.. highlight: console
+.. BEWARE: Do not forget to edit also named-compilezone.rst!
+
.. _man_named-checkzone:
-named-checkzone, named-compilezone - zone file validity checking or converting tool
------------------------------------------------------------------------------------
+named-checkzone - zone file validation tool
+-------------------------------------------
Synopsis
~~~~~~~~
:program:`named-checkzone` [**-d**] [**-h**] [**-j**] [**-q**] [**-v**] [**-c** class] [**-f** format] [**-F** format] [**-J** filename] [**-i** mode] [**-k** mode] [**-m** mode] [**-M** mode] [**-n** mode] [**-l** ttl] [**-L** serial] [**-o** filename] [**-r** mode] [**-s** style] [**-S** mode] [**-t** directory] [**-T** mode] [**-w** directory] [**-D**] [**-W** mode] {zonename} {filename}
-:program:`named-compilezone` [**-d**] [**-j**] [**-q**] [**-v**] [**-c** class] [**-C** mode] [**-f** format] [**-F** format] [**-J** filename] [**-i** mode] [**-k** mode] [**-m** mode] [**-n** mode] [**-l** ttl] [**-L** serial] [**-r** mode] [**-s** style] [**-t** directory] [**-T** mode] [**-w** directory] [**-D**] [**-W** mode] {**-o** filename} {zonename} {filename}
-
Description
~~~~~~~~~~~
makes ``named-checkzone`` useful for checking zone files before
configuring them into a name server.
-``named-compilezone`` is similar to ``named-checkzone``, but it always
-dumps the zone contents to a specified file in a specified format.
-It also applies stricter check levels by default, since the
-dump output is used as an actual zone file loaded by ``named``.
-When manually specified otherwise, the check levels must at least be as
-strict as those specified in the ``named`` configuration file.
-
Options
~~~~~~~
Mode ``none`` disables the checks.
``-f format``
- This option specifies the format of the zone file. Possible formats are ``text``
- (the default), ``raw``, and ``map``.
+ This option specifies the format of the zone file. Possible formats are
+ ``text`` (the default), ``raw``, and ``map``.
``-F format``
This option specifies the format of the output file specified. For
the zone contents.
Possible formats are ``text`` (the default), which is the standard
- textual representation of the zone, and ``map``, ``raw``, and
- ``raw=N``, which store the zone in a binary format for rapid
- loading by ``named``. ``raw=N`` specifies the format version of the
- raw zone file: if ``N`` is 0, the raw file can be read by any version of
- ``named``; if N is 1, the file can only be read by release 9.9.0 or
- higher. The default is 1.
+ textual representation of the zone, and ``map``, ``raw``, and ``raw=N``, which
+ store the zone in a binary format for rapid loading by ``named``.
+ ``raw=N`` specifies the format version of the raw zone file: if ``N`` is
+ 0, the raw file can be read by any version of ``named``; if N is 1, the
+ file can only be read by release 9.9.0 or higher. The default is 1.
``-k mode``
This option performs ``check-names`` checks with the specified failure mode.
- Possible modes are ``fail`` (the default for ``named-compilezone``),
- ``warn`` (the default for ``named-checkzone``), and ``ignore``.
+ Possible modes are ``fail``, ``warn`` (the default), and ``ignore``.
``-l ttl``
This option sets a maximum permissible TTL for the input file. Any record with a
``-n mode``
This option specifies whether NS records should be checked to see if they are
- addresses. Possible modes are ``fail`` (the default for
- ``named-compilezone``), ``warn`` (the default for ``named-checkzone``),
- and ``ignore``.
+ addresses. Possible modes are ``fail``, ``warn`` (the default), and ``ignore``.
``-o filename``
This option writes the zone output to ``filename``. If ``filename`` is ``-``, then
- the zone output is written to standard output. This is mandatory for ``named-compilezone``.
+ the zone output is written to standard output.
``-r mode``
This option checks for records that are treated as different by DNSSEC but are
``full`` (the default) and ``relative``. The ``full`` format is most
suitable for processing automatically by a separate script.
The relative format is more human-readable and is thus
- suitable for editing by hand. For ``named-checkzone``, this does not
- have any effect unless it dumps the zone contents. It also does not
- have any meaning if the output format is not text.
+ suitable for editing by hand. This does not have any effect unless it dumps
+ the zone contents. It also does not have any meaning if the output format
+ is not text.
``-S mode``
This option checks whether an SRV record refers to a CNAME. Possible modes are
``named.conf``.
``-D``
- This option dumps the zone file in canonical format. This is always enabled for
- ``named-compilezone``.
+ This option dumps the zone file in canonical format.
