218 lines
8.3 KiB
Plaintext
218 lines
8.3 KiB
Plaintext
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH "NAMED-CHECKZONE" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
named-checkzone \- zone file validity checking or converting tool
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBnamed\-checkzone\fP [\fB\-d\fP] [\fB\-h\fP] [\fB\-j\fP] [\fB\-q\fP] [\fB\-v\fP] [\fB\-c\fP class] [\fB\-f\fP format] [\fB\-F\fP format] [\fB\-J\fP filename] [\fB\-i\fP mode] [\fB\-k\fP mode] [\fB\-m\fP mode] [\fB\-M\fP mode] [\fB\-n\fP mode] [\fB\-l\fP ttl] [\fB\-L\fP serial] [\fB\-o\fP filename] [\fB\-r\fP mode] [\fB\-s\fP style] [\fB\-S\fP mode] [\fB\-t\fP directory] [\fB\-T\fP mode] [\fB\-w\fP directory] [\fB\-D\fP] [\fB\-W\fP mode] {zonename} {filename}
|
|
.sp
|
|
\fBnamed\-compilezone\fP [\fB\-d\fP] [\fB\-j\fP] [\fB\-q\fP] [\fB\-v\fP] [\fB\-c\fP class] [\fB\-C\fP mode] [\fB\-f\fP format] [\fB\-F\fP format] [\fB\-J\fP filename] [\fB\-i\fP mode] [\fB\-k\fP mode] [\fB\-m\fP mode] [\fB\-n\fP mode] [\fB\-l\fP ttl] [\fB\-L\fP serial] [\fB\-r\fP mode] [\fB\-s\fP style] [\fB\-t\fP directory] [\fB\-T\fP mode] [\fB\-w\fP directory] [\fB\-D\fP] [\fB\-W\fP mode] {\fB\-o\fP filename} {zonename} {filename}
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBnamed\-checkzone\fP checks the syntax and integrity of a zone file. It
|
|
performs the same checks as \fBnamed\fP does when loading a zone. This
|
|
makes \fBnamed\-checkzone\fP useful for checking zone files before
|
|
configuring them into a name server.
|
|
.sp
|
|
\fBnamed\-compilezone\fP is similar to \fBnamed\-checkzone\fP, but it always
|
|
dumps the zone contents to a specified file in a specified format.
|
|
Additionally, it applies stricter check levels by default, since the
|
|
dump output will be used as an actual zone file loaded by \fBnamed\fP\&.
|
|
When manually specified otherwise, the check levels must at least be as
|
|
strict as those specified in the \fBnamed\fP configuration file.
|
|
.SH OPTIONS
|
|
.INDENT 0.0
|
|
.TP
|
|
\fB\-d\fP
|
|
Enable debugging.
|
|
.TP
|
|
\fB\-h\fP
|
|
Print the usage summary and exit.
|
|
.TP
|
|
\fB\-q\fP
|
|
Quiet mode \- exit code only.
|
|
.TP
|
|
\fB\-v\fP
|
|
Print the version of the \fBnamed\-checkzone\fP program and exit.
|
|
.TP
|
|
\fB\-j\fP
|
|
When loading a zone file, read the journal if it exists. The journal
|
|
file name is assumed to be the zone file name appended with the
|
|
string \fB\&.jnl\fP\&.
|
|
.TP
|
|
\fB\-J\fP filename
|
|
When loading the zone file read the journal from the given file, if
|
|
it exists. (Implies \-j.)
|
|
.TP
|
|
\fB\-c\fP class
|
|
Specify the class of the zone. If not specified, "IN" is assumed.
|
|
.TP
|
|
\fB\-i\fP mode
|
|
Perform post\-load zone integrity checks. Possible modes are
|
|
\fB"full"\fP (default), \fB"full\-sibling"\fP, \fB"local"\fP,
|
|
\fB"local\-sibling"\fP and \fB"none"\fP\&.
|
|
.sp
|
|
Mode \fB"full"\fP checks that MX records refer to A or AAAA record
|
|
(both in\-zone and out\-of\-zone hostnames). Mode \fB"local"\fP only
|
|
checks MX records which refer to in\-zone hostnames.
|
|
.sp
|
|
Mode \fB"full"\fP checks that SRV records refer to A or AAAA record
|
|
(both in\-zone and out\-of\-zone hostnames). Mode \fB"local"\fP only
|
|
checks SRV records which refer to in\-zone hostnames.
|
|
.sp
|
|
Mode \fB"full"\fP checks that delegation NS records refer to A or AAAA
|
|
record (both in\-zone and out\-of\-zone hostnames). It also checks that
|
|
glue address records in the zone match those advertised by the child.
|
|
Mode \fB"local"\fP only checks NS records which refer to in\-zone
|
|
hostnames or that some required glue exists, that is when the
|
|
nameserver is in a child zone.
|
|
.sp
|
|
Mode \fB"full\-sibling"\fP and \fB"local\-sibling"\fP disable sibling glue
|
|
checks but are otherwise the same as \fB"full"\fP and \fB"local"\fP
|
|
respectively.
|
|
.sp
|
|
Mode \fB"none"\fP disables the checks.
|
|
.TP
|
|
\fB\-f\fP format
|
|
Specify the format of the zone file. Possible formats are \fB"text"\fP
|
|
(default), \fB"raw"\fP, and \fB"map"\fP\&.
|
|
.TP
|
|
\fB\-F\fP format
|
|
Specify the format of the output file specified. For
|
|
\fBnamed\-checkzone\fP, this does not cause any effects unless it dumps
|
|
the zone contents.
|
|
.sp
|
|
Possible formats are \fB"text"\fP (default), which is the standard
|
|
textual representation of the zone, and \fB"map"\fP, \fB"raw"\fP, and
|
|
\fB"raw=N"\fP, which store the zone in a binary format for rapid
|
|
loading by \fBnamed\fP\&. \fB"raw=N"\fP specifies the format version of the
|
|
raw zone file: if N is 0, the raw file can be read by any version of
|
|
\fBnamed\fP; if N is 1, the file can be read by release 9.9.0 or
|
|
higher; the default is 1.
|
|
.TP
|
|
\fB\-k\fP mode
|
|
Perform \fB"check\-names"\fP checks with the specified failure mode.
|
|
Possible modes are \fB"fail"\fP (default for \fBnamed\-compilezone\fP),
|
|
\fB"warn"\fP (default for \fBnamed\-checkzone\fP) and \fB"ignore"\fP\&.
|
|
.TP
|
|
\fB\-l\fP ttl
|
|
Sets a maximum permissible TTL for the input file. Any record with a
|
|
TTL higher than this value will cause the zone to be rejected. This
|
|
is similar to using the \fBmax\-zone\-ttl\fP option in \fBnamed.conf\fP\&.
|
|
.TP
|
|
\fB\-L\fP serial
|
|
When compiling a zone to "raw" or "map" format, set the "source
|
|
serial" value in the header to the specified serial number. (This is
|
|
expected to be used primarily for testing purposes.)
|
|
.TP
|
|
\fB\-m\fP mode
|
|
Specify whether MX records should be checked to see if they are
|
|
addresses. Possible modes are \fB"fail"\fP, \fB"warn"\fP (default) and
|
|
\fB"ignore"\fP\&.
|
|
.TP
|
|
\fB\-M\fP mode
|
|
Check if a MX record refers to a CNAME. Possible modes are
|
|
\fB"fail"\fP, \fB"warn"\fP (default) and \fB"ignore"\fP\&.
|
|
.TP
|
|
\fB\-n\fP mode
|
|
Specify whether NS records should be checked to see if they are
|
|
addresses. Possible modes are \fB"fail"\fP (default for
|
|
\fBnamed\-compilezone\fP), \fB"warn"\fP (default for \fBnamed\-checkzone\fP)
|
|
and \fB"ignore"\fP\&.
|
|
.TP
|
|
\fB\-o\fP filename
|
|
Write zone output to \fBfilename\fP\&. If \fBfilename\fP is \fB\-\fP then
|
|
write to standard out. This is mandatory for \fBnamed\-compilezone\fP\&.
|
|
.TP
|
|
\fB\-r\fP mode
|
|
Check for records that are treated as different by DNSSEC but are
|
|
semantically equal in plain DNS. Possible modes are \fB"fail"\fP,
|
|
\fB"warn"\fP (default) and \fB"ignore"\fP\&.
|
|
.TP
|
|
\fB\-s\fP style
|
|
Specify the style of the dumped zone file. Possible styles are
|
|
\fB"full"\fP (default) and \fB"relative"\fP\&. The full format is most
|
|
suitable for processing automatically by a separate script. On the
|
|
other hand, the relative format is more human\-readable and is thus
|
|
suitable for editing by hand. For \fBnamed\-checkzone\fP this does not
|
|
cause any effects unless it dumps the zone contents. It also does not
|
|
have any meaning if the output format is not text.
|
|
.TP
|
|
\fB\-S\fP mode
|
|
Check if a SRV record refers to a CNAME. Possible modes are
|
|
\fB"fail"\fP, \fB"warn"\fP (default) and \fB"ignore"\fP\&.
|
|
.TP
|
|
\fB\-t\fP directory
|
|
Chroot to \fBdirectory\fP so that include directives in the
|
|
configuration file are processed as if run by a similarly chrooted
|
|
\fBnamed\fP\&.
|
|
.TP
|
|
\fB\-T\fP mode
|
|
Check if Sender Policy Framework (SPF) records exist and issues a
|
|
warning if an SPF\-formatted TXT record is not also present. Possible
|
|
modes are \fB"warn"\fP (default), \fB"ignore"\fP\&.
|
|
.TP
|
|
\fB\-w\fP directory
|
|
chdir to \fBdirectory\fP so that relative filenames in master file
|
|
$INCLUDE directives work. This is similar to the directory clause in
|
|
\fBnamed.conf\fP\&.
|
|
.TP
|
|
\fB\-D\fP
|
|
Dump zone file in canonical format. This is always enabled for
|
|
\fBnamed\-compilezone\fP\&.
|
|
.TP
|
|
\fB\-W\fP mode
|
|
Specify whether to check for non\-terminal wildcards. Non\-terminal
|
|
wildcards are almost always the result of a failure to understand the
|
|
wildcard matching algorithm (\fI\%RFC 1034\fP). Possible modes are \fB"warn"\fP
|
|
(default) and \fB"ignore"\fP\&.
|
|
.TP
|
|
.B zonename
|
|
The domain name of the zone being checked.
|
|
.TP
|
|
.B filename
|
|
The name of the zone file.
|
|
.UNINDENT
|
|
.SH RETURN VALUES
|
|
.sp
|
|
\fBnamed\-checkzone\fP returns an exit status of 1 if errors were detected
|
|
and 0 otherwise.
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fI\%RFC 1035\fP, BIND 9 Administrator Reference
|
|
Manual.
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2020, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|