239 lines
8.3 KiB
ReStructuredText
239 lines
8.3 KiB
ReStructuredText
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
..
|
|
.. SPDX-License-Identifier: MPL-2.0
|
|
..
|
|
.. This Source Code Form is subject to the terms of the Mozilla Public
|
|
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
..
|
|
.. See the COPYRIGHT file distributed with this work for additional
|
|
.. information regarding copyright ownership.
|
|
|
|
.. highlight: console
|
|
|
|
.. BEWARE: Do not forget to edit also named-checkzone.rst!
|
|
|
|
.. iscman:: named-compilezone
|
|
.. program:: named-compilezone
|
|
.. _man_named-compilezone:
|
|
|
|
named-compilezone - zone file converting tool
|
|
---------------------------------------------
|
|
|
|
Synopsis
|
|
~~~~~~~~
|
|
|
|
:program:`named-compilezone` [**-d**] [**-h**] [**-j**] [**-q**] [**-v**] [**-c** class] [**-C** mode] [**-f** format] [**-F** format] [**-J** filename] [**-i** mode] [**-k** mode] [**-m** mode] [**-M** mode] [**-n** mode] [**-l** ttl] [**-L** serial] [**-r** mode] [**-s** style] [**-S** mode] [**-t** directory] [**-T** mode] [**-w** directory] [**-D**] [**-W** mode] {**-o** filename} {zonename} {filename}
|
|
|
|
Description
|
|
~~~~~~~~~~~
|
|
|
|
:program:`named-compilezone` checks the syntax and integrity of a zone file,
|
|
and dumps the zone contents to a specified file in a specified format.
|
|
|
|
Unlike :program:`named-checkzone`, zone contents are not strictly checked
|
|
by default. If the output is to be used as an actual zone file to be loaded
|
|
by :iscman:`named`, then the check levels should be manually configured to
|
|
be at least as strict as those specified in the :iscman:`named` configuration
|
|
file.
|
|
|
|
Running :program:`named-checkzone` on the input prior to compiling will
|
|
ensure that the zone compiles with the default requirements of
|
|
:iscman:`named`.
|
|
|
|
Options
|
|
~~~~~~~
|
|
|
|
.. option:: -d
|
|
|
|
This option enables debugging.
|
|
|
|
.. option:: -h
|
|
|
|
This option prints the usage summary and exits.
|
|
|
|
.. option:: -q
|
|
|
|
This option sets quiet mode, which only sets an exit code to indicate
|
|
successful or failed completion.
|
|
|
|
.. option:: -v
|
|
|
|
This option prints the version of the :iscman:`named-checkzone` program and exits.
|
|
|
|
.. option:: -j
|
|
|
|
When loading a zone file, this option tells :iscman:`named` to read the journal if it exists. The journal
|
|
file name is assumed to be the zone file name with the
|
|
string ``.jnl`` appended.
|
|
|
|
.. option:: -J filename
|
|
|
|
When loading the zone file, this option tells :iscman:`named` to read the journal from the given file, if
|
|
it exists. This implies :option:`-j`.
|
|
|
|
.. option:: -c class
|
|
|
|
This option specifies the class of the zone. If not specified, ``IN`` is assumed.
|
|
|
|
.. option:: -C mode
|
|
|
|
This option controls check mode on zone files when loading.
|
|
Possible modes are ``check-svcb:fail`` and ``check-svcb:ignore``.
|
|
|
|
``check-svcb:fail`` turns on additional checks on ``_dns`` SVCB
|
|
records and ``check-svcb:ignore`` disables these checks. The
|
|
default is ``check-svcb:ignore``.
|
|
|
|
.. option:: -i mode
|
|
|
|
This option performs post-load zone integrity checks. Possible modes are
|
|
``full``, ``full-sibling``, ``local``,
|
|
``local-sibling``, and ``none`` (the default).
|
|
|
|
Mode ``full`` checks that MX records refer to A or AAAA records
|
|
(both in-zone and out-of-zone hostnames). Mode ``local`` only
|
|
checks MX records which refer to in-zone hostnames.
|
|
|
|
Mode ``full`` checks that SRV records refer to A or AAAA records
|
|
(both in-zone and out-of-zone hostnames). Mode ``local`` only
|
|
checks SRV records which refer to in-zone hostnames.
|
|
|
|
Mode ``full`` checks that delegation NS records refer to A or AAAA
|
|
records (both in-zone and out-of-zone hostnames). It also checks that
|
|
glue address records in the zone match those advertised by the child.
|
|
Mode ``local`` only checks NS records which refer to in-zone
|
|
hostnames or verifies that some required glue exists, i.e., when the
|
|
name server is in a child zone.
|
|
|
|
Modes ``full-sibling`` and ``local-sibling`` disable sibling glue
|
|
checks, but are otherwise the same as ``full`` and ``local``,
|
|
respectively.
|
|
|
|
Mode ``none`` disables the checks.
|
|
|
|
.. option:: -f format
|
|
|
|
This option specifies the format of the zone file. Possible formats are
|
|
``text`` (the default), and ``raw``.
