diff options
Diffstat (limited to 'doc/man/named-checkzone.1in')
-rw-r--r-- | doc/man/named-checkzone.1in | 256 |
1 files changed, 256 insertions, 0 deletions
diff --git a/doc/man/named-checkzone.1in b/doc/man/named-checkzone.1in new file mode 100644 index 0000000..b2f50d1 --- /dev/null +++ b/doc/man/named-checkzone.1in @@ -0,0 +1,256 @@ +.\" Man page generated from reStructuredText. +. +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.TH "NAMED-CHECKZONE" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9" +.SH NAME +named-checkzone \- zone file validity checking or converting tool +.SH SYNOPSIS +.sp +\fBnamed\-checkzone\fP [\fB\-d\fP] [\fB\-h\fP] [\fB\-j\fP] [\fB\-q\fP] [\fB\-v\fP] [\fB\-c\fP class] [\fB\-f\fP format] [\fB\-F\fP format] [\fB\-J\fP filename] [\fB\-i\fP mode] [\fB\-k\fP mode] [\fB\-m\fP mode] [\fB\-M\fP mode] [\fB\-n\fP mode] [\fB\-l\fP ttl] [\fB\-L\fP serial] [\fB\-o\fP filename] [\fB\-r\fP mode] [\fB\-s\fP style] [\fB\-S\fP mode] [\fB\-t\fP directory] [\fB\-T\fP mode] [\fB\-w\fP directory] [\fB\-D\fP] [\fB\-W\fP mode] {zonename} {filename} +.SH DESCRIPTION +.sp +\fBnamed\-checkzone\fP checks the syntax and integrity of a zone file. It +performs the same checks as \fI\%named\fP does when loading a zone. This +makes \fBnamed\-checkzone\fP useful for checking zone files before +configuring them into a name server. +.SH OPTIONS +.INDENT 0.0 +.TP +.B \-d +This option enables debugging. +.UNINDENT +.INDENT 0.0 +.TP +.B \-h +This option prints the usage summary and exits. +.UNINDENT +.INDENT 0.0 +.TP +.B \-q +This option sets quiet mode, which only sets an exit code to indicate +successful or failed completion. +.UNINDENT +.INDENT 0.0 +.TP +.B \-v +This option prints the version of the \fBnamed\-checkzone\fP program and exits. +.UNINDENT +.INDENT 0.0 +.TP +.B \-j +When loading a zone file, this option tells \fI\%named\fP to read the journal if it exists. The journal +file name is assumed to be the zone file name with the +string \fB\&.jnl\fP appended. +.UNINDENT +.INDENT 0.0 +.TP +.B \-J filename +When loading the zone file, this option tells \fI\%named\fP to read the journal from the given file, if +it exists. This implies \fI\%\-j\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-c class +This option specifies the class of the zone. If not specified, \fBIN\fP is assumed. +.UNINDENT +.INDENT 0.0 +.TP +.B \-i mode +This option performs post\-load zone integrity checks. Possible modes are +\fBfull\fP (the default), \fBfull\-sibling\fP, \fBlocal\fP, +\fBlocal\-sibling\fP, and \fBnone\fP\&. +.sp +Mode \fBfull\fP checks that MX records refer to A or AAAA records +(both in\-zone and out\-of\-zone hostnames). Mode \fBlocal\fP only +checks MX records which refer to in\-zone hostnames. +.sp +Mode \fBfull\fP checks that SRV records refer to A or AAAA records +(both in\-zone and out\-of\-zone hostnames). Mode \fBlocal\fP only +checks SRV records which refer to in\-zone hostnames. +.sp +Mode \fBfull\fP checks that delegation NS records refer to A or AAAA +records (both in\-zone and out\-of\-zone hostnames). It also checks that +glue address records in the zone match those advertised by the child. +Mode \fBlocal\fP only checks NS records which refer to in\-zone +hostnames or verifies that some required glue exists, i.e., when the +name server is in a child zone. +.sp +Modes \fBfull\-sibling\fP and \fBlocal\-sibling\fP disable sibling glue +checks, but are otherwise the same as \fBfull\fP and \fBlocal\fP, +respectively. +.sp +Mode \fBnone\fP disables the checks. +.UNINDENT +.INDENT 0.0 +.TP +.B \-f format +This option specifies the format of the zone file. Possible formats are +\fBtext\fP (the default), and \fBraw\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-F format +This option specifies the format of the output file specified. For +\fBnamed\-checkzone\fP, this does not have any effect unless it dumps +the zone contents. +.sp +Possible formats are \fBtext\fP (the default), which is the standard +textual representation of the zone, and \fBraw\fP and \fBraw=N\fP, which +store the zone in a binary format for rapid loading by \fI\%named\fP\&. +\fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is +0, the raw file can be read by any version of \fI\%named\fP; if N is 1, the +file can only be read by release 9.9.0 or higher. The default is 1. +.UNINDENT +.INDENT 0.0 +.TP +.B \-k mode +This option performs \fBcheck\-names\fP checks with the specified failure mode. +Possible modes are \fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-l ttl +This option sets a maximum permissible TTL for the input file. Any record with a +TTL higher than this value causes the zone to be rejected. This +is similar to using the \fBmax\-zone\-ttl\fP option in \fI\%named.conf\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-L serial +When compiling a zone to \fBraw\fP format, this option sets the \(dqsource +serial\(dq value in the header to the specified serial number. This is +expected to be used primarily for testing purposes. +.UNINDENT +.INDENT 0.0 +.TP +.B \-m mode +This option specifies whether MX records should be checked to see if they are +addresses. Possible modes are \fBfail\fP, \fBwarn\fP (the default), and +\fBignore\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-M mode +This option checks whether a MX record refers to a CNAME. Possible modes are +\fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-n mode +This option specifies whether NS records should be checked to see if they are +addresses. Possible modes are \fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-o filename +This option writes the zone output to \fBfilename\fP\&. If \fBfilename\fP is \fB\-\fP, then +the zone output is written to standard output. +.UNINDENT +.INDENT 0.0 +.TP +.B \-r mode +This option checks for records that are treated as different by DNSSEC but are +semantically equal in plain DNS. Possible modes are \fBfail\fP, +\fBwarn\fP (the default), and \fBignore\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-s style +This option specifies the style of the dumped zone file. Possible styles are +\fBfull\fP (the default) and \fBrelative\fP\&. The \fBfull\fP format is most +suitable for processing automatically by a separate script. +The relative format is more human\-readable and is thus +suitable for editing by hand. This does not have any effect unless it dumps +the zone contents. It also does not have any meaning if the output format +is not text. +.UNINDENT +.INDENT 0.0 +.TP +.B \-S mode +This option checks whether an SRV record refers to a CNAME. Possible modes are +\fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-t directory +This option tells \fI\%named\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the +configuration file are processed as if run by a similarly chrooted +\fI\%named\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-T mode +This option checks whether Sender Policy Framework (SPF) records exist and issues a +warning if an SPF\-formatted TXT record is not also present. Possible +modes are \fBwarn\fP (the default) and \fBignore\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-w directory +This option instructs \fI\%named\fP to chdir to \fBdirectory\fP, so that relative filenames in master file +\fB$INCLUDE\fP directives work. This is similar to the directory clause in +\fI\%named.conf\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B \-D +This option dumps the zone file in canonical format. +.UNINDENT +.INDENT 0.0 +.TP +.B \-W mode +This option specifies whether to check for non\-terminal wildcards. Non\-terminal +wildcards are almost always the result of a failure to understand the +wildcard matching algorithm (\fI\%RFC 4592\fP). Possible modes are \fBwarn\fP +(the default) and \fBignore\fP\&. +.UNINDENT +.INDENT 0.0 +.TP +.B zonename +This indicates the domain name of the zone being checked. +.UNINDENT +.INDENT 0.0 +.TP +.B filename +This is the name of the zone file. +.UNINDENT +.SH RETURN VALUES +.sp +\fBnamed\-checkzone\fP returns an exit status of 1 if errors were detected +and 0 otherwise. +.SH SEE ALSO +.sp +\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-compilezone(8)\fP, \fI\%RFC 1035\fP, BIND 9 Administrator Reference +Manual. +.SH AUTHOR +Internet Systems Consortium +.SH COPYRIGHT +2023, Internet Systems Consortium +.\" Generated by docutils manpage writer. +. |