From ea648e70a989cca190cd7403fe892fd2dcc290b4 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 5 May 2024 20:37:14 +0200 Subject: Adding upstream version 1:9.11.5.P4+dfsg. Signed-off-by: Daniel Baumann --- bin/check/named-checkzone.8 | 329 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 329 insertions(+) create mode 100644 bin/check/named-checkzone.8 (limited to 'bin/check/named-checkzone.8') diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 new file mode 100644 index 0000000..9293dd9 --- /dev/null +++ b/bin/check/named-checkzone.8 @@ -0,0 +1,329 @@ +.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" This Source Code Form is subject to the terms of the Mozilla Public +.\" License, v. 2.0. If a copy of the MPL was not distributed with this +.\" file, You can obtain one at http://mozilla.org/MPL/2.0/. +.\" +.hy 0 +.ad l +'\" t +.\" Title: named-checkzone +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 2014-02-19 +.\" Manual: BIND9 +.\" Source: ISC +.\" Language: English +.\" +.TH "NAMED\-CHECKZONE" "8" "2014\-02\-19" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +named-checkzone, named-compilezone \- zone file validity checking or converting tool +.SH "SYNOPSIS" +.HP \w'\fBnamed\-checkzone\fR\ 'u +\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} +.HP \w'\fBnamed\-compilezone\fR\ 'u +\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} +.SH "DESCRIPTION" +.PP +\fBnamed\-checkzone\fR +checks the syntax and integrity of a zone file\&. It performs the same checks as +\fBnamed\fR +does when loading a zone\&. This makes +\fBnamed\-checkzone\fR +useful for checking zone files before configuring them into a name server\&. +.PP +\fBnamed\-compilezone\fR +is similar to +\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format\&. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by +\fBnamed\fR\&. When manually specified otherwise, the check levels must at least be as strict as those specified in the +\fBnamed\fR +configuration file\&. +.SH "OPTIONS" +.PP +\-d +.RS 4 +Enable debugging\&. +.RE +.PP +\-h +.RS 4 +Print the usage summary and exit\&. +.RE +.PP +\-q +.RS 4 +Quiet mode \- exit code only\&. +.RE +.PP +\-v +.RS 4 +Print the version of the +\fBnamed\-checkzone\fR +program and exit\&. +.RE +.PP +\-j +.RS 4 +When loading a zone file, read the journal if it exists\&. The journal file name is assumed to be the zone file name appended with the string +\&.jnl\&. +.RE +.PP +\-J \fIfilename\fR +.RS 4 +When loading the zone file read the journal from the given file, if it exists\&. (Implies \-j\&.) +.RE +.PP +\-c \fIclass\fR +.RS 4 +Specify the class of the zone\&. If not specified, "IN" is assumed\&. +.RE +.PP +\-i \fImode\fR +.RS 4 +Perform post\-load zone integrity checks\&. Possible modes are +\fB"full"\fR +(default), +\fB"full\-sibling"\fR, +\fB"local"\fR, +\fB"local\-sibling"\fR +and +\fB"none"\fR\&. +.sp +Mode +\fB"full"\fR +checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode +\fB"local"\fR +only checks MX records which refer to in\-zone hostnames\&. +.sp +Mode +\fB"full"\fR +checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode +\fB"local"\fR +only checks SRV records which refer to in\-zone hostnames\&. +.sp +Mode +\fB"full"\fR +checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. It also checks that glue address records in the zone match those advertised by the child\&. Mode +\fB"local"\fR +only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone\&. +.sp +Mode +\fB"full\-sibling"\fR +and +\fB"local\-sibling"\fR +disable sibling glue checks but are otherwise the same as +\fB"full"\fR +and +\fB"local"\fR +respectively\&. +.sp +Mode +\fB"none"\fR +disables the checks\&. +.RE +.PP +\-f \fIformat\fR +.RS 4 +Specify the format of the zone file\&. Possible formats are +\fB"text"\fR +(default), +\fB"raw"\fR, and +\fB"map"\fR\&. +.RE +.PP +\-F \fIformat\fR +.RS 4 +Specify the format of the output file specified\&. For +\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents\&. +.sp +Possible formats are +\fB"text"\fR +(default), which is the standard textual representation of the zone, and +\fB"map"\fR, +\fB"raw"\fR, and +\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by +\fBnamed\fR\&. +\fB"raw=N"\fR +specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of +\fBnamed\fR; if N is 1, the file can be read by release 9\&.9\&.0 or higher; the default is 1\&. +.RE +.PP +\-k \fImode\fR +.RS 4 +Perform +\fB"check\-names"\fR +checks with the specified failure mode\&. Possible modes are +\fB"fail"\fR +(default for +\fBnamed\-compilezone\fR), +\fB"warn"\fR +(default for +\fBnamed\-checkzone\fR) and +\fB"ignore"\fR\&. +.RE +.PP +\-l \fIttl\fR +.RS 4 +Sets a maximum permissible TTL for the input file\&. Any record with a TTL higher than this value will cause the zone to be rejected\&. This is similar to using the +\fBmax\-zone\-ttl\fR +option in +named\&.conf\&. +.RE +.PP +\-L \fIserial\fR +.RS 4 +When compiling a zone to "raw" or "map" format, set the "source serial" value in the header to the specified serial number\&. (This is expected to be used primarily for testing purposes\&.) +.RE +.PP +\-m \fImode\fR +.RS 4 +Specify whether MX records should be checked to see if they are addresses\&. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR\&. +.RE +.PP +\-M \fImode\fR +.RS 4 +Check if a MX record refers to a CNAME\&. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR\&. +.RE +.PP +\-n \fImode\fR +.RS 4 +Specify whether NS records should be checked to see if they are addresses\&. Possible modes are +\fB"fail"\fR +(default for +\fBnamed\-compilezone\fR), +\fB"warn"\fR +(default for +\fBnamed\-checkzone\fR) and +\fB"ignore"\fR\&. +.RE +.PP +\-o \fIfilename\fR +.RS 4 +Write zone output to +filename\&. If +filename +is +\- +then write to standard out\&. This is mandatory for +\fBnamed\-compilezone\fR\&. +.RE +.PP +\-r \fImode\fR +.RS 4 +Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS\&. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR\&. +.RE +.PP +\-s \fIstyle\fR +.RS 4 +Specify the style of the dumped zone file\&. Possible styles are +\fB"full"\fR +(default) and +\fB"relative"\fR\&. The full format is most suitable for processing automatically by a separate script\&. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand\&. For +\fBnamed\-checkzone\fR +this does not cause any effects unless it dumps the zone contents\&. It also does not have any meaning if the output format is not text\&. +.RE +.PP +\-S \fImode\fR +.RS 4 +Check if a SRV record refers to a CNAME\&. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR\&. +.RE +.PP +\-t \fIdirectory\fR +.RS 4 +Chroot to +directory +so that include directives in the configuration file are processed as if run by a similarly chrooted +\fBnamed\fR\&. +.RE +.PP +\-T \fImode\fR +.RS 4 +Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present\&. Possible modes are +\fB"warn"\fR +(default), +\fB"ignore"\fR\&. +.RE +.PP +\-w \fIdirectory\fR +.RS 4 +chdir to +directory +so that relative filenames in master file $INCLUDE directives work\&. This is similar to the directory clause in +named\&.conf\&. +.RE +.PP +\-D +.RS 4 +Dump zone file in canonical format\&. This is always enabled for +\fBnamed\-compilezone\fR\&. +.RE +.PP +\-W \fImode\fR +.RS 4 +Specify whether to check for non\-terminal wildcards\&. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034)\&. Possible modes are +\fB"warn"\fR +(default) and +\fB"ignore"\fR\&. +.RE +.PP +zonename +.RS 4 +The domain name of the zone being checked\&. +.RE +.PP +filename +.RS 4 +The name of the zone file\&. +.RE +.SH "RETURN VALUES" +.PP +\fBnamed\-checkzone\fR +returns an exit status of 1 if errors were detected and 0 otherwise\&. +.SH "SEE ALSO" +.PP +\fBnamed\fR(8), +\fBnamed-checkconf\fR(8), +RFC 1035, +BIND 9 Administrator Reference Manual\&. +.SH "AUTHOR" +.PP +\fBInternet Systems Consortium, Inc\&.\fR +.SH "COPYRIGHT" +.br +Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC") +.br -- cgit v1.2.3