|
|
|
|
.. option:: -F format
|
|
|
|
This option specifies the format of the output file specified. For
|
|
:iscman:`named-checkzone`, this does not have any effect unless it dumps
|
|
the zone contents.
|
|
|
|
Possible formats are ``text`` (the default), which is the standard
|
|
textual representation of the zone, and ``raw`` and ``raw=N``, which
|
|
store the zone in a binary format for rapid loading by :iscman:`named`.
|
|
``raw=N`` specifies the format version of the raw zone file: if ``N`` is
|
|
0, the raw file can be read by any version of :iscman:`named`; if N is 1, the
|
|
file can only be read by release 9.9.0 or higher. The default is 1.
|
|
|
|
.. option:: -k mode
|
|
|
|
This option performs ``check-names`` checks with the specified failure mode.
|
|
Possible modes are ``fail``, ``warn``, and ``ignore`` (the default).
|
|
|
|
.. option:: -l ttl
|
|
|
|
This option sets a maximum permissible TTL for the input file. Any record with a
|
|
TTL higher than this value causes the zone to be rejected. This
|
|
is similar to using the ``max-zone-ttl`` option in :iscman:`named.conf`.
|
|
|
|
.. option:: -L serial
|
|
|
|
When compiling a zone to ``raw`` format, this option sets the "source
|
|
serial" value in the header to the specified serial number. This is
|
|
expected to be used primarily for testing purposes.
|
|
|
|
.. option:: -m mode
|
|
|
|
This option specifies whether MX records should be checked to see if they are
|
|
addresses. Possible modes are ``fail``, ``warn``, and
|
|
``ignore`` (the default).
|
|
|
|
.. option:: -M mode
|
|
|
|
This option checks whether a MX record refers to a CNAME. Possible modes are
|
|
``fail``, ``warn``, and ``ignore`` (the default).
|
|
|
|
.. option:: -n mode
|
|
|
|
This option specifies whether NS records should be checked to see if they are
|
|
addresses. Possible modes are ``fail``, ``warn``, and
|
|
``ignore`` (the default).
|
|
|
|
.. option:: -o filename
|
|
|
|
This option writes the zone output to ``filename``. If ``filename`` is ``-``, then
|
|
the zone output is written to standard output. This is mandatory for :program:`named-compilezone`.
|
|
|
|
.. option:: -r mode
|
|
|
|
This option checks for records that are treated as different by DNSSEC but are
|
|
semantically equal in plain DNS. Possible modes are ``fail``,
|
|
``warn``, and ``ignore`` (the default).
|
|
|
|
.. option:: -s style
|
|
|
|
This option specifies the style of the dumped zone file. Possible styles are
|
|
``full`` (the default) and ``relative``. The ``full`` format is most
|
|
suitable for processing automatically by a separate script.
|
|
The relative format is more human-readable and is thus
|
|
suitable for editing by hand.
|
|
|
|
.. option:: -S mode
|
|
|
|
This option checks whether an SRV record refers to a CNAME. Possible modes are
|
|
``fail``, ``warn``, and ``ignore`` (the default).
|
|
|
|
.. option:: -t directory
|
|
|
|
This option tells :iscman:`named` to chroot to ``directory``, so that ``include`` directives in the
|
|
configuration file are processed as if run by a similarly chrooted
|
|
:iscman:`named`.
|
|
|
|
.. option:: -T mode
|
|
|
|
This option checks whether Sender Policy Framework (SPF) records exist and issues a
|
|
warning if an SPF-formatted TXT record is not also present. Possible
|
|
modes are ``warn`` and ``ignore`` (the default).
|
|
|
|
.. option:: -w directory
|
|
|
|
This option instructs :iscman:`named` to chdir to ``directory``, so that relative filenames in master file
|
|
``$INCLUDE`` directives work. This is similar to the directory clause in
|
|
:iscman:`named.conf`.
|
|
|
|
.. option:: -D
|
|
|
|
This option dumps the zone file in canonical format. This is always enabled for
|
|
:program:`named-compilezone`.
|
|
|
|
.. option:: -W mode
|
|
|
|
This option specifies whether to check for non-terminal wildcards. Non-terminal
|
|
wildcards are almost always the result of a failure to understand the
|
|
wildcard matching algorithm (:rfc:`4592`). Possible modes are ``warn``
|
|
and ``ignore`` (the default).
|
|
|
|
.. option:: zonename
|
|
|
|
This indicates the domain name of the zone being checked.
|
|
|
|
.. option:: filename
|
|
|
|
This is the name of the zone file.
|
|
|
|
Return Values
|
|
~~~~~~~~~~~~~
|
|
|
|
:program:`named-compilezone` returns an exit status of 1 if errors were detected
|
|
and 0 otherwise.
|
|
|
|
See Also
|
|
~~~~~~~~
|
|
|
|
:iscman:`named(8) <named>`, :iscman:`named-checkconf(8) <named-checkconf>`, :iscman:`named-checkzone(8) <named-checkzone>`, :rfc:`1035`,
|
|
BIND 9 Administrator Reference Manual.
|