``-W mode``
This option specifies whether to check for non-terminal wildcards. Non-terminal
See Also
~~~~~~~~
-:manpage:`named(8)`, :manpage:`named-checkconf(8)`, :rfc:`1035`, BIND 9 Administrator Reference
-Manual.
+:manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`named-compilezone(8)`,
+:rfc:`1035`, BIND 9 Administrator Reference Manual.
--- /dev/null
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+.. BEWARE: Do not forget to edit also named-checkzone.rst!
+
+.. _man_named-compilezone:
+
+named-compilezone - zone file converting tool
+---------------------------------------------
+
+Synopsis
+~~~~~~~~
+
+:program:`named-compilezone` [**-d**] [**-h**] [**-j**] [**-q**] [**-v**] [**-c** class] [**-f** format] [**-F** format] [**-J** filename] [**-i** mode] [**-k** mode] [**-m** mode] [**-M** mode] [**-n** mode] [**-l** ttl] [**-L** serial] [**-r** mode] [**-s** style] [**-S** mode] [**-t** directory] [**-T** mode] [**-w** directory] [**-D**] [**-W** mode] {**-o** filename} {zonename} {filename}
+
+Description
+~~~~~~~~~~~
+
+``named-compilezone`` checks the syntax and integrity of a zone file,
+and dumps the zone contents to a specified file in a specified format.
+It applies strict check levels by default, since the
+dump output is used as an actual zone file loaded by ``named``.
+When manually specified otherwise, the check levels must at least be as
+strict as those specified in the ``named`` configuration file.
+
+Options
+~~~~~~~
+
+``-d``
+ This option enables debugging.
+
+``-h``
+ This option prints the usage summary and exits.
+
+``-q``
+ This option sets quiet mode, which only sets an exit code to indicate
+ successful or failed completion.
+
+``-v``
+ This option prints the version of the ``named-checkzone`` program and exits.
+
+``-j``
+ When loading a zone file, this option tells ``named`` to read the journal if it exists. The journal
+ file name is assumed to be the zone file name with the
+ string ``.jnl`` appended.
+
+``-J filename``
+ When loading the zone file, this option tells ``named`` to read the journal from the given file, if
+ it exists. This implies ``-j``.
+
+``-c class``
+ This option specifies the class of the zone. If not specified, ``IN`` is assumed.
+
+``-i mode``
+ This option performs post-load zone integrity checks. Possible modes are
+ ``full`` (the default), ``full-sibling``, ``local``,
+ ``local-sibling``, and ``none``.
+
+ Mode ``full`` checks that MX records refer to A or AAAA records
+ (both in-zone and out-of-zone hostnames). Mode ``local`` only
+ checks MX records which refer to in-zone hostnames.
+
+ Mode ``full`` checks that SRV records refer to A or AAAA records
+ (both in-zone and out-of-zone hostnames). Mode ``local`` only
+ checks SRV records which refer to in-zone hostnames.
+
+ Mode ``full`` checks that delegation NS records refer to A or AAAA
+ records (both in-zone and out-of-zone hostnames). It also checks that
+ glue address records in the zone match those advertised by the child.
+ Mode ``local`` only checks NS records which refer to in-zone
+ hostnames or verifies that some required glue exists, i.e., when the
+ name server is in a child zone.
+
+ Modes ``full-sibling`` and ``local-sibling`` disable sibling glue
+ checks, but are otherwise the same as ``full`` and ``local``,
+ respectively.
+
+ Mode ``none`` disables the checks.
+
+``-f format``
+ This option specifies the format of the zone file. Possible formats are
+ ``text`` (the default), ``raw``, and ``map``.
+
+``-F format``
+ This option specifies the format of the output file specified. For
+ ``named-checkzone``, this does not have any effect unless it dumps
+ the zone contents.
+
+ Possible formats are ``text`` (the default), which is the standard
+ textual representation of the zone, and ``map``, ``raw``, and ``raw=N``, which
+ store the zone in a binary format for rapid loading by ``named``.
+ ``raw=N`` specifies the format version of the raw zone file: if ``N`` is
+ 0, the raw file can be read by any version of ``named``; if N is 1, the
+ file can only be read by release 9.9.0 or higher. The default is 1.
+
+``-k mode``
+ This option performs ``check-names`` checks with the specified failure mode.
+ Possible modes are ``fail`` (the default), ``warn``, and ``ignore``.
+
+``-l ttl``
+ This option sets a maximum permissible TTL for the input file. Any record with a
+ TTL higher than this value causes the zone to be rejected. This
+ is similar to using the ``max-zone-ttl`` option in ``named.conf``.
+
+``-L serial``
+ When compiling a zone to ``raw`` or ``map`` format, this option sets the "source
+ serial" value in the header to the specified serial number. This is
+ expected to be used primarily for testing purposes.
+
+``-m mode``
+ This option specifies whether MX records should be checked to see if they are
+ addresses. Possible modes are ``fail``, ``warn`` (the default), and
+ ``ignore``.
+
+``-M mode``
+ This option checks whether a MX record refers to a CNAME. Possible modes are
+ ``fail``, ``warn`` (the default), and ``ignore``.
+
+``-n mode``
+ This option specifies whether NS records should be checked to see if they are
+ addresses. Possible modes are ``fail`` (the default), ``warn``, and
+ ``ignore``.
+
+``-o filename``
+ This option writes the zone output to ``filename``. If ``filename`` is ``-``, then
+ the zone output is written to standard output. This is mandatory for ``named-compilezone``.
+
+``-r mode``
+ This option checks for records that are treated as different by DNSSEC but are
+ semantically equal in plain DNS. Possible modes are ``fail``,
+ ``warn`` (the default), and ``ignore``.
+
+``-s style``
+ This option specifies the style of the dumped zone file. Possible styles are
+ ``full`` (the default) and ``relative``. The ``full`` format is most
+ suitable for processing automatically by a separate script.
+ The relative format is more human-readable and is thus
+ suitable for editing by hand.
+
+``-S mode``
+ This option checks whether an SRV record refers to a CNAME. Possible modes are
+ ``fail``, ``warn`` (the default), and ``ignore``.
+
+``-t directory``
+ This option tells ``named`` to chroot to ``directory``, so that ``include`` directives in the
+ configuration file are processed as if run by a similarly chrooted
+ ``named``.
+
+``-T mode``
+ This option checks whether Sender Policy Framework (SPF) records exist and issues a
+ warning if an SPF-formatted TXT record is not also present. Possible
+ modes are ``warn`` (the default) and ``ignore``.
+
+``-w directory``
+ This option instructs ``named`` to chdir to ``directory``, so that relative filenames in master file
+ ``$INCLUDE`` directives work. This is similar to the directory clause in
+ ``named.conf``.
+
+``-D``
+ This option dumps the zone file in canonical format. This is always enabled for
+ ``named-compilezone``.
+
+``-W mode``
+ This option specifies whether to check for non-terminal wildcards. Non-terminal
+ wildcards are almost always the result of a failure to understand the
+ wildcard matching algorithm (:rfc:`4592`). Possible modes are ``warn``
+ (the default) and ``ignore``.
+
+``zonename``
+ This indicates the domain name of the zone being checked.
+
+``filename``
+ This is the name of the zone file.
+
+Return Values
+~~~~~~~~~~~~~
+
+``named-compilezone`` returns an exit status of 1 if errors were detected
+and 0 otherwise.
+
+See Also
+~~~~~~~~
+
+:manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`named-checkzone(8)`,
+:rfc:`1035`, BIND 9 Administrator Reference Manual.
.. include:: ../../bin/tools/mdig.rst
.. include:: ../../bin/check/named-checkconf.rst
.. include:: ../../bin/check/named-checkzone.rst
+.. include:: ../../bin/check/named-compilezone.rst
.. include:: ../../bin/tools/named-journalprint.rst
.. include:: ../../bin/tools/named-nzd2nzf.rst
.. include:: ../../bin/tools/named-rrchecker.rst
filter-aaaa.8 \
named-checkconf.8 \
named-checkzone.8 \
+ named-compilezone.8 \
named-journalprint.8 \
named.8 \
nsec3hash.8 \
mdig.rst \
named-checkconf.rst \
named-checkzone.rst \
+ named-compilezone.rst \
named-journalprint.rst \
named-nzd2nzf.rst \
named-rrchecker.rst \
mdig.1in \
named-checkconf.8in \
named-checkzone.8in \
+ named-compilezone.8in \
named-journalprint.8in \
named-nzd2nzf.8in \
named-rrchecker.1in \
('mdig', 'mdig', 'DNS pipelined lookup utility', author, 1),
('named-checkconf', 'named-checkconf', 'named configuration file syntax checking tool', author, 8),
('named-checkzone', 'named-checkzone', 'zone file validity checking or converting tool', author, 8),
+ ('named-compilezone', 'named-compilezone', 'zone file validity checking or converting tool', author, 8),
('named-journalprint', 'named-journalprint', 'print zone journal in human-readable form', author, 8),
('named-nzd2nzf', 'named-nzd2nzf', 'convert an NZD database to NZF text format', author, 8),
('named-rrchecker', 'named-rrchecker', 'syntax checker for individual DNS resource records', author, 1),
.SH SYNOPSIS
.sp
\fBnamed\-checkzone\fP [\fB\-d\fP] [\fB\-h\fP] [\fB\-j\fP] [\fB\-q\fP] [\fB\-v\fP] [\fB\-c\fP class] [\fB\-f\fP format] [\fB\-F\fP format] [\fB\-J\fP filename] [\fB\-i\fP mode] [\fB\-k\fP mode] [\fB\-m\fP mode] [\fB\-M\fP mode] [\fB\-n\fP mode] [\fB\-l\fP ttl] [\fB\-L\fP serial] [\fB\-o\fP filename] [\fB\-r\fP mode] [\fB\-s\fP style] [\fB\-S\fP mode] [\fB\-t\fP directory] [\fB\-T\fP mode] [\fB\-w\fP directory] [\fB\-D\fP] [\fB\-W\fP mode] {zonename} {filename}
-.sp
-\fBnamed\-compilezone\fP [\fB\-d\fP] [\fB\-j\fP] [\fB\-q\fP] [\fB\-v\fP] [\fB\-c\fP class] [\fB\-C\fP mode] [\fB\-f\fP format] [\fB\-F\fP format] [\fB\-J\fP filename] [\fB\-i\fP mode] [\fB\-k\fP mode] [\fB\-m\fP mode] [\fB\-n\fP mode] [\fB\-l\fP ttl] [\fB\-L\fP serial] [\fB\-r\fP mode] [\fB\-s\fP style] [\fB\-t\fP directory] [\fB\-T\fP mode] [\fB\-w\fP directory] [\fB\-D\fP] [\fB\-W\fP mode] {\fB\-o\fP filename} {zonename} {filename}
.SH DESCRIPTION
.sp
\fBnamed\-checkzone\fP checks the syntax and integrity of a zone file. It
performs the same checks as \fBnamed\fP does when loading a zone. This
makes \fBnamed\-checkzone\fP useful for checking zone files before
configuring them into a name server.
-.sp
-\fBnamed\-compilezone\fP is similar to \fBnamed\-checkzone\fP, but it always
-dumps the zone contents to a specified file in a specified format.
-It also applies stricter check levels by default, since the
-dump output is used as an actual zone file loaded by \fBnamed\fP\&.
-When manually specified otherwise, the check levels must at least be as
-strict as those specified in the \fBnamed\fP configuration file.
.SH OPTIONS
.INDENT 0.0
.TP
Mode \fBnone\fP disables the checks.
.TP
.B \fB\-f format\fP
-This option specifies the format of the zone file. Possible formats are \fBtext\fP
-(the default), \fBraw\fP, and \fBmap\fP\&.
+This option specifies the format of the zone file. Possible formats are
+\fBtext\fP (the default), \fBraw\fP, and \fBmap\fP\&.
.TP
.B \fB\-F format\fP
This option specifies the format of the output file specified. For
the zone contents.
.sp
Possible formats are \fBtext\fP (the default), which is the standard
-textual representation of the zone, and \fBmap\fP, \fBraw\fP, and
-\fBraw=N\fP, which store the zone in a binary format for rapid
-loading by \fBnamed\fP\&. \fBraw=N\fP specifies the format version of the
-raw zone file: if \fBN\fP is 0, the raw file can be read by any version of
-\fBnamed\fP; if N is 1, the file can only be read by release 9.9.0 or
-higher. The default is 1.
+textual representation of the zone, and \fBmap\fP, \fBraw\fP, and \fBraw=N\fP, which
+store the zone in a binary format for rapid loading by \fBnamed\fP\&.
+\fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is
+0, the raw file can be read by any version of \fBnamed\fP; if N is 1, the
+file can only be read by release 9.9.0 or higher. The default is 1.
.TP
.B \fB\-k mode\fP
This option performs \fBcheck\-names\fP checks with the specified failure mode.
-Possible modes are \fBfail\fP (the default for \fBnamed\-compilezone\fP),
-\fBwarn\fP (the default for \fBnamed\-checkzone\fP), and \fBignore\fP\&.
+Possible modes are \fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
.TP
.B \fB\-l ttl\fP
This option sets a maximum permissible TTL for the input file. Any record with a
.TP
.B \fB\-n mode\fP
This option specifies whether NS records should be checked to see if they are
-addresses. Possible modes are \fBfail\fP (the default for
-\fBnamed\-compilezone\fP), \fBwarn\fP (the default for \fBnamed\-checkzone\fP),
-and \fBignore\fP\&.
+addresses. Possible modes are \fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
.TP
.B \fB\-o filename\fP
This option writes the zone output to \fBfilename\fP\&. If \fBfilename\fP is \fB\-\fP, then
-the zone output is written to standard output. This is mandatory for \fBnamed\-compilezone\fP\&.
