</term>
166         <listitem>
167           <para>
168             Quiet mode - exit code only.
169           </para>
170         </listitem>
171       </varlistentry>
173       <varlistentry>
174         <term>-v</term>
175         <listitem>
176           <para>
177             Print the version of the <command>named-checkzone</command>
178             program and exit.
179           </para>
180         </listitem>
181       </varlistentry>
183       <varlistentry>
184         <term>-j</term>
185         <listitem>
186           <para>
187             When loading a zone file, read the journal if it exists.
188             The journal file name is assumed to be the zone file name
189             appended with the string <filename>.jnl</filename>.
190           </para>
191         </listitem>
192       </varlistentry>
194       <varlistentry>
195         <term>-J <replaceable class="parameter">filename</replaceable></term>
196         <listitem>
197           <para>
198             When loading the zone file read the journal from the given
199             file, if it exists. (Implies -j.)
200           </para>
201         </listitem>
202       </varlistentry>
204       <varlistentry>
205         <term>-c <replaceable class="parameter">class</replaceable></term>
206         <listitem>
207           <para>
208             Specify the class of the zone.  If not specified, "IN" is assumed.
209           </para>
210         </listitem>
211       </varlistentry>
213       <varlistentry>
214         <term>-i <replaceable class="parameter">mode</replaceable></term>
215         <listitem>
216           <para>
217               Perform post-load zone integrity checks.  Possible modes are
218               <command>"full"</command> (default),
219               <command>"full-sibling"</command>,
220               <command>"local"</command>,
221               <command>"local-sibling"</command> and
222               <command>"none"</command>.
223           </para>
224           <para>
225               Mode <command>"full"</command> checks that MX records
226               refer to A or AAAA record (both in-zone and out-of-zone
227               hostnames).  Mode <command>"local"</command> only
228               checks MX records which refer to in-zone hostnames.
229           </para>
230           <para>
231               Mode <command>"full"</command> checks that SRV records
232               refer to A or AAAA record (both in-zone and out-of-zone
233               hostnames).  Mode <command>"local"</command> only
234               checks SRV records which refer to in-zone hostnames.
235           </para>
236           <para>
237               Mode <command>"full"</command> checks that delegation NS
238               records refer to A or AAAA record (both in-zone and out-of-zone
239               hostnames).  It also checks that glue address records
240               in the zone match those advertised by the child.
241               Mode <command>"local"</command> only checks NS records which
242               refer to in-zone hostnames or that some required glue exists,
243               that is when the nameserver is in a child zone.
244           </para>
245           <para>
246               Mode <command>"full-sibling"</command> and
247               <command>"local-sibling"</command> disable sibling glue
248               checks but are otherwise the same as <command>"full"</command>
249               and <command>"local"</command> respectively.
250           </para>
251           <para>
252               Mode <command>"none"</command> disables the checks.
253           </para>
254         </listitem>
255       </varlistentry>
257       <varlistentry>
258         <term>-f <replaceable class="parameter">format</replaceable></term>
259         <listitem>
260           <para>
261             Specify the format of the zone file.
262             Possible formats are <command>"text"</command> (default),
263             <command>"raw"</command>, and <command>"map"</command>.
264           </para>
265         </listitem>
266       </varlistentry>
268       <varlistentry>
269         <term>-F <replaceable class="parameter">format</replaceable></term>
270         <listitem>
271           <para>
272             Specify the format of the output file specified.
273             For <command>named-checkzone</command>,
274             this does not cause any effects unless it dumps the zone
275             contents.
276           </para>
277           <para>
278             Possible formats are <command>"text"</command> (default),
279             which is the standard textual representation of the zone,
280             and <command>"map"</command>, <command>"raw"</command>,
281             and <command>"raw=N"</command>, which store the zone in a
282             binary format for rapid loading by <command>named</command>.
283             <command>"raw=N"</command> specifies the format version of
284             the raw zone file: if N is 0, the raw file can be read by
285             any version of <command>named</command>; if N is 1, the file
286             can be read by release 9.9.0 or higher; the default is 1.
287           </para>
288         </listitem>
289       </varlistentry>
291       <varlistentry>
292         <term>-k <replaceable class="parameter">mode</replaceable></term>
293         <listitem>
294           <para>
295             Perform <command>"check-names"</command> checks with the
296             specified failure mode.
297             Possible modes are <command>"fail"</command>
298             (default for <command>named-compilezone</command>),
299             <command>"warn"</command>
300             (default for <command>named-checkzone</command>) and
301             <command>"ignore"</command>.
302           </para>
303         </listitem>
304       </varlistentry>
306       <varlistentry>
307         <term>-l <replaceable class="parameter">ttl</replaceable></term>
308         <listitem>
309           <para>
310             Sets a maximum permissible TTL for the input file.
311             Any record with a TTL higher than this value will cause
312             the zone to be rejected.  This is similar to using the
313             <command>max-zone-ttl</command> option in
314             <filename>named.conf</filename>.
315           </para>
316         </listitem>
317       </varlistentry>
319       <varlistentry>
320         <term>-L <replaceable class="parameter">serial</replaceable></term>
321         <listitem>
322           <para>
323             When compiling a zone to "raw" or "map" format, set the
324             "source serial" value in the header to the specified serial
325             number.  (This is expected to be used primarily for testing
326             purposes.)
327           </para>
328         </listitem>
329       </varlistentry>
331       <varlistentry>
332         <term>-m <replaceable class="parameter">mode</replaceable></term>
333         <listitem>
334           <para>
335             Specify whether MX records should be checked to see if they
336             are addresses.  Possible modes are <command>"fail"</command>,
337             <command>"warn"</command> (default) and
338             <command>"ignore"</command>.
