1 .\" $NetBSD: nslint.8,v 1.1.1.3 2014/12/10 03:34:34 christos Exp $
3 .\" @(#) Id: nslint.8 238 2009-03-14 05:43:37Z leres (LBL)
5 .\" Copyright (c) 1994, 1996, 1997, 1999, 2001, 2002, 2009
6 .\" The Regents of the University of California. All rights reserved.
7 .\" All rights reserved.
9 .\" Redistribution and use in source and binary forms, with or without
10 .\" modification, are permitted provided that: (1) source code distributions
11 .\" retain the above copyright notice and this paragraph in its entirety, (2)
12 .\" distributions including binary code include the above copyright notice and
13 .\" this paragraph in its entirety in the documentation or other materials
14 .\" provided with the distribution, and (3) all advertising materials mentioning
15 .\" features or use of this software display the following acknowledgement:
16 .\" ``This product includes software developed by the University of California,
17 .\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
18 .\" the University nor the names of its contributors may be used to endorse
19 .\" or promote products derived from this software without specific prior
20 .\" written permission.
21 .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
22 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
23 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25 .TH nslint 8 "2 May 2002"
28 nslint - perform consistency checks on dns files
53 reads the nameserver configuration files and performs a number of
54 consistency checks on the dns records. If any problems are discovered,
55 error messages are displayed on
59 exits with a non-zero status.
61 Here is a partial list of errors
65 Records that are malformed.
67 Names that contain dots but are missing a trailing dot.
70 records with names that are missing a trailing dot.
72 Names that contain illegal characters (rfc1034).
86 Names with more than one address on the same subnet.
88 Addresses in use by more than one name.
92 and other records (rfc1033).
94 Unknown service and/or protocol keywords in
98 Missing semicolons and quotes.
106 .IR /etc/named.boot .
113 .IR /etc/named.conf .
124 (or the current working directory).
125 This file is processed like a second
127 The most common use is to tell
133 records that point outside the domains listed in
145 (or the current working directory).
146 This file is processed like a second
150 Raise the debugging level. Debugging information is
158 configuration file and also
161 file. If both files exist,
165 (on the theory that you forgot to delete
167 when you upgraded BIND).
169 .SH "ADVANCED CONFIGURATION"
170 There are some cases where it is necessary to use the
171 advanced configuration features of
173 Advanced configuration is done with the
175 file. (You can also use
177 which has a syntax similar to
179 but is not described here.)
181 The most common is when a site has a demilitarized zone (DMZ).
182 The problem here is that the DMZ network will have
184 records for hosts outside its domain. For example lets say
192 1.1 604800 in ptr gateway.lbl.gov.
193 2.1 604800 in ptr gateway.es.net.
198 Obviously we will define an
204 but we will get errors because there is no
208 The solution is to create a
210 file (in the same directory as the other dns files)
219 file "nslint.es.net";
226 And then create the file
233 gateway 1 in a 128.0.1.2
238 Another problem occurs when there is a
240 that points to a host outside the local domains. Let's say we have
248 info 604800 in cname larry.es.net.
253 In this case we would need:
261 file "nslint.es.net";
275 larry 1 in txt "place holder"
283 when a pseudo host is setup to allow two more
284 more actual hosts provide a service. For, let's say that
291 server 604800 in a 128.0.6.6
292 server 604800 in a 128.0.6.94
294 tom 604800 in a 128.0.6.6
295 tom 604800 in mx 0 lbl.gov.
297 jerry 604800 in a 128.0.6.94
298 jerry 604800 in mx 0 lbl.gov.
305 would complain about missing
307 records and ip addresses in use by more than one host.
308 To suppress these warnings, add you would the lines:
316 file "nslint.lbl.gov";
320 zone "0.128.in-addr.arpa" {
323 file "nslint.128.0.rev";
339 server 1 in allowdupa 128.0.6.6
340 server 1 in allowdupa 128.0.6.94
352 6.6 604800 in ptr server.lbl.gov.
353 94.6 604800 in ptr server.lbl.gov.
374 feature helps detect hosts that have mistakenly had two ip addresses
375 assigned on the same subnet. This can happen when two different
376 people request an ip address for the same hostname or when someone
377 forgets an address has been assigned and requests a new number.
385 containing something similar to:
392 network "128.0.6/22";
406 network "128.0.6 255.255.252.0";
413 These two examples are are equivalent ways of saying the same thing;
416 has a 22 bit wide subnet mask.
418 Using information from the above
422 would would flag the following
424 records as being in error:
429 server 1 in a 128.0.6.48
430 server 1 in a 128.0.7.16
435 Note that if you specify any
441 requires you to include lines for all networks;
442 otherwise you might forget to add
444 lines for new networks.
446 Sometimes you have a zone that
448 just can't deal with. A good example is
449 a dynamic dns zone. To handle this, you can
458 ignorezone "dhcp.lbl.gov";
465 This will suppress "name referenced without other records" warnings.
471 /etc/named.conf - default named configuration file
472 /etc/named.boot - old style named configuration file
473 nslint.conf - default nslint configuration file
474 nslint.boot - old style nslint configuration file
489 Lawrence Berkeley National Laboratory, University of California, Berkeley, CA.
491 The current version is available via anonymous ftp:
494 .I ftp://ftp.ee.lbl.gov/nslint.tar.gz
497 Please send bug reports to nslint@ee.lbl.gov.
499 Not everyone is guaranteed to agree with all the checks done.