+the zone output is written to standard output.
.TP
.B \fB\-r mode\fP
This option checks for records that are treated as different by DNSSEC but are
\fBfull\fP (the default) and \fBrelative\fP\&. The \fBfull\fP format is most
suitable for processing automatically by a separate script.
The relative format is more human\-readable and is thus
-suitable for editing by hand. For \fBnamed\-checkzone\fP, this does not
-have any effect unless it dumps the zone contents. It also does not
-have any meaning if the output format is not text.
+suitable for editing by hand. This does not have any effect unless it dumps
+the zone contents. It also does not have any meaning if the output format
+is not text.
.TP
.B \fB\-S mode\fP
This option checks whether an SRV record refers to a CNAME. Possible modes are
\fBnamed.conf\fP\&.
.TP
.B \fB\-D\fP
-This option dumps the zone file in canonical format. This is always enabled for
-\fBnamed\-compilezone\fP\&.
+This option dumps the zone file in canonical format.
.TP
.B \fB\-W mode\fP
This option specifies whether to check for non\-terminal wildcards. Non\-terminal
and 0 otherwise.
.SH SEE ALSO
.sp
-\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fI\%RFC 1035\fP, BIND 9 Administrator Reference
-Manual.
+\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-compilezone(8)\fP,
+\fI\%RFC 1035\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
--- /dev/null
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "NAMED-COMPILEZONE" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
+.SH NAME
+named-compilezone \- zone file validity checking or converting tool
+.SH SYNOPSIS
+.sp
+\fBnamed\-compilezone\fP [\fB\-d\fP] [\fB\-h\fP] [\fB\-j\fP] [\fB\-q\fP] [\fB\-v\fP] [\fB\-c\fP class] [\fB\-f\fP format] [\fB\-F\fP format] [\fB\-J\fP filename] [\fB\-i\fP mode] [\fB\-k\fP mode] [\fB\-m\fP mode] [\fB\-M\fP mode] [\fB\-n\fP mode] [\fB\-l\fP ttl] [\fB\-L\fP serial] [\fB\-r\fP mode] [\fB\-s\fP style] [\fB\-S\fP mode] [\fB\-t\fP directory] [\fB\-T\fP mode] [\fB\-w\fP directory] [\fB\-D\fP] [\fB\-W\fP mode] {\fB\-o\fP filename} {zonename} {filename}
+.SH DESCRIPTION
+.sp
+\fBnamed\-compilezone\fP checks the syntax and integrity of a zone file,
+and dumps the zone contents to a specified file in a specified format.
+It applies strict check levels by default, since the
+dump output is used as an actual zone file loaded by \fBnamed\fP\&.
+When manually specified otherwise, the check levels must at least be as
+strict as those specified in the \fBnamed\fP configuration file.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \fB\-d\fP
+This option enables debugging.
+.TP
+.B \fB\-h\fP
+This option prints the usage summary and exits.
+.TP
+.B \fB\-q\fP
+This option sets quiet mode, which only sets an exit code to indicate
+successful or failed completion.
+.TP
+.B \fB\-v\fP
+This option prints the version of the \fBnamed\-checkzone\fP program and exits.
+.TP
+.B \fB\-j\fP
+When loading a zone file, this option tells \fBnamed\fP to read the journal if it exists. The journal
+file name is assumed to be the zone file name with the
+string \fB\&.jnl\fP appended.
+.TP
+.B \fB\-J filename\fP
+When loading the zone file, this option tells \fBnamed\fP to read the journal from the given file, if
+it exists. This implies \fB\-j\fP\&.
+.TP
+.B \fB\-c class\fP
+This option specifies the class of the zone. If not specified, \fBIN\fP is assumed.
+.TP
+.B \fB\-i mode\fP
+This option performs post\-load zone integrity checks. Possible modes are
+\fBfull\fP (the default), \fBfull\-sibling\fP, \fBlocal\fP,
+\fBlocal\-sibling\fP, and \fBnone\fP\&.
+.sp
+Mode \fBfull\fP checks that MX records refer to A or AAAA records
+(both in\-zone and out\-of\-zone hostnames). Mode \fBlocal\fP only
+checks MX records which refer to in\-zone hostnames.
+.sp
+Mode \fBfull\fP checks that SRV records refer to A or AAAA records
+(both in\-zone and out\-of\-zone hostnames). Mode \fBlocal\fP only
+checks SRV records which refer to in\-zone hostnames.
+.sp
+Mode \fBfull\fP checks that delegation NS records refer to A or AAAA
+records (both in\-zone and out\-of\-zone hostnames). It also checks that
+glue address records in the zone match those advertised by the child.
+Mode \fBlocal\fP only checks NS records which refer to in\-zone
+hostnames or verifies that some required glue exists, i.e., when the
+name server is in a child zone.
+.sp
+Modes \fBfull\-sibling\fP and \fBlocal\-sibling\fP disable sibling glue
+checks, but are otherwise the same as \fBfull\fP and \fBlocal\fP,
+respectively.
+.sp
+Mode \fBnone\fP disables the checks.
+.TP
+.B \fB\-f format\fP
+This option specifies the format of the zone file. Possible formats are
+\fBtext\fP (the default), and \fBraw\fP\&.
+.TP
+.B \fB\-F format\fP
+This option specifies the format of the output file specified. For
+\fBnamed\-checkzone\fP, this does not have any effect unless it dumps
+the zone contents.
+.sp
+Possible formats are \fBtext\fP (the default), which is the standard
+textual representation of the zone, and \fBraw\fP and \fBraw=N\fP, which
+store the zone in a binary format for rapid loading by \fBnamed\fP\&.
+\fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is
+0, the raw file can be read by any version of \fBnamed\fP; if N is 1, the
+file can only be read by release 9.9.0 or higher. The default is 1.
+.TP
+.B \fB\-k mode\fP
+This option performs \fBcheck\-names\fP checks with the specified failure mode.
+Possible modes are \fBfail\fP (the default), \fBwarn\fP, and \fBignore\fP\&.
+.TP
+.B \fB\-l ttl\fP
+This option sets a maximum permissible TTL for the input file. Any record with a
+TTL higher than this value causes the zone to be rejected. This
+is similar to using the \fBmax\-zone\-ttl\fP option in \fBnamed.conf\fP\&.
+.TP
+.B \fB\-L serial\fP
+When compiling a zone to \fBraw\fP format, this option sets the "source
+serial" value in the header to the specified serial number. This is
+expected to be used primarily for testing purposes.
+.TP
+.B \fB\-m mode\fP
+This option specifies whether MX records should be checked to see if they are
+addresses. Possible modes are \fBfail\fP, \fBwarn\fP (the default), and
+\fBignore\fP\&.
+.TP
+.B \fB\-M mode\fP
+This option checks whether a MX record refers to a CNAME. Possible modes are
+\fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
+.TP
+.B \fB\-n mode\fP
+This option specifies whether NS records should be checked to see if they are
+addresses. Possible modes are \fBfail\fP (the default), \fBwarn\fP, and
+\fBignore\fP\&.
+.TP
+.B \fB\-o filename\fP
+This option writes the zone output to \fBfilename\fP\&. If \fBfilename\fP is \fB\-\fP, then
+the zone output is written to standard output. This is mandatory for \fBnamed\-compilezone\fP\&.
+.TP
+.B \fB\-r mode\fP
+This option checks for records that are treated as different by DNSSEC but are
+semantically equal in plain DNS. Possible modes are \fBfail\fP,
+\fBwarn\fP (the default), and \fBignore\fP\&.
+.TP
+.B \fB\-s style\fP
+This option specifies the style of the dumped zone file. Possible styles are
+\fBfull\fP (the default) and \fBrelative\fP\&. The \fBfull\fP format is most
+suitable for processing automatically by a separate script.
+The relative format is more human\-readable and is thus
+suitable for editing by hand.
+.TP
+.B \fB\-S mode\fP
+This option checks whether an SRV record refers to a CNAME. Possible modes are
+\fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
+.TP
+.B \fB\-t directory\fP
+This option tells \fBnamed\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
+configuration file are processed as if run by a similarly chrooted
+\fBnamed\fP\&.
+.TP
+.B \fB\-T mode\fP
+This option checks whether Sender Policy Framework (SPF) records exist and issues a
+warning if an SPF\-formatted TXT record is not also present. Possible
+modes are \fBwarn\fP (the default) and \fBignore\fP\&.
+.TP
+.B \fB\-w directory\fP
+This option instructs \fBnamed\fP to chdir to \fBdirectory\fP, so that relative filenames in master file
+\fB$INCLUDE\fP directives work. This is similar to the directory clause in
+\fBnamed.conf\fP\&.
+.TP
+.B \fB\-D\fP
+This option dumps the zone file in canonical format. This is always enabled for
+\fBnamed\-compilezone\fP\&.
+.TP
+.B \fB\-W mode\fP
+This option specifies whether to check for non\-terminal wildcards. Non\-terminal
+wildcards are almost always the result of a failure to understand the
+wildcard matching algorithm (\fI\%RFC 1034\fP). Possible modes are \fBwarn\fP
+(the default) and \fBignore\fP\&.
