970N/A - Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC") 970N/A - This Source Code Form is subject to the terms of the Mozilla Public 1261N/A - License, v. 2.0. If a copy of the MPL was not distributed with this 970N/A<!-- Converted by db4-upgrade version 1.0 --> 970N/A <
date>2014-02-19</
date>
970N/A <
corpname>ISC</
corpname>
970N/A <
corpauthor>Internet Systems Consortium, Inc.</
corpauthor>
970N/A <
refentrytitle><
application>named-checkzone</
application></
refentrytitle>
970N/A <
manvolnum>8</
manvolnum>
970N/A <
refmiscinfo>BIND9</
refmiscinfo>
970N/A <
holder>Internet Systems Consortium, Inc. ("ISC")</
holder>
970N/A <
holder>Internet Software Consortium.</
holder>
970N/A <
refname><
application>named-checkzone</
application></
refname>
970N/A <
refname><
application>named-compilezone</
application></
refname>
970N/A <
refpurpose>zone file validity checking or converting tool</
refpurpose>
970N/A <
cmdsynopsis sepchar=" ">
970N/A <
command>named-checkzone</
command>
970N/A <
arg choice="opt" rep="norepeat"><
option>-d</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-h</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-j</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-q</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-v</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-c <
replaceable class="parameter">class</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-f <
replaceable class="parameter">format</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-F <
replaceable class="parameter">format</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-J <
replaceable class="parameter">filename</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-i <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-k <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-m <
replaceable class="parameter">mode</
replaceable></
option></
arg>
1130N/A <
arg choice="opt" rep="norepeat"><
option>-M <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-n <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-l <
replaceable class="parameter">ttl</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-L <
replaceable class="parameter">serial</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-o <
replaceable class="parameter">filename</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-r <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-s <
replaceable class="parameter">style</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-S <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-t <
replaceable class="parameter">directory</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-T <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-w <
replaceable class="parameter">directory</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-D</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-W <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="req" rep="norepeat">zonename</
arg>
970N/A <
arg choice="req" rep="norepeat">filename</
arg>
970N/A <
cmdsynopsis sepchar=" ">
970N/A <
command>named-compilezone</
command>
970N/A <
arg choice="opt" rep="norepeat"><
option>-d</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-j</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-q</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-v</
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-c <
replaceable class="parameter">class</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-C <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-f <
replaceable class="parameter">format</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-F <
replaceable class="parameter">format</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-J <
replaceable class="parameter">filename</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-i <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-k <
replaceable class="parameter">mode</
replaceable></
option></
arg>
1105N/A <
arg choice="opt" rep="norepeat"><
option>-m <
replaceable class="parameter">mode</
replaceable></
option></
arg>
1105N/A <
arg choice="opt" rep="norepeat"><
option>-n <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-l <
replaceable class="parameter">ttl</
replaceable></
option></
arg>
1105N/A <
arg choice="opt" rep="norepeat"><
option>-L <
replaceable class="parameter">serial</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-r <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-s <
replaceable class="parameter">style</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-t <
replaceable class="parameter">directory</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-T <
replaceable class="parameter">mode</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-w <
replaceable class="parameter">directory</
replaceable></
option></
arg>
970N/A <
arg choice="opt" rep="norepeat"><
option>-D</
option></
arg>
1154N/A <
arg choice="opt" rep="norepeat"><
option>-W <
replaceable class="parameter">mode</
replaceable></
option></
arg>
1152N/A <
arg choice="req" rep="norepeat"><
option>-o <
replaceable class="parameter">filename</
replaceable></
option></
arg>
970N/A <
arg choice="req" rep="norepeat">zonename</
arg>
1172N/A <
arg choice="req" rep="norepeat">filename</
arg>
1105N/A <
refsection><
info><
title>DESCRIPTION</
title></
info>
970N/A <
para><
command>named-checkzone</
command>
1105N/A checks the syntax and integrity of a zone file. It performs the
970N/A same checks as <
command>named</
command> does when loading a
970N/A zone. This makes <
command>named-checkzone</
command> useful for
1120N/A checking zone files before configuring them into a name server.
970N/A <
command>named-compilezone</
command> is similar to
1172N/A <
command>named-checkzone</
command>, but it always dumps the
1172N/A zone contents to a specified file in a specified format.
970N/A Additionally, it applies stricter check levels by default,
1172N/A since the dump output will be used as an actual zone file
1172N/A loaded by <
command>named</
command>.
1172N/A When manually specified otherwise, the check levels must at
1153N/A least be as strict as those specified in the
970N/A <
command>named</
command> configuration file.
1105N/A <
refsection><
info><
title>OPTIONS</
title></
info>
970N/A Print the usage summary and exit.
970N/A Quiet mode - exit code only.
970N/A Print the version of the <
command>named-checkzone</
command>
1132N/A When loading a zone file, read the journal if it exists.
970N/A The journal file name is assumed to be the zone file name
970N/A appended with the string <
filename>.jnl</
filename>.
970N/A <
term>-J <
replaceable class="parameter">filename</
replaceable></
term>
1132N/A When loading the zone file read the journal from the given
1132N/A file, if it exists. (Implies -j.)
1132N/A <
term>-c <
replaceable class="parameter">class</
replaceable></
term>
1132N/A Specify the class of the zone. If not specified, "IN" is assumed.
1153N/A <
term>-i <
replaceable class="parameter">mode</
replaceable></
term>
970N/A Perform post-load zone integrity checks. Possible modes are
1003N/A <
command>"full"</
command> (default),
1003N/A <
command>"full-sibling"</
command>,
1153N/A <
command>"local"</
command>,
970N/A <
command>"local-sibling"</
command> and
970N/A <
command>"none"</
command>.
1172N/A Mode <
command>"full"</
command> checks that MX records
970N/A refer to A or AAAA record (both in-zone and out-of-zone
1172N/A hostnames). Mode <
command>"local"</
command> only
1154N/A checks MX records which refer to in-zone hostnames.
970N/A Mode <
command>"full"</
command> checks that SRV records
970N/A refer to A or AAAA record (both in-zone and out-of-zone
970N/A hostnames). Mode <
command>"local"</
command> only
970N/A checks SRV records which refer to in-zone hostnames.
1105N/A Mode <
command>"full"</
command> checks that delegation NS
1105N/A records refer to A or AAAA record (both in-zone and out-of-zone
970N/A hostnames). It also checks that glue address records
1105N/A in the zone match those advertised by the child.
1105N/A Mode <
command>"local"</
command> only checks NS records which
1153N/A refer to in-zone hostnames or that some required glue exists,
1153N/A that is when the nameserver is in a child zone.
1153N/A Mode <
command>"full-sibling"</
command> and
1153N/A <
command>"local-sibling"</
command> disable sibling glue
1153N/A checks but are otherwise the same as <
command>"full"</
command>
970N/A and <
command>"local"</
command> respectively.
1261N/A Mode <
command>"none"</
command> disables the checks.
1261N/A <
term>-f <
replaceable class="parameter">format</
replaceable></
term>
1152N/A Specify the format of the zone file.
970N/A Possible formats are <
command>"text"</
command> (default),
970N/A <
command>"raw"</
command>, and <
command>"map"</
command>.
970N/A <
term>-F <
replaceable class="parameter">format</
replaceable></
term>
970N/A Specify the format of the output file specified.
970N/A For <
command>named-checkzone</
command>,
970N/A this does not cause any effects unless it dumps the zone
970N/A Possible formats are <
command>"text"</
command> (default),
1153N/A which is the standard textual representation of the zone,
970N/A and <
command>"map"</
command>, <
command>"raw"</
command>,
970N/A and <
command>"raw=N"</
command>, which store the zone in a
970N/A binary format for rapid loading by <
command>named</
command>.
970N/A <
command>"raw=N"</
command> specifies the format version of
970N/A the raw zone file: if N is 0, the raw file can be read by
970N/A any version of <
command>named</
command>; if N is 1, the file
1152N/A can be read by release 9.9.0 or higher; the default is 1.
1261N/A <
term>-k <
replaceable class="parameter">mode</
replaceable></
term>
1261N/A Perform <
command>"check-names"</
command> checks with the
970N/A specified failure mode.
970N/A Possible modes are <
command>"fail"</
command>
970N/A (default for <
command>named-compilezone</
command>),
970N/A <
command>"warn"</
command>
970N/A (default for <
command>named-checkzone</
command>) and
1046N/A <
command>"ignore"</
command>.
1261N/A <
term>-l <
replaceable class="parameter">ttl</
replaceable></
term>
1261N/A Sets a maximum permissible TTL for the input file.
1261N/A Any record with a TTL higher than this value will cause
1261N/A the zone to be rejected. This is similar to using the
1261N/A <
command>max-zone-ttl</
command> option in
1152N/A <
term>-L <
replaceable class="parameter">serial</
replaceable></
term>
970N/A When compiling a zone to "raw" or "map" format, set the
970N/A "source serial" value in the header to the specified serial
1261N/A number. (This is expected to be used primarily for testing
1152N/A <
term>-m <
replaceable class="parameter">mode</
replaceable></
term>
1152N/A Specify whether MX records should be checked to see if they
1152N/A are addresses. Possible modes are <
command>"fail"</
command>,
1152N/A <
command>"warn"</
command> (default) and
1152N/A <
command>"ignore"</
command>.
1153N/A <
term>-M <
replaceable class="parameter">mode</
replaceable></
term>
1152N/A Check if a MX record refers to a CNAME.
1152N/A Possible modes are <
command>"fail"</
command>,
1153N/A <
command>"warn"</
command> (default) and
1152N/A <
command>"ignore"</
command>.
1153N/A <
term>-n <
replaceable class="parameter">mode</
replaceable></
term>
1153N/A Specify whether NS records should be checked to see if they
1153N/A Possible modes are <
command>"fail"</
command>
1153N/A (default for <
command>named-compilezone</
command>),
1130N/A (default for <
command>named-checkzone</
command>) and
1130N/A <
command>"ignore"</
command>.
1130N/A <
term>-o <
replaceable class="parameter">filename</
replaceable></
term>
1130N/A Write zone output to <
filename>filename</
filename>.
1130N/A If <
filename>filename</
filename> is <
filename>-</
filename> then
1130N/A This is mandatory for <
command>named-compilezone</
command>.
1130N/A <
term>-r <
replaceable class="parameter">mode</
replaceable></
term>
1172N/A Check for records that are treated as different by DNSSEC but
1130N/A are semantically equal in plain DNS.
1130N/A Possible modes are <
command>"fail"</
command>,
1130N/A <
command>"warn"</
command> (default) and
1130N/A <
command>"ignore"</
command>.
970N/A <
term>-s <
replaceable class="parameter">style</
replaceable></
term>
970N/A Specify the style of the dumped zone file.
970N/A Possible styles are <
command>"full"</
command> (default)
970N/A and <
command>"relative"</
command>.
970N/A The full format is most suitable for processing
1139N/A automatically by a separate script.
1139N/A On the other hand, the relative format is more
970N/A human-readable and is thus suitable for editing by hand.
970N/A For <
command>named-checkzone</
command>
970N/A this does not cause any effects unless it dumps the zone
970N/A It also does not have any meaning if the output format
970N/A <
term>-S <
replaceable class="parameter">mode</
replaceable></
term>
970N/A Check if a SRV record refers to a CNAME.
1132N/A Possible modes are <
command>"fail"</
command>,
970N/A <
command>"warn"</
command> (default) and
970N/A <
command>"ignore"</
command>.
970N/A <
term>-t <
replaceable class="parameter">directory</
replaceable></
term>
970N/A Chroot to <
filename>directory</
filename> so that
970N/A directives in the configuration file are processed as if
1130N/A run by a similarly chrooted <
command>named</
command>.
1130N/A <
term>-T <
replaceable class="parameter">mode</
replaceable></
term>
1130N/A Check if Sender Policy Framework (SPF) records exist
1130N/A and issues a warning if an SPF-formatted TXT record is
1130N/A not also present. Possible modes are <
command>"warn"</
command>
1130N/A (default), <
command>"ignore"</
command>.
1130N/A <
term>-w <
replaceable class="parameter">directory</
replaceable></
term>
970N/A chdir to <
filename>directory</
filename> so that
970N/A filenames in master file $INCLUDE directives work. This
970N/A is similar to the directory clause in
970N/A Dump zone file in canonical format.
970N/A This is always enabled for <
command>named-compilezone</
command>.
970N/A <
term>-W <
replaceable class="parameter">mode</
replaceable></
term>
970N/A Specify whether to check for non-terminal wildcards.
970N/A Non-terminal wildcards are almost always the result of a
970N/A failure to understand the wildcard matching algorithm (RFC 1034).
970N/A Possible modes are <
command>"warn"</
command> (default)
1207N/A <
command>"ignore"</
command>.
970N/A The domain name of the zone being checked.
The name of the zone file.
<
refsection><
info><
title>RETURN VALUES</
title></
info>
<
para><
command>named-checkzone</
command>
returns an exit status of 1 if
errors were detected and 0 otherwise.
<
refsection><
info><
title>SEE ALSO</
title></
info>
<
refentrytitle>named</
refentrytitle><
manvolnum>8</
manvolnum>
<
refentrytitle>named-checkconf</
refentrytitle><
manvolnum>8</
manvolnum>
<
citetitle>RFC 1035</
citetitle>,
<
citetitle>BIND 9 Administrator Reference Manual</
citetitle>.