| blob | 04d8a0270907ee9447ec5fff802b418c863e1648 |
1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
4 <!--
5 - Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
6 - Copyright (C) 2000-2002 Internet Software Consortium.
7 -
8 - Permission to use, copy, modify, and/or distribute this software for any
9 - purpose with or without fee is hereby granted, provided that the above
10 - copyright notice and this permission notice appear in all copies.
11 -
12 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
13 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
16 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
17 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
18 - PERFORMANCE OF THIS SOFTWARE.
19 -->
21 <!-- Id: named-checkzone.docbook,v 1.38 2009/12/04 21:09:32 marka Exp -->
22 <refentry id="man.named-checkzone">
23 <refentryinfo>
24 <date>June 13, 2000</date>
25 </refentryinfo>
27 <refmeta>
28 <refentrytitle><application>named-checkzone</application></refentrytitle>
29 <manvolnum>8</manvolnum>
30 <refmiscinfo>BIND9</refmiscinfo>
31 </refmeta>
33 <docinfo>
34 <copyright>
35 <year>2004</year>
36 <year>2005</year>
37 <year>2006</year>
38 <year>2007</year>
39 <year>2009</year>
40 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
41 </copyright>
42 <copyright>
43 <year>2000</year>
44 <year>2001</year>
45 <year>2002</year>
46 <holder>Internet Software Consortium.</holder>
47 </copyright>
48 </docinfo>
50 <refnamediv>
51 <refname><application>named-checkzone</application></refname>
52 <refname><application>named-compilezone</application></refname>
53 <refpurpose>zone file validity checking or converting tool</refpurpose>
54 </refnamediv>
56 <refsynopsisdiv>
57 <cmdsynopsis>
58 <command>named-checkzone</command>
59 <arg><option>-d</option></arg>
60 <arg><option>-h</option></arg>
61 <arg><option>-j</option></arg>
62 <arg><option>-q</option></arg>
63 <arg><option>-v</option></arg>
64 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
65 <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
66 <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
67 <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
68 <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
69 <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
70 <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
71 <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
72 <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
73 <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
74 <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
75 <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
76 <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
77 <arg><option>-D</option></arg>
78 <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
79 <arg choice="req">zonename</arg>
80 <arg choice="req">filename</arg>
81 </cmdsynopsis>
82 <cmdsynopsis>
83 <command>named-compilezone</command>
84 <arg><option>-d</option></arg>
85 <arg><option>-j</option></arg>
86 <arg><option>-q</option></arg>
87 <arg><option>-v</option></arg>
88 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
89 <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
90 <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
91 <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
92 <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
93 <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
94 <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
95 <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
96 <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
97 <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
98 <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
99 <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
100 <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
101 <arg><option>-D</option></arg>
102 <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
103 <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
104 <arg choice="req">zonename</arg>
105 <arg choice="req">filename</arg>
106 </cmdsynopsis>
107 </refsynopsisdiv>
109 <refsect1>
110 <title>DESCRIPTION</title>
111 <para><command>named-checkzone</command>
112 checks the syntax and integrity of a zone file. It performs the
113 same checks as <command>named</command> does when loading a
114 zone. This makes <command>named-checkzone</command> useful for
115 checking zone files before configuring them into a name server.
116 </para>
117 <para>
118 <command>named-compilezone</command> is similar to
119 <command>named-checkzone</command>, but it always dumps the
120 zone contents to a specified file in a specified format.
121 Additionally, it applies stricter check levels by default,
122 since the dump output will be used as an actual zone file
123 loaded by <command>named</command>.
124 When manually specified otherwise, the check levels must at
125 least be as strict as those specified in the
126 <command>named</command> configuration file.
127 </para>
128 </refsect1>
130 <refsect1>
131 <title>OPTIONS</title>
133 <variablelist>
134 <varlistentry>
135 <term>-d</term>
136 <listitem>
137 <para>
138 Enable debugging.
139 </para>
140 </listitem>
141 </varlistentry>
143 <varlistentry>
144 <term>-h</term>
145 <listitem>
146 <para>
147 Print the usage summary and exit.
148 </para>
149 </listitem>
150 </varlistentry>
152 <varlistentry>
153 <term>-q</term>
154 <listitem>
155 <para>
156 Quiet mode - exit code only.
157 </para>
158 </listitem>
159 </varlistentry>
161 <varlistentry>
162 <term>-v</term>
163 <listitem>
164 <para>
165 Print the version of the <command>named-checkzone</command>
166 program and exit.
