266 lines
8.8 KiB
Text
266 lines
8.8 KiB
Text
.\" Man page generated from reStructuredText.
|
|
.
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.TH "NAMED-CHECKZONE" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
named-checkzone \- zone file validity checking or converting tool
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBnamed\-checkzone\fP [\fB\-d\fP] [\fB\-h\fP] [\fB\-j\fP] [\fB\-q\fP] [\fB\-v\fP] [\fB\-c\fP class] [\fB\-C\fP mode] [\fB\-f\fP format] [\fB\-F\fP format] [\fB\-J\fP filename] [\fB\-i\fP mode] [\fB\-k\fP mode] [\fB\-m\fP mode] [\fB\-M\fP mode] [\fB\-n\fP mode] [\fB\-l\fP ttl] [\fB\-L\fP serial] [\fB\-o\fP filename] [\fB\-r\fP mode] [\fB\-s\fP style] [\fB\-S\fP mode] [\fB\-t\fP directory] [\fB\-T\fP mode] [\fB\-w\fP directory] [\fB\-D\fP] [\fB\-W\fP mode] {zonename} {filename}
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBnamed\-checkzone\fP checks the syntax and integrity of a zone file. It
|
|
performs the same checks as \fI\%named\fP does when loading a zone. This
|
|
makes \fBnamed\-checkzone\fP useful for checking zone files before
|
|
configuring them into a name server.
|
|
.SH OPTIONS
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-d
|
|
This option enables debugging.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-h
|
|
This option prints the usage summary and exits.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-q
|
|
This option sets quiet mode, which only sets an exit code to indicate
|
|
successful or failed completion.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-v
|
|
This option prints the version of the \fBnamed\-checkzone\fP program and exits.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-j
|
|
When loading a zone file, this option tells \fI\%named\fP to read the journal if it exists. The journal
|
|
file name is assumed to be the zone file name with the
|
|
string \fB\&.jnl\fP appended.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-J filename
|
|
When loading the zone file, this option tells \fI\%named\fP to read the journal from the given file, if
|
|
it exists. This implies \fI\%\-j\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-c class
|
|
This option specifies the class of the zone. If not specified, \fBIN\fP is assumed.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-C mode
|
|
This option controls check mode on zone files when loading.
|
|
Possible modes are \fBcheck\-svcb:fail\fP and \fBcheck\-svcb:ignore\fP\&.
|
|
.sp
|
|
\fBcheck\-svcb:fail\fP turns on additional checks on \fB_dns\fP SVCB
|
|
records and \fBcheck\-svcb:ignore\fP disables these checks. The
|
|
default is \fBcheck\-svcb:fail\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-i mode
|
|
This option performs post\-load zone integrity checks. Possible modes are
|
|
\fBfull\fP (the default), \fBfull\-sibling\fP, \fBlocal\fP,
|
|
\fBlocal\-sibling\fP, and \fBnone\fP\&.
|
|
.sp
|
|
Mode \fBfull\fP checks that MX records refer to A or AAAA records
|
|
(both in\-zone and out\-of\-zone hostnames). Mode \fBlocal\fP only
|
|
checks MX records which refer to in\-zone hostnames.
|
|
.sp
|
|
Mode \fBfull\fP checks that SRV records refer to A or AAAA records
|
|
(both in\-zone and out\-of\-zone hostnames). Mode \fBlocal\fP only
|
|
checks SRV records which refer to in\-zone hostnames.
|
|
.sp
|
|
Mode \fBfull\fP checks that delegation NS records refer to A or AAAA
|
|
records (both in\-zone and out\-of\-zone hostnames). It also checks that
|
|
glue address records in the zone match those advertised by the child.
|
|
Mode \fBlocal\fP only checks NS records which refer to in\-zone
|
|
hostnames or verifies that some required glue exists, i.e., when the
|
|
name server is in a child zone.
|
|
.sp
|
|
Modes \fBfull\-sibling\fP and \fBlocal\-sibling\fP disable sibling glue
|
|
checks, but are otherwise the same as \fBfull\fP and \fBlocal\fP,
|
|
respectively.
|
|
.sp
|
|
Mode \fBnone\fP disables the checks.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-f format
|
|
This option specifies the format of the zone file. Possible formats are
|
|
\fBtext\fP (the default), and \fBraw\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-F format
|
|
This option specifies the format of the output file specified. For
|
|
\fBnamed\-checkzone\fP, this does not have any effect unless it dumps
|
|
the zone contents.
|
|
.sp
|
|
Possible formats are \fBtext\fP (the default), which is the standard
|
|
textual representation of the zone, and \fBraw\fP and \fBraw=N\fP, which
|
|
store the zone in a binary format for rapid loading by \fI\%named\fP\&.
|
|
\fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is
|
|
0, the raw file can be read by any version of \fI\%named\fP; if N is 1, the
|
|
file can only be read by release 9.9.0 or higher. The default is 1.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-k mode
|
|
This option performs \fBcheck\-names\fP checks with the specified failure mode.
|
|
Possible modes are \fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-l ttl
|
|
This option sets a maximum permissible TTL for the input file. Any record with a
|
|
TTL higher than this value causes the zone to be rejected. This
|
|
is similar to using the \fBmax\-zone\-ttl\fP option in \fI\%named.conf\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-L serial
|
|
When compiling a zone to \fBraw\fP format, this option sets the \(dqsource
|
|
serial\(dq value in the header to the specified serial number. This is
|
|
expected to be used primarily for testing purposes.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-m mode
|
|
This option specifies whether MX records should be checked to see if they are
|
|
addresses. Possible modes are \fBfail\fP, \fBwarn\fP (the default), and
|
|
\fBignore\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-M mode
|
|
This option checks whether a MX record refers to a CNAME. Possible modes are
|
|
\fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-n mode
|
|
This option specifies whether NS records should be checked to see if they are
|
|
addresses. Possible modes are \fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-o filename
|
|
This option writes the zone output to \fBfilename\fP\&. If \fBfilename\fP is \fB\-\fP, then
|
|
the zone output is written to standard output.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-r mode
|
|
This option checks for records that are treated as different by DNSSEC but are
|
|
semantically equal in plain DNS. Possible modes are \fBfail\fP,
|
|
\fBwarn\fP (the default), and \fBignore\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-s style
|
|
This option specifies the style of the dumped zone file. Possible styles are
|
|
\fBfull\fP (the default) and \fBrelative\fP\&. The \fBfull\fP format is most
|
|
suitable for processing automatically by a separate script.
|
|
The relative format is more human\-readable and is thus
|
|
suitable for editing by hand. This does not have any effect unless it dumps
|
|
the zone contents. It also does not have any meaning if the output format
|
|
is not text.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-S mode
|
|
This option checks whether an SRV record refers to a CNAME. Possible modes are
|
|
\fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-t directory
|
|
This option tells \fI\%named\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
|
|
configuration file are processed as if run by a similarly chrooted
|
|
\fI\%named\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-T mode
|
|
This option checks whether Sender Policy Framework (SPF) records exist and issues a
|
|
warning if an SPF\-formatted TXT record is not also present. Possible
|
|
modes are \fBwarn\fP (the default) and \fBignore\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-w directory
|
|
This option instructs \fI\%named\fP to chdir to \fBdirectory\fP, so that relative filenames in master file
|
|
\fB$INCLUDE\fP directives work. This is similar to the directory clause in
|
|
\fI\%named.conf\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-D
|
|
This option dumps the zone file in canonical format.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-W mode
|
|
This option specifies whether to check for non\-terminal wildcards. Non\-terminal
|
|
wildcards are almost always the result of a failure to understand the
|
|
wildcard matching algorithm (\X'tty: link https://datatracker.ietf.org/doc/html/rfc4592.html'\fI\%RFC 4592\fP\X'tty: link'). Possible modes are \fBwarn\fP
|
|
(the default) and \fBignore\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B zonename
|
|
This indicates the domain name of the zone being checked.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B filename
|
|
This is the name of the zone file.
|
|
.UNINDENT
|
|
.SH RETURN VALUES
|
|
.sp
|
|
\fBnamed\-checkzone\fP returns an exit status of 1 if errors were detected
|
|
and 0 otherwise.
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-compilezone(8)\fP, \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\fI\%RFC 1035\fP\X'tty: link', BIND 9 Administrator Reference
|
|
Manual.
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2025, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|