+.TP
+.B \fBzonename\fP
+This indicates the domain name of the zone being checked.
+.TP
+.B \fBfilename\fP
+This is the name of the zone file.
+.UNINDENT
+.SH RETURN VALUES
+.sp
+\fBnamed\-compilezone\fP returns an exit status of 1 if errors were detected
+and 0 otherwise.
+.SH SEE ALSO
+.sp
+\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-checkzone(8)\fP,
+\fI\%RFC 1035\fP, BIND 9 Administrator Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2022, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.
--- /dev/null
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "NAMED-COMPILEZONE" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.SH NAME
+named-compilezone \- zone file validity checking or converting tool
+.SH SYNOPSIS
+.sp
+\fBnamed\-compilezone\fP [\fB\-d\fP] [\fB\-h\fP] [\fB\-j\fP] [\fB\-q\fP] [\fB\-v\fP] [\fB\-c\fP class] [\fB\-f\fP format] [\fB\-F\fP format] [\fB\-J\fP filename] [\fB\-i\fP mode] [\fB\-k\fP mode] [\fB\-m\fP mode] [\fB\-M\fP mode] [\fB\-n\fP mode] [\fB\-l\fP ttl] [\fB\-L\fP serial] [\fB\-r\fP mode] [\fB\-s\fP style] [\fB\-S\fP mode] [\fB\-t\fP directory] [\fB\-T\fP mode] [\fB\-w\fP directory] [\fB\-D\fP] [\fB\-W\fP mode] {\fB\-o\fP filename} {zonename} {filename}
+.SH DESCRIPTION
+.sp
+\fBnamed\-compilezone\fP checks the syntax and integrity of a zone file,
+and dumps the zone contents to a specified file in a specified format.
+It applies strict check levels by default, since the
+dump output is used as an actual zone file loaded by \fBnamed\fP\&.
+When manually specified otherwise, the check levels must at least be as
+strict as those specified in the \fBnamed\fP configuration file.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \fB\-d\fP
+This option enables debugging.
+.TP
+.B \fB\-h\fP
+This option prints the usage summary and exits.
+.TP
+.B \fB\-q\fP
+This option sets quiet mode, which only sets an exit code to indicate
+successful or failed completion.
+.TP
+.B \fB\-v\fP
+This option prints the version of the \fBnamed\-checkzone\fP program and exits.
+.TP
+.B \fB\-j\fP
+When loading a zone file, this option tells \fBnamed\fP to read the journal if it exists. The journal
+file name is assumed to be the zone file name with the
+string \fB\&.jnl\fP appended.
+.TP
+.B \fB\-J filename\fP
+When loading the zone file, this option tells \fBnamed\fP to read the journal from the given file, if
+it exists. This implies \fB\-j\fP\&.
+.TP
+.B \fB\-c class\fP
+This option specifies the class of the zone. If not specified, \fBIN\fP is assumed.
+.TP
+.B \fB\-i mode\fP
+This option performs post\-load zone integrity checks. Possible modes are
+\fBfull\fP (the default), \fBfull\-sibling\fP, \fBlocal\fP,
+\fBlocal\-sibling\fP, and \fBnone\fP\&.
+.sp
+Mode \fBfull\fP checks that MX records refer to A or AAAA records
+(both in\-zone and out\-of\-zone hostnames). Mode \fBlocal\fP only
+checks MX records which refer to in\-zone hostnames.
+.sp
+Mode \fBfull\fP checks that SRV records refer to A or AAAA records
+(both in\-zone and out\-of\-zone hostnames). Mode \fBlocal\fP only
+checks SRV records which refer to in\-zone hostnames.
+.sp
+Mode \fBfull\fP checks that delegation NS records refer to A or AAAA
+records (both in\-zone and out\-of\-zone hostnames). It also checks that
+glue address records in the zone match those advertised by the child.
+Mode \fBlocal\fP only checks NS records which refer to in\-zone
+hostnames or verifies that some required glue exists, i.e., when the
+name server is in a child zone.
+.sp
+Modes \fBfull\-sibling\fP and \fBlocal\-sibling\fP disable sibling glue
+checks, but are otherwise the same as \fBfull\fP and \fBlocal\fP,
+respectively.
+.sp
+Mode \fBnone\fP disables the checks.
+.TP
+.B \fB\-f format\fP
+This option specifies the format of the zone file. Possible formats are
+\fBtext\fP (the default), \fBraw\fP, and \fBmap\fP\&.
+.TP
+.B \fB\-F format\fP
+This option specifies the format of the output file specified. For
+\fBnamed\-checkzone\fP, this does not have any effect unless it dumps
+the zone contents.
