1 .. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2 .. 3 .. SPDX-License-Identifier: MPL-2.0 4 .. 5 .. This Source Code Form is subject to the terms of the Mozilla Public 6 .. License, v. 2.0. If a copy of the MPL was not distributed with this 7 .. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8 .. 9 .. See the COPYRIGHT file distributed with this work for additional 10 .. information regarding copyright ownership. 11 12 .. highlight: console 13 14 .. iscman:: named-rrchecker 15 .. program:: named-rrchecker 16 .. _man_named-rrchecker: 17 18 named-rrchecker - syntax checker for individual DNS resource records 19 -------------------------------------------------------------------- 20 21 Synopsis 22 ~~~~~~~~ 23 24 :program:`named-rrchecker` [**-h**] [**-o** origin] [**-p**] [**-u**] [**-C**] [**-T**] [**-P**] 25 26 Description 27 ~~~~~~~~~~~ 28 29 :program:`named-rrchecker` reads a single DNS resource record (RR) from standard 30 input and checks whether it is syntactically correct. 31 32 The input format is a minimal subset of the DNS zone file format. The entire input must be: 33 CLASS TYPE RDATA 34 35 * Input must not start with an owner (domain) name 36 * The `CLASS` field is mandatory (typically ``IN``). 37 * The `TTL` field **must not** be present. 38 * RDATA format is specific to each RRTYPE. 39 * Leading and trailing whitespace in each field is ignored. 40 41 Format details can be found in :rfc:`1035#section-5.1` under ``<rr>`` 42 specification. :rfc:`3597` format is also accepted in any of the input fields. 43 See :ref:`Examples`. 44 45 46 Options 47 ~~~~~~~ 48 49 .. option:: -o origin 50 51 This option specifies the origin to be used when interpreting names in the record: 52 it defaults to root (`.`). The specified origin is always taken as an absolute name. 53 54 .. option:: -p 55 56 This option prints out the resulting record in canonical form. If there 57 is no canonical form defined, the record is printed in :rfc:`3597` unknown 58 record format. 59 60 .. option:: -u 61 62 This option prints out the resulting record in :rfc:`3597` unknown record 63 format. 64 65 .. option:: -C, -T, -P 66 67 These options do not read input. They print out known classes, standard types, 68 and private type mnemonics. Each item is printed on a separate line. 69 The resulting list of private types may be empty 70 71 .. option:: -h 72 73 This option prints out the help menu. 74 75 76 .. _examples: 77 78 Examples 79 ~~~~~~~~ 80 Pay close attention to the :manpage:`echo` command line options `-e` and `-n`, as they affect whitespace in the input to ``named-rrchecker``. 81 82 echo -n 'IN A 192.0.2.1' | named-rrchecker 83 * Valid input is in :rfc:`1035` format with no newline at the end of the input. 84 * Return code 0. 85 86 echo -e '\\n \\n IN\\tA 192.0.2.1 \\t \\n\\n ' | named-rrchecker -p 87 * Valid input with leading and trailing whitespace. 88 * Output: ``IN A 192.0.2.1`` 89 * Leading and trailing whitespace is not part of the output. 90 91 92 Relative names and origin 93 ^^^^^^^^^^^^^^^^^^^^^^^^^ 94 echo 'IN CNAME target' | named-rrchecker -p 95 * Valid input with a relative name as the CNAME target. 96 * Output: ``IN CNAME target.`` 97 * Relative name `target` from the input is converted to an absolute name using the default origin ``.`` (root). 98 99 echo 'IN CNAME target' | named-rrchecker -p -o origin.test 100 * Valid input with a relative name as the CNAME target. 101 * Output: ``IN CNAME target.origin.test.`` 102 * Relative name `target` from the input is converted to an absolute name using the specified origin ``origin.test`` 103 echo 'IN CNAME target.' | named-rrchecker -p -o origin.test 104 * Valid input with an absolute name as the CNAME target. 105 * Output: ``IN CNAME target.`` 106 * The specified origin has no influence if `target` from the input is already absolute. 107 108 109 Special characters 110 ^^^^^^^^^^^^^^^^^^ 111 Special characters allowed in zone files by :rfc:`1035#section-5.1` are accepted. 