339           </para>
340         </listitem>
341       </varlistentry>
343       <varlistentry>
344         <term>-M <replaceable class="parameter">mode</replaceable></term>
345         <listitem>
346           <para>
347             Check if a MX record refers to a CNAME.
348             Possible modes are <command>"fail"</command>,
349             <command>"warn"</command> (default) and
350             <command>"ignore"</command>.
351           </para>
352         </listitem>
353       </varlistentry>
355       <varlistentry>
356         <term>-n <replaceable class="parameter">mode</replaceable></term>
357         <listitem>
358           <para>
359             Specify whether NS records should be checked to see if they
360             are addresses.
361             Possible modes are <command>"fail"</command>
362             (default for <command>named-compilezone</command>),
363             <command>"warn"</command>
364             (default for <command>named-checkzone</command>) and
365             <command>"ignore"</command>.
366           </para>
367         </listitem>
368       </varlistentry>
370       <varlistentry>
371         <term>-o <replaceable class="parameter">filename</replaceable></term>
372         <listitem>
373           <para>
374             Write zone output to <filename>filename</filename>.
375             If <filename>filename</filename> is <filename>-</filename> then
376             write to standard out.
377             This is mandatory for <command>named-compilezone</command>.
378           </para>
379         </listitem>
380       </varlistentry>
382       <varlistentry>
383         <term>-r <replaceable class="parameter">mode</replaceable></term>
384         <listitem>
385           <para>
386             Check for records that are treated as different by DNSSEC but
387             are semantically equal in plain DNS.  
388             Possible modes are <command>"fail"</command>,
389             <command>"warn"</command> (default) and
390             <command>"ignore"</command>.
391           </para>
392         </listitem>
393       </varlistentry>
395       <varlistentry>
396         <term>-s <replaceable class="parameter">style</replaceable></term>
397         <listitem>
398           <para>
399             Specify the style of the dumped zone file.
400             Possible styles are <command>"full"</command> (default)
401             and <command>"relative"</command>.
402             The full format is most suitable for processing
403             automatically by a separate script.
404             On the other hand, the relative format is more
405             human-readable and is thus suitable for editing by hand.
406             For <command>named-checkzone</command>
407             this does not cause any effects unless it dumps the zone
408             contents.
409             It also does not have any meaning if the output format
410             is not text.
411           </para>
412         </listitem>
413       </varlistentry>
415       <varlistentry>
416         <term>-S <replaceable class="parameter">mode</replaceable></term>
417         <listitem>
418           <para>
419             Check if a SRV record refers to a CNAME.
420             Possible modes are <command>"fail"</command>,
421             <command>"warn"</command> (default) and
422             <command>"ignore"</command>.
423           </para>
424         </listitem>
425       </varlistentry>
427       <varlistentry>
428         <term>-t <replaceable class="parameter">directory</replaceable></term>
429         <listitem>
430           <para>
431             Chroot to <filename>directory</filename> so that
432             include
433             directives in the configuration file are processed as if
434             run by a similarly chrooted named.
435           </para>
436         </listitem>
437       </varlistentry>
439       <varlistentry>
440         <term>-T <replaceable class="parameter">mode</replaceable></term>
441         <listitem>
442           <para>
443             Check if Sender Policy Framework (SPF) records exist
444             and issues a warning if an SPF-formatted TXT record is
445             not also present.  Possible modes are <command>"warn"</command>
446             (default), <command>"ignore"</command>.
447           </para>
448         </listitem>
449       </varlistentry>
451       <varlistentry>
452         <term>-w <replaceable class="parameter">directory</replaceable></term>
453         <listitem>
454           <para>
455             chdir to <filename>directory</filename> so that
456             relative
457             filenames in master file $INCLUDE directives work.  This
458             is similar to the directory clause in
459             <filename>named.conf</filename>.
460           </para>
461         </listitem>
462       </varlistentry>
464       <varlistentry>
465         <term>-D</term>
466         <listitem>
467           <para>
468             Dump zone file in canonical format.
469             This is always enabled for <command>named-compilezone</command>.
470           </para>
471         </listitem>
472       </varlistentry>
474       <varlistentry>
475         <term>-W <replaceable class="parameter">mode</replaceable></term>
476         <listitem>
477           <para>
478             Specify whether to check for non-terminal wildcards.
479             Non-terminal wildcards are almost always the result of a
480             failure to understand the wildcard matching algorithm (RFC 1034).
481             Possible modes are <command>"warn"</command> (default)
482             and
483             <command>"ignore"</command>.
484           </para>
485         </listitem>
486       </varlistentry>
488       <varlistentry>
489         <term>zonename</term>
490         <listitem>
491           <para>
492             The domain name of the zone being checked.
493           </para>
494         </listitem>
495       </varlistentry>
497       <varlistentry>
498         <term>filename</term>
499         <listitem>
500           <para>
501             The name of the zone file.
502           </para>
503         </listitem>
504       </varlistentry>
506     </variablelist>
508   </refsect1>
510   <refsect1>
511     <title>RETURN VALUES</title>
512     <para><command>named-checkzone</command>
513       returns an exit status of 1 if
514       errors were detected and 0 otherwise.
515     </para>
516   </refsect1>
518   <refsect1>
519     <title>SEE ALSO</title>
520     <para><citerefentry>
521         <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
522       </citerefentry>,
523       <citerefentry>
524         <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>  
525       </citerefentry>,
526       <citetitle>RFC 1035</citetitle>,
527       <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
528     </para>
529   </refsect1>
531   <refsect1>
532     <title>AUTHOR</title>
533     <para><corpauthor>Internet Systems Consortium</corpauthor>
534     </para>
535   </refsect1>
537 </refentry><!--
538  - Local variables:
539  - mode: sgml
540  - End: