Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
NAMED-CHECKZONE(8)		    BIND 9		    NAMED-CHECKZONE(8)

NAME
       named-checkzone - zone file validity checking or	converting tool

SYNOPSIS
       named-checkzone	[-d]  [-h]  [-j]  [-q] [-v] [-c	class] [-f format] [-F
       format] [-J filename] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode]
       [-l  ttl]  [-L serial] [-o filename] [-r	mode] [-s style] [-S mode] [-t
       directory] [-T mode] [-w	directory] [-D]	[-W  mode]  {zonename}	{file-
       name}

       named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format]
       [-F format] [-J filename] [-i mode] [-k mode] [-m mode] [-n  mode]  [-l
       ttl]  [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w di-
       rectory]	[-D] [-W mode] {-o filename} {zonename}	{filename}

DESCRIPTION
       named-checkzone checks the syntax and integrity of a zone file. It per-
       forms  the  same	 checks	 as named does when loading a zone. This makes
       named-checkzone useful for checking zone	files before configuring  them
       into a name server.

       named-compilezone  is  similar  to named-checkzone, but it always dumps
       the zone	contents to a specified	file in	a specified format.  Addition-
       ally,  it applies stricter check	levels by default, since the dump out-
       put will	be used	as an actual zone file loaded by named.	 When manually
       specified  otherwise,  the  check  levels must at least be as strict as
       those specified in the named configuration file.

OPTIONS
       -d     Enable debugging.

       -h     Print the	usage summary and exit.

       -q     Quiet mode - exit	code only.

       -v     Print the	version	of the named-checkzone program and exit.

       -j     When loading a zone file,	read the journal  if  it  exists.  The
	      journal  file  name is assumed to	be the zone file name appended
	      with the string .jnl.

       -J filename
	      When loading the zone file read the journal from the given file,
	      if it exists. (Implies -j.)

       -c class
	      Specify  the  class  of  the zone. If not	specified, "IN"	is as-
	      sumed.

       -i mode
	      Perform post-load	zone  integrity	 checks.  Possible  modes  are
	      "full"  (default),  "full-sibling", "local", "local-sibling" and
	      "none".

	      Mode "full" checks that MX records refer to  A  or  AAAA	record
	      (both  in-zone  and  out-of-zone	hostnames).  Mode "local" only
	      checks MX	records	which refer to in-zone hostnames.

	      Mode "full" checks that SRV records refer	to A  or  AAAA	record
	      (both  in-zone  and  out-of-zone	hostnames).  Mode "local" only
	      checks SRV records which refer to	in-zone	hostnames.

	      Mode "full" checks that delegation NS records refer to A or AAAA
	      record  (both in-zone and	out-of-zone hostnames).	It also	checks
	      that glue	address	records	in the zone match those	advertised  by
	      the  child.   Mode "local" only checks NS	records	which refer to
	      in-zone hostnames	or that	some required  glue  exists,  that  is
	      when the nameserver is in	a child	zone.

	      Mode  "full-sibling"  and	 "local-sibling"  disable sibling glue
	      checks but are otherwise the same	as "full" and "local"  respec-
	      tively.

	      Mode "none" disables the checks.

       -f format
	      Specify the format of the	zone file. Possible formats are	"text"
	      (default), "raw",	and "map".

       -F format
	      Specify  the  format  of	the   output   file   specified.   For
	      named-checkzone, this does not cause any effects unless it dumps
	      the zone contents.

	      Possible formats are "text" (default),  which  is	 the  standard
	      textual  representation  of  the	zone,  and  "map",  "raw", and
	      "raw=N", which store the zone in a binary	format for rapid load-
	      ing  by  named.  "raw=N" specifies the format version of the raw
	      zone file: if N is 0, the	raw file can be	read by	any version of
	      named;  if  N  is	 1,  the  file can be read by release 9.9.0 or
	      higher; the default is 1.

       -k mode
	      Perform "check-names" checks with	the  specified	failure	 mode.
	      Possible	modes  are  "fail"  (default  for  named-compilezone),
	      "warn" (default for named-checkzone) and "ignore".

       -l ttl Sets a maximum permissible TTL for the input  file.  Any	record
	      with  a TTL higher than this value will cause the	zone to	be re-
	      jected. This is similar to  using	 the  max-zone-ttl  option  in
	      named.conf.

       -L serial
	      When  compiling a	zone to	"raw" or "map" format, set the "source
	      serial" value in the header  to  the  specified  serial  number.
	      (This is expected	to be used primarily for testing purposes.)

       -m mode
	      Specify  whether MX records should be checked to see if they are
	      addresses. Possible modes	are "fail", "warn" (default) and  "ig-
	      nore".

       -M mode
	      Check  if	 a  MX	record	refers	to a CNAME. Possible modes are
	      "fail", "warn" (default) and "ignore".

       -n mode
	      Specify whether NS records should	be checked to see if they  are
	      addresses. Possible modes	are "fail" (default for	named-compile-
	      zone), "warn" (default for named-checkzone) and "ignore".

       -o filename
	      Write zone output	to filename. If	filename is -  then  write  to
	      standard out. This is mandatory for named-compilezone.

       -r mode
	      Check  for  records  that	are treated as different by DNSSEC but
	      are semantically equal in	plain DNS. Possible modes are  "fail",
	      "warn" (default) and "ignore".

       -s style
	      Specify  the  style of the dumped	zone file. Possible styles are
	      "full" (default) and "relative". The full	format is  most	 suit-
	      able  for	 processing automatically by a separate	script.	On the
	      other hand, the relative format is more  human-readable  and  is
	      thus suitable for	editing	by hand. For named-checkzone this does
	      not cause	any effects unless it dumps the	zone contents. It also
	      does not have any	meaning	if the output format is	not text.

       -S mode
	      Check  if	 a  SRV	 record	 refers	to a CNAME. Possible modes are
	      "fail", "warn" (default) and "ignore".

       -t directory
	      Chroot to	directory so that include directives in	the configura-
	      tion file	are processed as if run	by a similarly chrooted	named.

       -T mode
	      Check  if	Sender Policy Framework	(SPF) records exist and	issues
	      a	warning	if an SPF-formatted TXT	record is  not	also  present.
	      Possible modes are "warn"	(default), "ignore".

       -w directory
	      chdir  to	 directory  so	that relative filenames	in master file
	      $INCLUDE directives work.	 This  is  similar  to	the  directory
	      clause in	named.conf.

       -D     Dump  zone  file in canonical format. This is always enabled for
	      named-compilezone.

       -W mode
	      Specify whether to check for non-terminal	wildcards.  Non-termi-
	      nal  wildcards  are almost always	the result of a	failure	to un-
	      derstand the wildcard matching algorithm	(RFC  1034).  Possible
	      modes are	"warn" (default) and "ignore".

       zonename
	      The domain name of the zone being	checked.

       filename
	      The name of the zone file.

RETURN VALUES
       named-checkzone returns an exit status of 1 if errors were detected and
       0 otherwise.

SEE ALSO
       named(8), named-checkconf(8), RFC 1035, BIND 9 Administrator  Reference
       Manual.

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2020, Internet Systems Consortium

9.16.6				  2020-08-10		    NAMED-CHECKZONE(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | RETURN VALUES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=named-checkzone&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help