4.9. named-checkzone --- Zone master file syntax checker

4.9.1. Synopsis

named-checkzone [-d] [-j] [-q] [-c class] [-J filename] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-l ttl] [-L serial] [-o filename] [-r mode] [-s style] [-S mode] [-t directory] [-T mode] [-w directory] [-D] [-W mode] <zonename> <filename>

named-checkzone [ -h | -V ]

4.9.2. Description

named-checkzone checks the syntax and integrity of a zone master file. It performs the same checks as named does when loading a zone. This makes named-checkzone useful for checking zone files before configuring them to be loaded into a nameserver.

4.9.3. Options

-d

Enable debugging.

-h

Print program usage information and exit.

-q

Quiet mode - exit code only.

-j

When loading a zone file, read the journal if it exists. The journal file name is assumed to be the zone file name appended with the string .jnl.

-J <filename>

When loading the zone file read the journal from the given file, if it exists. Using this option implies -j.

-c <class>

Specify the class of the zone. If not specified, IN is assumed.

-i <mode>

Perform post-load zone integrity checks. Possible <mode> values are full (default), full-sibling, local, local-sibling and none.

Mode full checks that MX records refer to A or AAAA record (both in-zone and out-of-zone hostnames). Mode local only checks MX records which refer to in-zone hostnames.

Mode full checks that SRV records refer to A or AAAA record (both in-zone and out-of-zone hostnames). Mode local only checks SRV records which refer to in-zone hostnames.

Mode full checks that delegation NS records refer to A or AAAA record (both in-zone and out-of-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode local only checks NS records which refer to in-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.

Mode full-sibling and local-sibling disable sibling glue checks but are otherwise the same as full and local respectively.

Mode none disables the checks.

-k <mode>

Perform check-names checks with the specified failure mode. Possible modes are fail, warn, and ignore.

-l <ttl>

Sets a maximum permissible TTL for the input file. Any record with a TTL higher than this value will cause the zone to be rejected. This is similar to using the max-zone-ttl option in named.conf(5).

-L <serial>

When compiling a zone, set the "source serial" value in the header to the specified <serial> number. (This is expected to be used primarily for testing purposes.)

-m <mode>

Specify whether MX records should be checked to see if they are addresses. Possible modes are fail, warn (default) and ignore.

-M <mode>

Check if a MX record refers to a CNAME. Possible modes are fail, warn (default) and ignore.

-n <mode>

Specify whether NS records should be checked to see if they are addresses. Possible modes are fail, warn, and ignore.

-o <filename>

Write zone output to <filename>. If <filename> is - then write to stdout (standard output).

-r <mode>

Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS. Possible modes are fail, warn (default) and ignore.

-s <style>

Specify the style of the dumped zone file. Possible <style> values are full (default) and relative. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human-readable and is thus suitable for editing by hand. For named-checkzone this does not cause any effects unless it dumps the zone contents.

-S <mode>

Check if a SRV record refers to a CNAME. Possible modes are fail, warn (default) and ignore.

-t <directory>

chroot(2) to <directory> so that include directives in the configuration file are processed as if run by a similarly chroot(2)ed named.

-T <mode>

Check if SPF records exist and issues a warning if an SPF-formatted TXT record is not also present. Possible modes are warn (default), ignore.

-V

Print program version and exit.

-w <directory>

Change directory to <directory> so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in named.conf(5).

-D

Dump zone file in canonical format.

-W <mode>

Specify whether to check for non-terminal wildcards. Non-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are warn (default) and ignore.

<zonename>

The domain name of the zone being checked.

<filename>

The name of the zone file.

4.9.4. Exit status

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

4.9.5. See also

named(8), named-checkconf(1), named-rrchecker(1)

4.9.6. Copyright

Copyright (C) 2024 Banu Systems Private Limited. All rights reserved.

Copyright (c) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC").