:program:`named-compilezone` checks the syntax and integrity of a zone file,
and dumps the zone contents to a specified file in a specified format.
-It applies strict check levels by default, since the
-dump output is used as an actual zone file loaded by :iscman:`named`.
-When manually specified otherwise, the check levels must at least be as
-strict as those specified in the :iscman:`named` configuration file.
+
+Unlike :program:`named-checkzone`, zone contents are not strictly checked
+by default. If the output is to be used as an actual zone file to be loaded
+by :iscman:`named`, then the check levels should be manually configured to
+be at least as strict as those specified in the :iscman:`named` configuration
+file.
+
+Running :program:`named-checkzone` on the input prior to compiling will
+ensure that the zone compiles with the default requirements of
+:iscman:`named`.
Options
~~~~~~~
``check-svcb:fail`` turns on additional checks on ``_dns`` SVCB
records and ``check-svcb:ignore`` disables these checks. The
- default is ``check-svcb:fail``.
+ default is ``check-svcb:ignore``.
.. option:: -i mode
This option performs post-load zone integrity checks. Possible modes are
- ``full`` (the default), ``full-sibling``, ``local``,
- ``local-sibling``, and ``none``.
+ ``full``, ``full-sibling``, ``local``,
+ ``local-sibling``, and ``none`` (the default).
Mode ``full`` checks that MX records refer to A or AAAA records
(both in-zone and out-of-zone hostnames). Mode ``local`` only
.. option:: -k mode
This option performs ``check-names`` checks with the specified failure mode.
- Possible modes are ``fail`` (the default), ``warn``, and ``ignore``.
+ Possible modes are ``fail``, ``warn``, and ``ignore`` (the default).
.. option:: -l ttl
.. option:: -m mode
This option specifies whether MX records should be checked to see if they are
- addresses. Possible modes are ``fail``, ``warn`` (the default), and
- ``ignore``.
+ addresses. Possible modes are ``fail``, ``warn``, and
+ ``ignore`` (the default).
.. option:: -M mode
This option checks whether a MX record refers to a CNAME. Possible modes are
- ``fail``, ``warn`` (the default), and ``ignore``.
+ ``fail``, ``warn``, and ``ignore`` (the default).
.. option:: -n mode
This option specifies whether NS records should be checked to see if they are
- addresses. Possible modes are ``fail`` (the default), ``warn``, and
- ``ignore``.
+ addresses. Possible modes are ``fail``, ``warn``, and
+ ``ignore`` (the default).
.. option:: -o filename
This option checks for records that are treated as different by DNSSEC but are
semantically equal in plain DNS. Possible modes are ``fail``,
- ``warn`` (the default), and ``ignore``.
+ ``warn``, and ``ignore`` (the default).
.. option:: -s style
.. option:: -S mode
This option checks whether an SRV record refers to a CNAME. Possible modes are
- ``fail``, ``warn`` (the default), and ``ignore``.
+ ``fail``, ``warn``, and ``ignore`` (the default).
.. option:: -t directory
This option checks whether Sender Policy Framework (SPF) records exist and issues a
warning if an SPF-formatted TXT record is not also present. Possible
- modes are ``warn`` (the default) and ``ignore``.
+ modes are ``warn`` and ``ignore`` (the default).
.. option:: -w directory
This option specifies whether to check for non-terminal wildcards. Non-terminal
wildcards are almost always the result of a failure to understand the
wildcard matching algorithm (:rfc:`4592`). Possible modes are ``warn``
- (the default) and ``ignore``.
+ and ``ignore`` (the default).
.. option:: zonename
projects / thirdparty / bind9.git / commitdiff
