xref: /netbsd-src/external/mpl/bind/dist/bin/check/named-checkzone.rst (revision 867d70fc718005c0918b8b8b2f9d7f2d52d0a0db) 
1.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
2..
3.. SPDX-License-Identifier: MPL-2.0
4..
5.. This Source Code Form is subject to the terms of the Mozilla Public
6.. License, v. 2.0.  If a copy of the MPL was not distributed with this
7.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
8..
9.. See the COPYRIGHT file distributed with this work for additional
10.. information regarding copyright ownership.
11
12.. highlight: console
13
14.. BEWARE: Do not forget to edit also named-compilezone.rst!
15
16.. _man_named-checkzone:
17
18named-checkzone - zone file validation tool
19-------------------------------------------
20
21Synopsis
22~~~~~~~~
23
24:program:`named-checkzone` [**-d**] [**-h**] [**-j**] [**-q**] [**-v**] [**-c** class] [**-f** format] [**-F** format] [**-J** filename] [**-i** mode] [**-k** mode] [**-m** mode] [**-M** mode] [**-n** mode] [**-l** ttl] [**-L** serial] [**-o** filename] [**-r** mode] [**-s** style] [**-S** mode] [**-t** directory] [**-T** mode] [**-w** directory] [**-D**] [**-W** mode] {zonename} {filename}
25
26Description
27~~~~~~~~~~~
28
29``named-checkzone`` checks the syntax and integrity of a zone file. It
30performs the same checks as ``named`` does when loading a zone. This
31makes ``named-checkzone`` useful for checking zone files before
32configuring them into a name server.
33
34Options
35~~~~~~~
36
37``-d``
38   This option enables debugging.
39
40``-h``
41   This option prints the usage summary and exits.
42
43``-q``
44   This option sets quiet mode, which only sets an exit code to indicate
45   successful or failed completion.
46
47``-v``
48   This option prints the version of the ``named-checkzone`` program and exits.
49
50``-j``
51   When loading a zone file, this option tells ``named`` to read the journal if it exists. The journal
52   file name is assumed to be the zone file name with the
53   string ``.jnl`` appended.
54
55``-J filename``
56   When loading the zone file, this option tells ``named`` to read the journal from the given file, if
57   it exists. This implies ``-j``.
58
59``-c class``
60   This option specifies the class of the zone. If not specified, ``IN`` is assumed.
61
62``-i mode``
63   This option performs post-load zone integrity checks. Possible modes are
64   ``full`` (the default), ``full-sibling``, ``local``,
65   ``local-sibling``, and ``none``.
66
67   Mode ``full`` checks that MX records refer to A or AAAA records
68   (both in-zone and out-of-zone hostnames). Mode ``local`` only
69   checks MX records which refer to in-zone hostnames.
70
71   Mode ``full`` checks that SRV records refer to A or AAAA records
72   (both in-zone and out-of-zone hostnames). Mode ``local`` only
73   checks SRV records which refer to in-zone hostnames.
74
75   Mode ``full`` checks that delegation NS records refer to A or AAAA
76   records (both in-zone and out-of-zone hostnames). It also checks that
77   glue address records in the zone match those advertised by the child.
78   Mode ``local`` only checks NS records which refer to in-zone
79   hostnames or verifies that some required glue exists, i.e., when the
80   name server is in a child zone.
81
82   Modes ``full-sibling`` and ``local-sibling`` disable sibling glue
83   checks, but are otherwise the same as ``full`` and ``local``,
84   respectively.
85
86   Mode ``none`` disables the checks.
87
88``-f format``
89   This option specifies the format of the zone file. Possible formats are
90   ``text`` (the default), ``raw``, and ``map``.
91
92``-F format``
93   This option specifies the format of the output file specified. For
94   ``named-checkzone``, this does not have any effect unless it dumps
95   the zone contents.
96
97   Possible formats are ``text`` (the default), which is the standard
98   textual representation of the zone, and ``map``, ``raw``, and ``raw=N``, which
99   store the zone in a binary format for rapid loading by ``named``.
100   ``raw=N`` specifies the format version of the raw zone file: if ``N`` is
101   0, the raw file can be read by any version of ``named``; if N is 1, the
102   file can only be read by release 9.9.0 or higher. The default is 1.
103
104``-k mode``
105   This option performs ``check-names`` checks with the specified failure mode.
106   Possible modes are ``fail``, ``warn`` (the default), and ``ignore``.
107
108``-l ttl``
109   This option sets a maximum permissible TTL for the input file. Any record with a
110   TTL higher than this value causes the zone to be rejected. This
111   is similar to using the ``max-zone-ttl`` option in ``named.conf``.
112
113``-L serial``
114   When compiling a zone to ``raw`` or ``map`` format, this option sets the "source
115   serial" value in the header to the specified serial number. This is
116   expected to be used primarily for testing purposes.
117
118``-m mode``
119   This option specifies whether MX records should be checked to see if they are
120   addresses. Possible modes are ``fail``, ``warn`` (the default), and
121   ``ignore``.
122
123``-M mode``
124   This option checks whether a MX record refers to a CNAME. Possible modes are
125   ``fail``, ``warn`` (the default), and ``ignore``.
126
127``-n mode``
128   This option specifies whether NS records should be checked to see if they are
129   addresses. Possible modes are ``fail``, ``warn`` (the default), and ``ignore``.
130
131``-o filename``
132   This option writes the zone output to ``filename``. If ``filename`` is ``-``, then
133   the zone output is written to standard output.
134
135``-r mode``
136   This option checks for records that are treated as different by DNSSEC but are
137   semantically equal in plain DNS. Possible modes are ``fail``,
138   ``warn`` (the default), and ``ignore``.
139
140``-s style``
141   This option specifies the style of the dumped zone file. Possible styles are
142   ``full`` (the default) and ``relative``. The ``full`` format is most
143   suitable for processing automatically by a separate script.
144   The relative format is more human-readable and is thus
145   suitable for editing by hand. This does not have any effect unless it dumps
146   the zone contents. It also does not have any meaning if the output format
147   is not text.
148
149``-S mode``
150   This option checks whether an SRV record refers to a CNAME. Possible modes are
151   ``fail``, ``warn`` (the default), and ``ignore``.
152
153``-t directory``
154   This option tells ``named`` to chroot to ``directory``, so that ``include`` directives in the
155   configuration file are processed as if run by a similarly chrooted
156   ``named``.
157
158``-T mode``
159   This option checks whether Sender Policy Framework (SPF) records exist and issues a
160   warning if an SPF-formatted TXT record is not also present. Possible
161   modes are ``warn`` (the default) and ``ignore``.
162
163``-w directory``
164   This option instructs ``named`` to chdir to ``directory``, so that relative filenames in master file
165   ``$INCLUDE`` directives work. This is similar to the directory clause in
166   ``named.conf``.
167
168``-D``
169   This option dumps the zone file in canonical format.
170
171``-W mode``
172   This option specifies whether to check for non-terminal wildcards. Non-terminal
173   wildcards are almost always the result of a failure to understand the
174   wildcard matching algorithm (:rfc:`4592`). Possible modes are ``warn``
175   (the default) and ``ignore``.
176
177``zonename``
178   This indicates the domain name of the zone being checked.
179
180``filename``
181   This is the name of the zone file.
182
183Return Values
184~~~~~~~~~~~~~
185
186``named-checkzone`` returns an exit status of 1 if errors were detected
187and 0 otherwise.
188
189See Also
190~~~~~~~~
191
192:manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`named-compilezone(8)`,
193:rfc:`1035`, BIND 9 Administrator Reference Manual.
194