4.9. named-checkzone --- Zone master file syntax checker¶
4.9.1. Synopsis¶
named-checkzone [-d] [-h] [-j] [-q] [-v] [-c class] [-J filename] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-l ttl] [-L serial] [-o filename] [-r mode] [-s style] [-S mode] [-t directory] [-T mode] [-w directory] [-D] [-W mode] <zonename> <filename> named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-J filename] [-i mode] [-k mode] [-m mode] [-n mode] [-l ttl] [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w directory] [-D] [-W mode] {-o filename} <zonename> <filename>
4.9.2. Description¶
named-checkzone checks the syntax and integrity of a zone master file. It performs the same checks as named does when loading a zone. This makes named-checkzone useful for checking zone files before configuring them into a name server.
named-compilezone is similar to named-checkzone, but it always dumps the zone contents to a specified file. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by named. When manually specified otherwise, the check levels must at least be as strict as those specified in the named.conf(5) configuration file.
4.9.3. Options¶
- -d¶
Enable debugging.
- -h¶
Print usage information and exit.
- -q¶
Quiet mode - exit code only.
- -v¶
Print the program's version and exit.
- -j¶
When loading a zone file, read the journal if it exists. The journal file name is assumed to be the zone file name appended with the string .jnl.
- -J <filename>¶
When loading the zone file read the journal from the given file, if it exists. Using this option implies
-j.
- -c <class>¶
Specify the class of the zone. If not specified, IN is assumed.
- -i <mode>¶
Perform post-load zone integrity checks. Possible <mode> values are full (default), full-sibling, local, local-sibling and none.
Mode full checks that MX records refer to A or AAAA record (both in-zone and out-of-zone hostnames). Mode local only checks MX records which refer to in-zone hostnames.
Mode full checks that SRV records refer to A or AAAA record (both in-zone and out-of-zone hostnames). Mode local only checks SRV records which refer to in-zone hostnames.
Mode full checks that delegation NS records refer to A or AAAA record (both in-zone and out-of-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode local only checks NS records which refer to in-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
Mode full-sibling and local-sibling disable sibling glue checks but are otherwise the same as full and local respectively.
Mode none disables the checks.
- -k <mode>¶
Perform check-names checks with the specified failure mode. Possible modes are fail (default for named-compilezone), warn (default for named-checkzone) and ignore.
- -l <ttl>¶
Sets a maximum permissible TTL for the input file. Any record with a TTL higher than this value will cause the zone to be rejected. This is similar to using the max-zone-ttl option in named.conf(5).
- -L <serial>¶
When compiling a zone, set the "source serial" value in the header to the specified <serial> number. (This is expected to be used primarily for testing purposes.)
- -m <mode>¶
Specify whether MX records should be checked to see if they are addresses. Possible modes are fail, warn (default) and ignore.
- -M <mode>¶
Check if a MX record refers to a CNAME. Possible modes are fail, warn (default) and ignore.
- -n <mode>¶
Specify whether NS records should be checked to see if they are addresses. Possible modes are fail (default for named-compilezone), warn (default for named-checkzone) and ignore.
- -o <filename>¶
Write zone output to <filename>. If <filename> is - then write to stdout (standard output). This is mandatory for named-compilezone.
- -r <mode>¶
Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS. Possible modes are fail, warn (default) and ignore.
- -s <style>¶
Specify the style of the dumped zone file. Possible <style> values are full (default) and relative. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human-readable and is thus suitable for editing by hand. For named-checkzone this does not cause any effects unless it dumps the zone contents.
- -S <mode>¶
Check if a SRV record refers to a CNAME. Possible modes are fail, warn (default) and ignore.
- -t <directory>¶
chroot(2) to <directory> so that include directives in the configuration file are processed as if run by a similarly chroot(2)ed named.
- -T <mode>¶
Check if SPF records exist and issues a warning if an SPF-formatted TXT record is not also present. Possible modes are warn (default), ignore.
- -w <directory>¶
Change directory to <directory> so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in named.conf(5).
- -D¶
Dump zone file in canonical format. This is always enabled for named-compilezone(1).
- -W <mode>¶
Specify whether to check for non-terminal wildcards. Non-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are warn (default) and ignore.
- <zonename>¶
The domain name of the zone being checked.
- <filename>¶
The name of the zone file.
4.9.4. Exit status¶
named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.
4.9.5. See also¶
named(8), named-checkconf(1), named-rrchecker(1)
4.9.6. Copyright¶
Copyright (C) 2024 Banu Systems Private Limited. All rights reserved.
Copyright (c) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC").