4.9. named-checkzone --- Zone master file syntax checker¶
4.9.1. Synopsis¶
named-checkzone [-d] [-j] [-q] [-c class] [-J filename] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-l ttl] [-L serial] [-o filename] [-r mode] [-s style] [-S mode] [-t directory] [-T mode] [-w directory] [-D] [-W mode] <zonename> <filename>
named-checkzone [ -h | -V ]
4.9.2. Description¶
named-checkzone checks the syntax and integrity of a zone master file. It performs the same checks as named does when loading a zone. This makes named-checkzone useful for checking zone files before configuring them to be loaded into a nameserver.
4.9.3. Options¶
- -d¶
Enable debugging.
- -h¶
Print program usage information and exit.
- -q¶
Quiet mode - exit code only.
- -j¶
When loading a zone file, read the journal if it exists. The journal file name is assumed to be the zone file name appended with the string .jnl.
- -J <filename>¶
When loading the zone file read the journal from the given file, if it exists. Using this option implies
-j.
- -c <class>¶
Specify the class of the zone. If not specified, IN is assumed.
- -i <mode>¶
Perform post-load zone integrity checks. Possible <mode> values are full (default), full-sibling, local, local-sibling and none.
Mode full checks that MX records refer to A or AAAA record (both in-zone and out-of-zone hostnames). Mode local only checks MX records which refer to in-zone hostnames.
Mode full checks that SRV records refer to A or AAAA record (both in-zone and out-of-zone hostnames). Mode local only checks SRV records which refer to in-zone hostnames.
Mode full checks that delegation NS records refer to A or AAAA record (both in-zone and out-of-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode local only checks NS records which refer to in-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
Mode full-sibling and local-sibling disable sibling glue checks but are otherwise the same as full and local respectively.
Mode none disables the checks.
- -k <mode>¶
Perform check-names checks with the specified failure mode. Possible modes are fail, warn, and ignore.
- -l <ttl>¶
Sets a maximum permissible TTL for the input file. Any record with a TTL higher than this value will cause the zone to be rejected. This is similar to using the max-zone-ttl option in named.conf(5).
- -L <serial>¶
When compiling a zone, set the "source serial" value in the header to the specified <serial> number. (This is expected to be used primarily for testing purposes.)
- -m <mode>¶
Specify whether MX records should be checked to see if they are addresses. Possible modes are fail, warn (default) and ignore.
- -M <mode>¶
Check if a MX record refers to a CNAME. Possible modes are fail, warn (default) and ignore.
- -n <mode>¶
Specify whether NS records should be checked to see if they are addresses. Possible modes are fail, warn, and ignore.
- -o <filename>¶
Write zone output to <filename>. If <filename> is - then write to stdout (standard output).
- -r <mode>¶
Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS. Possible modes are fail, warn (default) and ignore.
- -s <style>¶
Specify the style of the dumped zone file. Possible <style> values are full (default) and relative. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human-readable and is thus suitable for editing by hand. For named-checkzone this does not cause any effects unless it dumps the zone contents.
- -S <mode>¶
Check if a SRV record refers to a CNAME. Possible modes are fail, warn (default) and ignore.
- -t <directory>¶
chroot(2) to <directory> so that include directives in the configuration file are processed as if run by a similarly chroot(2)ed named.
- -T <mode>¶
Check if SPF records exist and issues a warning if an SPF-formatted TXT record is not also present. Possible modes are warn (default), ignore.
- -V¶
Print program version and exit.
- -w <directory>¶
Change directory to <directory> so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in named.conf(5).
- -D¶
Dump zone file in canonical format.
- -W <mode>¶
Specify whether to check for non-terminal wildcards. Non-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are warn (default) and ignore.
- <zonename>¶
The domain name of the zone being checked.
- <filename>¶
The name of the zone file.
4.9.4. Exit status¶
named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.
4.9.5. See also¶
named(8), named-checkconf(1), named-rrchecker(1)
4.9.6. Copyright¶
Copyright (C) 2024 Banu Systems Private Limited. All rights reserved.
Copyright (c) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC").