1 .. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2 .. 3 .. SPDX-License-Identifier: MPL-2.0 4 .. 5 .. This Source Code Form is subject to the terms of the Mozilla Public 6 .. License, v. 2.0. If a copy of the MPL was not distributed with this 7 .. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8 .. 9 .. See the COPYRIGHT file distributed with this work for additional 10 .. information regarding copyright ownership. 11 12 .. highlight: console 13 14 .. BEWARE: Do not forget to edit also named-checkzone.rst! 15 16 .. iscman:: named-compilezone 17 .. program:: named-compilezone 18 .. _man_named-compilezone: 19 20 named-compilezone - zone file converting tool 21 --------------------------------------------- 22 23 Synopsis 24 ~~~~~~~~ 25 26 :program:`named-compilezone` [**-d**] [**-h**] [**-j**] [**-q**] [**-v**] [**-c** class] [**-C** mode] [**-f** format] [**-F** format] [**-J** filename] [**-i** mode] [**-k** mode] [**-m** mode] [**-M** mode] [**-n** mode] [**-l** ttl] [**-L** serial] [**-r** mode] [**-s** style] [**-S** mode] [**-t** directory] [**-T** mode] [**-w** directory] [**-D**] [**-W** mode] {**-o** filename} {zonename} {filename} 27 28 Description 29 ~~~~~~~~~~~ 30 31 :program:`named-compilezone` checks the syntax and integrity of a zone file, 32 and dumps the zone contents to a specified file in a specified format. 33 34 Unlike :program:`named-checkzone`, zone contents are not strictly checked 35 by default. If the output is to be used as an actual zone file to be loaded 36 by :iscman:`named`, then the check levels should be manually configured to 37 be at least as strict as those specified in the :iscman:`named` configuration 38 file. 39 40 Running :program:`named-checkzone` on the input prior to compiling will 41 ensure that the zone compiles with the default requirements of 42 :iscman:`named`. 43 44 Options 45 ~~~~~~~ 46 47 .. option:: -d 48 49 This option enables debugging. 50 51 .. option:: -h 52 53 This option prints the usage summary and exits. 54 55 .. option:: -q 56 57 This option sets quiet mode, which only sets an exit code to indicate 58 successful or failed completion. 59 60 .. option:: -v 61 62 This option prints the version of the :iscman:`named-checkzone` program and exits. 63 64 .. option:: -j 65 66 When loading a zone file, this option tells :iscman:`named` to read the journal if it exists. The journal 67 file name is assumed to be the zone file name with the 68 string ``.jnl`` appended. 69 70 .. option:: -J filename 71 72 When loading the zone file, this option tells :iscman:`named` to read the journal from the given file, if 73 it exists. This implies :option:`-j`. 74 75 .. option:: -c class 76 77 This option specifies the class of the zone. If not specified, ``IN`` is assumed. 78 79 .. option:: -C mode 80 81 This option controls check mode on zone files when loading. 82 Possible modes are ``check-svcb:fail`` and ``check-svcb:ignore``. 83 84 ``check-svcb:fail`` turns on additional checks on ``_dns`` SVCB 85 records and ``check-svcb:ignore`` disables these checks. The 86 default is ``check-svcb:ignore``. 87 88 .. option:: -i mode 89 90 This option performs post-load zone integrity checks. Possible modes are 91 ``full``, ``full-sibling``, ``local``, 92 ``local-sibling``, and ``none`` (the default). 93 94 Mode ``full`` checks that MX records refer to A or AAAA records 95 (both in-zone and out-of-zone hostnames). Mode ``local`` only 96 checks MX records which refer to in-zone hostnames. 97 98 Mode ``full`` checks that SRV records refer to A or AAAA records 99 (both in-zone and out-of-zone hostnames). Mode ``local`` only 100 checks SRV records which refer to in-zone hostnames. 101 102 Mode ``full`` checks that delegation NS records refer to A or AAAA 103 records (both in-zone and out-of-zone hostnames). It also checks that 104 glue address records in the zone match those advertised by the child. 105 Mode ``local`` only checks NS records which refer to in-zone 106 hostnames or verifies that some required glue exists, i.e., when the 107 name server is in a child zone. 108 109 Modes ``full-sibling`` and ``local-sibling`` disable sibling glue 110 checks, but are otherwise the same as ``full`` and ``local``, 111 respectively. 112 113 Mode ``none`` disables the checks. 114 115 .. option:: -f format 116 117 This option specifies the format of the zone file. Possible formats are 118 ``text`` (the default), and ``raw``. 119 120 .. option:: -F format 121 122 This option specifies the format of the output file specified. For 123 :iscman:`named-checkzone`, this does not have any effect unless it dumps 124 the zone contents. 125 126 Possible formats are ``text`` (the default), which is the standard 127 textual representation of the zone, and ``raw`` and ``raw=N``, which 128 store the zone in a binary format for rapid loading by :iscman:`named`. 129 ``raw=N`` specifies the format version of the raw zone file: if ``N`` is 130 0, the raw file can be read by any version of :iscman:`named`; if N is 1, the 131 file can only be read by release 9.9.0 or higher. The default is 1. 132 133 .. option:: -k mode 134 135 This option performs ``check-names`` checks with the specified failure mode. 136 Possible modes are ``fail``, ``warn``, and ``ignore`` (the default). 137 138 .. option:: -l ttl 139 140 This option sets a maximum permissible TTL for the input file. Any record with a 141 TTL higher than this value causes the zone to be rejected. This 142 is similar to using the ``max-zone-ttl`` option in :iscman:`named.conf`. 143 144 .. option:: -L serial 145 146 When compiling a zone to ``raw`` format, this option sets the "source 147 serial" value in the header to the specified serial number. This is 148 expected to be used primarily for testing purposes. 149 150 .. option:: -m mode 151 152 This option specifies whether MX records should be checked to see if they are 153 addresses. Possible modes are ``fail``, ``warn``, and 154 ``ignore`` (the default). 155 156 .. option:: -M mode 157 158 This option checks whether a MX record refers to a CNAME. Possible modes are 159 ``fail``, ``warn``, and ``ignore`` (the default). 160 161 .. option:: -n mode 162 163 This option specifies whether NS records should be checked to see if they are 164 addresses. Possible modes are ``fail``, ``warn``, and 165 ``ignore`` (the default). 166 167 .. option:: -o filename 168 169 This option writes the zone output to ``filename``. If ``filename`` is ``-``, then 170 the zone output is written to standard output. This is mandatory for :program:`named-compilezone`. 171 172 .. option:: -r mode 173 174 This option checks for records that are treated as different by DNSSEC but are 175 semantically equal in plain DNS. Possible modes are ``fail``, 176 ``warn``, and ``ignore`` (the default). 177 178 .. option:: -s style 179 180 This option specifies the style of the dumped zone file. Possible styles are 181 ``full`` (the default) and ``relative``. The ``full`` format is most 182 suitable for processing automatically by a separate script. 183 The relative format is more human-readable and is thus 184 suitable for editing by hand. 185 186 .. option:: -S mode 187 188 This option checks whether an SRV record refers to a CNAME. Possible modes are 189 ``fail``, ``warn``, and ``ignore`` (the default). 190 191 .. option:: -t directory 192 193 This option tells :iscman:`named` to chroot to ``directory``, so that ``include`` directives in the 194 configuration file are processed as if run by a similarly chrooted 195 :iscman:`named`. 196 197 .. option:: -T mode 198 199 This option checks whether Sender Policy Framework (SPF) records exist and issues a 200 warning if an SPF-formatted TXT record is not also present. Possible 201 modes are ``warn`` and ``ignore`` (the default). 202 203 .. option:: -w directory 204 205 This option instructs :iscman:`named` to chdir to ``directory``, so that relative filenames in master file 206 ``$INCLUDE`` directives work. This is similar to the directory clause in 207 :iscman:`named.conf`. 208 209 .. option:: -D 210 211 This option dumps the zone file in canonical format. This is always enabled for 212 :program:`named-compilezone`. 213 214 .. option:: -W mode 215 216 This option specifies whether to check for non-terminal wildcards. Non-terminal 217 wildcards are almost always the result of a failure to understand the 218 wildcard matching algorithm (:rfc:`4592`). Possible modes are ``warn`` 219 and ``ignore`` (the default). 220 221 .. option:: zonename 222 223 This indicates the domain name of the zone being checked. 224 225 .. option:: filename 226 227 This is the name of the zone file. 228 229 Return Values 230 ~~~~~~~~~~~~~ 231 232 :program:`named-compilezone` returns an exit status of 1 if errors were detected 233 and 0 otherwise. 234 235 See Also 236 ~~~~~~~~ 237 238 :iscman:`named(8) <named>`, :iscman:`named-checkconf(8) <named-checkconf>`, :iscman:`named-checkzone(8) <named-checkzone>`, :rfc:`1035`, 239 BIND 9 Administrator Reference Manual. 240
Indexes created Tue Mar 03 05:31:39 UTC 2026