named-checkzone(8)



NAMED-CHECKZONE(8)                  BIND 9                  NAMED-CHECKZONE(8)

NAME
       named-checkzone - zone file validity checking or converting tool

SYNOPSIS
       named-checkzone  [-d]  [-h]  [-j]  [-q] [-v] [-c class] [-f format] [-F
       format] [-J filename] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode]
       [-l  ttl]  [-L serial] [-o filename] [-r mode] [-s style] [-S mode] [-t
       directory] [-T mode] [-w directory] [-D] [-W  mode]  {zonename}  {file-
       name}

       named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format]
       [-F format] [-J filename] [-i mode] [-k mode] [-m mode] [-n  mode]  [-l
       ttl]  [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w di-
       rectory] [-D] [-W mode] {-o filename} {zonename} {filename}

DESCRIPTION
       named-checkzone checks the syntax and integrity of a zone file. It per-
       forms  the  same  checks  as named does when loading a zone. This makes
       named-checkzone useful for checking zone files before configuring  them
       into a name server.

       named-compilezone  is  similar  to named-checkzone, but it always dumps
       the zone contents to a specified file in a specified format.  Addition-
       ally,  it applies stricter check levels by default, since the dump out-
       put will be used as an actual zone file loaded by named.  When manually
       specified  otherwise,  the  check  levels must at least be as strict as
       those specified in the named configuration file.

OPTIONS
       -d     Enable debugging.

       -h     Print the usage summary and exit.

       -q     Quiet mode - exit code only.

       -v     Print the version of the named-checkzone program and exit.

       -j     When loading a zone file, read the journal  if  it  exists.  The
              journal  file  name is assumed to be the zone file name appended
              with the string .jnl.

       -J filename
              When loading the zone file read the journal from the given file,
              if it exists. (Implies -j.)

       -c class
              Specify  the  class  of  the zone. If not specified, "IN" is as-
              sumed.

       -i mode
              Perform post-load zone  integrity  checks.  Possible  modes  are
              "full"  (default),  "full-sibling", "local", "local-sibling" and
              "none".

              Mode "full" checks that MX records refer to  A  or  AAAA  record
              (both  in-zone  and  out-of-zone  hostnames).  Mode "local" only
              checks MX records which refer to in-zone hostnames.

              Mode "full" checks that SRV records refer to A  or  AAAA  record
              (both  in-zone  and  out-of-zone  hostnames).  Mode "local" only
              checks SRV records which refer to in-zone hostnames.

              Mode "full" checks that delegation NS records refer to A or AAAA
              record  (both in-zone and out-of-zone hostnames). It also checks
              that glue address records in the zone match those advertised  by
              the  child.   Mode "local" only checks NS records which refer to
              in-zone hostnames or that some required  glue  exists,  that  is
              when the nameserver is in a child zone.

              Mode  "full-sibling"  and  "local-sibling"  disable sibling glue
              checks but are otherwise the same as "full" and "local"  respec-
              tively.

              Mode "none" disables the checks.

       -f format
              Specify the format of the zone file. Possible formats are "text"
              (default), "raw", and "map".

       -F format
              Specify  the  format  of  the   output   file   specified.   For
              named-checkzone, this does not cause any effects unless it dumps
              the zone contents.

              Possible formats are "text" (default),  which  is  the  standard
              textual  representation  of  the  zone,  and  "map",  "raw", and
              "raw=N", which store the zone in a binary format for rapid load-
              ing  by  named.  "raw=N" specifies the format version of the raw
              zone file: if N is 0, the raw file can be read by any version of
              named;  if  N  is  1,  the  file can be read by release 9.9.0 or
              higher; the default is 1.

       -k mode
              Perform "check-names" checks with the  specified  failure  mode.
              Possible  modes  are  "fail"  (default  for  named-compilezone),
              "warn" (default for named-checkzone) and "ignore".

       -l ttl Sets a maximum permissible TTL for the input  file.  Any  record
              with  a TTL higher than this value will cause the zone to be re-
              jected. This is similar to  using  the  max-zone-ttl  option  in
              named.conf.

       -L serial
              When  compiling a zone to "raw" or "map" format, set the "source
              serial" value in the header  to  the  specified  serial  number.
              (This is expected to be used primarily for testing purposes.)

       -m mode
              Specify  whether MX records should be checked to see if they are
              addresses. Possible modes are "fail", "warn" (default) and  "ig-
              nore".

       -M mode
              Check  if  a  MX  record  refers  to a CNAME. Possible modes are
              "fail", "warn" (default) and "ignore".

       -n mode
              Specify whether NS records should be checked to see if they  are
              addresses. Possible modes are "fail" (default for named-compile-
              zone), "warn" (default for named-checkzone) and "ignore".

       -o filename
              Write zone output to filename. If filename is -  then  write  to
              standard out. This is mandatory for named-compilezone.

       -r mode
              Check  for  records  that are treated as different by DNSSEC but
              are semantically equal in plain DNS. Possible modes are  "fail",
              "warn" (default) and "ignore".

       -s style
              Specify  the  style of the dumped zone file. Possible styles are
              "full" (default) and "relative". The full format is  most  suit-
              able  for  processing automatically by a separate script. On the
              other hand, the relative format is more  human-readable  and  is
              thus suitable for editing by hand. For named-checkzone this does
              not cause any effects unless it dumps the zone contents. It also
              does not have any meaning if the output format is not text.

       -S mode
              Check  if  a  SRV  record  refers to a CNAME. Possible modes are
              "fail", "warn" (default) and "ignore".

       -t directory
              Chroot to directory so that include directives in the configura-
              tion file are processed as if run by a similarly chrooted named.

       -T mode
              Check  if Sender Policy Framework (SPF) records exist and issues
              a warning if an SPF-formatted TXT record is  not  also  present.
              Possible modes are "warn" (default), "ignore".

       -w directory
              chdir  to  directory  so  that relative filenames in master file
              $INCLUDE directives work.  This  is  similar  to  the  directory
              clause in named.conf.

       -D     Dump  zone  file in canonical format. This is always enabled for
              named-compilezone.

       -W mode
              Specify whether to check for non-terminal wildcards.  Non-termi-
              nal  wildcards  are almost always the result of a failure to un-
              derstand the wildcard matching algorithm  (RFC  1034).  Possible
              modes are "warn" (default) and "ignore".

       zonename
              The domain name of the zone being checked.

       filename
              The name of the zone file.

RETURN VALUES
       named-checkzone returns an exit status of 1 if errors were detected and
       0 otherwise.

SEE ALSO
       named(8), named-checkconf(8), RFC 1035, BIND 9 Administrator  Reference
       Manual.

AUTHOR
       Internet Systems Consortium

COPYRIGHT
       2020, Internet Systems Consortium

9.16.8-Debian                     2020-10-13                NAMED-CHECKZONE(8)

Man(1) output converted with man2html
list of all man pages