167 </para>
168 </listitem>
169 </varlistentry>
171 <varlistentry>
172 <term>-j</term>
173 <listitem>
174 <para>
175 When loading the zone file read the journal if it exists.
176 </para>
177 </listitem>
178 </varlistentry>
180 <varlistentry>
181 <term>-c <replaceable class="parameter">class</replaceable></term>
182 <listitem>
183 <para>
184 Specify the class of the zone. If not specified, "IN" is assumed.
185 </para>
186 </listitem>
187 </varlistentry>
189 <varlistentry>
190 <term>-i <replaceable class="parameter">mode</replaceable></term>
191 <listitem>
192 <para>
193 Perform post-load zone integrity checks. Possible modes are
194 <command>"full"</command> (default),
195 <command>"full-sibling"</command>,
196 <command>"local"</command>,
197 <command>"local-sibling"</command> and
198 <command>"none"</command>.
199 </para>
200 <para>
201 Mode <command>"full"</command> checks that MX records
202 refer to A or AAAA record (both in-zone and out-of-zone
203 hostnames). Mode <command>"local"</command> only
204 checks MX records which refer to in-zone hostnames.
205 </para>
206 <para>
207 Mode <command>"full"</command> checks that SRV records
208 refer to A or AAAA record (both in-zone and out-of-zone
209 hostnames). Mode <command>"local"</command> only
210 checks SRV records which refer to in-zone hostnames.
211 </para>
212 <para>
213 Mode <command>"full"</command> checks that delegation NS
214 records refer to A or AAAA record (both in-zone and out-of-zone
215 hostnames). It also checks that glue address records
216 in the zone match those advertised by the child.
217 Mode <command>"local"</command> only checks NS records which
218 refer to in-zone hostnames or that some required glue exists,
219 that is when the nameserver is in a child zone.
220 </para>
221 <para>
222 Mode <command>"full-sibling"</command> and
223 <command>"local-sibling"</command> disable sibling glue
224 checks but are otherwise the same as <command>"full"</command>
225 and <command>"local"</command> respectively.
226 </para>
227 <para>
228 Mode <command>"none"</command> disables the checks.
229 </para>
230 </listitem>
231 </varlistentry>
233 <varlistentry>
234 <term>-f <replaceable class="parameter">format</replaceable></term>
235 <listitem>
236 <para>
237 Specify the format of the zone file.
238 Possible formats are <command>"text"</command> (default)
239 and <command>"raw"</command>.
240 </para>
241 </listitem>
242 </varlistentry>
244 <varlistentry>
245 <term>-F <replaceable class="parameter">format</replaceable></term>
246 <listitem>
247 <para>
248 Specify the format of the output file specified.
249 Possible formats are <command>"text"</command> (default)
250 and <command>"raw"</command>.
251 For <command>named-checkzone</command>,
252 this does not cause any effects unless it dumps the zone
253 contents.
254 </para>
255 </listitem>
256 </varlistentry>
258 <varlistentry>
259 <term>-k <replaceable class="parameter">mode</replaceable></term>
260 <listitem>
261 <para>
262 Perform <command>"check-names"</command> checks with the
263 specified failure mode.
264 Possible modes are <command>"fail"</command>
265 (default for <command>named-compilezone</command>),
266 <command>"warn"</command>
267 (default for <command>named-checkzone</command>) and
268 <command>"ignore"</command>.
269 </para>
270 </listitem>
271 </varlistentry>
273 <varlistentry>
274 <term>-m <replaceable class="parameter">mode</replaceable></term>
275 <listitem>
276 <para>
277 Specify whether MX records should be checked to see if they
278 are addresses. Possible modes are <command>"fail"</command>,
279 <command>"warn"</command> (default) and
280 <command>"ignore"</command>.
281 </para>
282 </listitem>
283 </varlistentry>
285 <varlistentry>
286 <term>-M <replaceable class="parameter">mode</replaceable></term>
287 <listitem>
288 <para>
289 Check if a MX record refers to a CNAME.
290 Possible modes are <command>"fail"</command>,
291 <command>"warn"</command> (default) and
292 <command>"ignore"</command>.
293 </para>
294 </listitem>
295 </varlistentry>
297 <varlistentry>
298 <term>-n <replaceable class="parameter">mode</replaceable></term>
299 <listitem>
300 <para>
301 Specify whether NS records should be checked to see if they
302 are addresses.
303 Possible modes are <command>"fail"</command>
304 (default for <command>named-compilezone</command>),
305 <command>"warn"</command>
306 (default for <command>named-checkzone</command>) and
307 <command>"ignore"</command>.