+.sp
+Possible formats are \fBtext\fP (the default), which is the standard
+textual representation of the zone, and \fBmap\fP, \fBraw\fP, and \fBraw=N\fP, which
+store the zone in a binary format for rapid loading by \fBnamed\fP\&.
+\fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is
+0, the raw file can be read by any version of \fBnamed\fP; if N is 1, the
+file can only be read by release 9.9.0 or higher. The default is 1.
+.TP
+.B \fB\-k mode\fP
+This option performs \fBcheck\-names\fP checks with the specified failure mode.
+Possible modes are \fBfail\fP (the default), \fBwarn\fP, and \fBignore\fP\&.
+.TP
+.B \fB\-l ttl\fP
+This option sets a maximum permissible TTL for the input file. Any record with a
+TTL higher than this value causes the zone to be rejected. This
+is similar to using the \fBmax\-zone\-ttl\fP option in \fBnamed.conf\fP\&.
+.TP
+.B \fB\-L serial\fP
+When compiling a zone to \fBraw\fP or \fBmap\fP format, this option sets the "source
+serial" value in the header to the specified serial number. This is
+expected to be used primarily for testing purposes.
+.TP
+.B \fB\-m mode\fP
+This option specifies whether MX records should be checked to see if they are
+addresses. Possible modes are \fBfail\fP, \fBwarn\fP (the default), and
+\fBignore\fP\&.
+.TP
+.B \fB\-M mode\fP
+This option checks whether a MX record refers to a CNAME. Possible modes are
+\fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
+.TP
+.B \fB\-n mode\fP
+This option specifies whether NS records should be checked to see if they are
+addresses. Possible modes are \fBfail\fP (the default), \fBwarn\fP, and
+\fBignore\fP\&.
+.TP
+.B \fB\-o filename\fP
+This option writes the zone output to \fBfilename\fP\&. If \fBfilename\fP is \fB\-\fP, then
+the zone output is written to standard output. This is mandatory for \fBnamed\-compilezone\fP\&.
+.TP
+.B \fB\-r mode\fP
+This option checks for records that are treated as different by DNSSEC but are
+semantically equal in plain DNS. Possible modes are \fBfail\fP,
+\fBwarn\fP (the default), and \fBignore\fP\&.
+.TP
+.B \fB\-s style\fP
+This option specifies the style of the dumped zone file. Possible styles are
+\fBfull\fP (the default) and \fBrelative\fP\&. The \fBfull\fP format is most
+suitable for processing automatically by a separate script.
+The relative format is more human\-readable and is thus
+suitable for editing by hand.
+.TP
+.B \fB\-S mode\fP
+This option checks whether an SRV record refers to a CNAME. Possible modes are
+\fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&.
+.TP
+.B \fB\-t directory\fP
+This option tells \fBnamed\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
+configuration file are processed as if run by a similarly chrooted
+\fBnamed\fP\&.
+.TP
+.B \fB\-T mode\fP
+This option checks whether Sender Policy Framework (SPF) records exist and issues a
+warning if an SPF\-formatted TXT record is not also present. Possible
+modes are \fBwarn\fP (the default) and \fBignore\fP\&.
+.TP
+.B \fB\-w directory\fP
+This option instructs \fBnamed\fP to chdir to \fBdirectory\fP, so that relative filenames in master file
+\fB$INCLUDE\fP directives work. This is similar to the directory clause in
+\fBnamed.conf\fP\&.
+.TP
+.B \fB\-D\fP
+This option dumps the zone file in canonical format. This is always enabled for
+\fBnamed\-compilezone\fP\&.
+.TP
+.B \fB\-W mode\fP
+This option specifies whether to check for non\-terminal wildcards. Non\-terminal
+wildcards are almost always the result of a failure to understand the
+wildcard matching algorithm (\fI\%RFC 4592\fP). Possible modes are \fBwarn\fP
+(the default) and \fBignore\fP\&.
+.TP
+.B \fBzonename\fP
+This indicates the domain name of the zone being checked.
+.TP
+.B \fBfilename\fP
+This is the name of the zone file.
+.UNINDENT
+.SH RETURN VALUES
+.sp
+\fBnamed\-compilezone\fP returns an exit status of 1 if errors were detected
+and 0 otherwise.
+.SH SEE ALSO
+.sp
+\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-checkzone(8)\fP,
+\fI\%RFC 1035\fP, BIND 9 Administrator Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2022, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.
--- /dev/null
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+:orphan:
+
+.. include:: ../../bin/check/named-compilezone.rst
projects / thirdparty / bind9.git / commitdiff