308 </para>
309 </listitem>
310 </varlistentry>
312 <varlistentry>
313 <term>-o <replaceable class="parameter">filename</replaceable></term>
314 <listitem>
315 <para>
316 Write zone output to <filename>filename</filename>.
317 If <filename>filename</filename> is <filename>-</filename> then
318 write to standard out.
319 This is mandatory for <command>named-compilezone</command>.
320 </para>
321 </listitem>
322 </varlistentry>
324 <varlistentry>
325 <term>-r <replaceable class="parameter">mode</replaceable></term>
326 <listitem>
327 <para>
328 Check for records that are treated as different by DNSSEC but
329 are semantically equal in plain DNS.
330 Possible modes are <command>"fail"</command>,
331 <command>"warn"</command> (default) and
332 <command>"ignore"</command>.
333 </para>
334 </listitem>
335 </varlistentry>
337 <varlistentry>
338 <term>-s <replaceable class="parameter">style</replaceable></term>
339 <listitem>
340 <para>
341 Specify the style of the dumped zone file.
342 Possible styles are <command>"full"</command> (default)
343 and <command>"relative"</command>.
344 The full format is most suitable for processing
345 automatically by a separate script.
346 On the other hand, the relative format is more
347 human-readable and is thus suitable for editing by hand.
348 For <command>named-checkzone</command>
349 this does not cause any effects unless it dumps the zone
350 contents.
351 It also does not have any meaning if the output format
352 is not text.
353 </para>
354 </listitem>
355 </varlistentry>
357 <varlistentry>
358 <term>-S <replaceable class="parameter">mode</replaceable></term>
359 <listitem>
360 <para>
361 Check if a SRV record refers to a CNAME.
362 Possible modes are <command>"fail"</command>,
363 <command>"warn"</command> (default) and
364 <command>"ignore"</command>.
365 </para>
366 </listitem>
367 </varlistentry>
369 <varlistentry>
370 <term>-t <replaceable class="parameter">directory</replaceable></term>
371 <listitem>
372 <para>
373 Chroot to <filename>directory</filename> so that
374 include
375 directives in the configuration file are processed as if
376 run by a similarly chrooted named.
377 </para>
378 </listitem>
379 </varlistentry>
381 <varlistentry>
382 <term>-w <replaceable class="parameter">directory</replaceable></term>
383 <listitem>
384 <para>
385 chdir to <filename>directory</filename> so that
386 relative
387 filenames in master file $INCLUDE directives work. This
388 is similar to the directory clause in
389 <filename>named.conf</filename>.
390 </para>
391 </listitem>
392 </varlistentry>
394 <varlistentry>
395 <term>-D</term>
396 <listitem>
397 <para>
398 Dump zone file in canonical format.
399 This is always enabled for <command>named-compilezone</command>.
400 </para>
401 </listitem>
402 </varlistentry>
404 <varlistentry>
405 <term>-W <replaceable class="parameter">mode</replaceable></term>
406 <listitem>
407 <para>
408 Specify whether to check for non-terminal wildcards.
409 Non-terminal wildcards are almost always the result of a
410 failure to understand the wildcard matching algorithm (RFC 1034).
411 Possible modes are <command>"warn"</command> (default)
412 and
413 <command>"ignore"</command>.
414 </para>
415 </listitem>
416 </varlistentry>
418 <varlistentry>
419 <term>zonename</term>
420 <listitem>
421 <para>
422 The domain name of the zone being checked.
423 </para>
424 </listitem>
425 </varlistentry>
427 <varlistentry>
428 <term>filename</term>
429 <listitem>
430 <para>
431 The name of the zone file.
432 </para>
433 </listitem>
434 </varlistentry>
436 </variablelist>
438 </refsect1>
440 <refsect1>
441 <title>RETURN VALUES</title>
442 <para><command>named-checkzone</command>
443 returns an exit status of 1 if
444 errors were detected and 0 otherwise.
445 </para>
446 </refsect1>
448 <refsect1>
449 <title>SEE ALSO</title>
450 <para><citerefentry>
451 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
452 </citerefentry>,
453 <citerefentry>
454 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
455 </citerefentry>,
456 <citetitle>RFC 1035</citetitle>,
457 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
458 </para>
459 </refsect1>
461 <refsect1>
462 <title>AUTHOR</title>
463 <para><corpauthor>Internet Systems Consortium</corpauthor>
464 </para>
465 </refsect1>
467 </refentry><!--
468 - Local variables:
469 - mode: sgml
470 - End:
471 -->