112 113 echo 'IN CNAME t\\097r\\get\\.' | named-rrchecker -p -o origin.test 114 * Valid input with backslash escapes. 115 * Output: ``IN CNAME target\..origin.test.`` 116 * ``\097`` denotes an ASCII value in decimal, which, in this example, is the character ``a``. 117 * ``\g`` is converted to a plain ``g`` because the ``g`` character does not have a special meaning and so the ``\`` prefix does nothing in this case. 118 * ``\.`` denotes a literal ASCII dot (here as a part of the CNAME target name). Special meaning of ``.`` as the DNS label separator was disabled by the preceding ``\`` prefix. 119 120 echo 'IN CNAME @' | named-rrchecker -p -o origin.test 121 * Valid input with ``@`` used as a reference to the specified origin. 122 * Output: ``IN CNAME origin.test.`` 123 124 echo 'IN CNAME \\@' | named-rrchecker -p -o origin.test 125 * Valid input with a literal ``@`` character (escaped). 126 * Output: ``IN CNAME \@.origin.test.`` 127 128 echo 'IN CNAME prefix.@' | named-rrchecker -p -o origin.test 129 * Valid input with ``@`` used as a reference to the specifed origin. 130 * Output: ``IN CNAME prefix.\@.origin.test.`` 131 * ``@`` has special meaning only if it is free-standing. 132 133 echo 'IN A 192.0.2.1; comment' | named-rrchecker -p 134 * Valid input with a trailing comment. Note the lack of whitespace before the start of the comment. 135 * Output: ``IN A 192.0.2.1`` 136 137 For multi-line examples see the next section. 138 139 Multi-token records 140 ^^^^^^^^^^^^^^^^^^^ 141 echo -e 'IN TXT two words \\n' | named-rrchecker -p 142 * Valid TXT RR with two unquoted words and trailing whitespace. 143 * Output: ``IN TXT "two" "words"`` 144 * Two unquoted words in the input are treated as two `<character-string>`\ s per :rfc:`1035#section-3.3.14`. 145 * Trailing whitespace is omitted from the last `<character-string>`. 146 147 echo -e 'IN TXT "two words" \\n' | named-rrchecker -p 148 * Valid TXT RR with one `character-string` and trailing whitespace. 149 * Output: ``IN TXT "two words"`` 150 151 echo -e 'IN TXT "problematic newline\\n"' | named-rrchecker -p 152 * Invalid input - the closing ``"`` is not detected before the end of the line. 153 154 echo 'IN TXT "with newline\\010"' | named-rrchecker -p 155 * Valid input with an escaped newline character inside `character-string`. 156 * Output: ``IN TXT "with newline\010"`` 157 158 echo -e 'IN TXT ( two\\nwords )' | named-rrchecker -p 159 * Valid multi-line input with line continuation allowed inside optional parentheses in the RDATA field. 160 * Output: ``IN TXT "two" "words"`` 161 162 echo -e 'IN TXT ( two\\nwords ; misplaced comment )' | named-rrchecker -p 163 * Invalid input - comments, starting with ";", are ignored by the parser, so the closing parenthesis should be before the semicolon. 164 165 echo -e 'IN TXT ( two\\nwords ; a working comment\\n )' | named-rrchecker -p 166 * Valid input - the comment is terminated with a newline. 167 * Output: ``IN TXT "two" "words"`` 168 169 echo 'IN HTTPS 1 . alpn="h2,h3"' | named-rrchecker -p 170 * Valid HTTPS record 171 * Output: ``IN HTTPS 1 . alpn="h2,h3"`` 172 173 echo -e 'IN HTTPS ( 1 \\n . \\n alpn="dot")port=853' | named-rrchecker -p 174 * Valid HTTPS record with individual sub-fields split across multiple lines 175 using :rfc:`1035#section-5.1` parentheses syntax to group data that crosses 176 a line boundary. 177 * Note the missing whitespace between the closing parenthesis and adjacent tokens. 178 * Output: ``IN HTTPS 1 . alpn="dot" port=853`` 179 180 181 Unknown type handling 182 ^^^^^^^^^^^^^^^^^^^^^ 183 184 echo 'IN A 192.0.2.1' | named-rrchecker -u 185 * Valid input in :rfc:`1035` format. 186 * Output in :rfc:`3957` format: ``CLASS1 TYPE1 \# 4 C0000201`` 187 188 echo 'CLASS1 TYPE1 \\# 4 C0000201' | named-rrchecker -p 189 * Valid input in :rfc:`3597` format. 190 * Output in :rfc:`1035` format: ``IN A 192.0.2.1`` 191 192 echo 'IN A \\# 4 C0000201' | named-rrchecker -p 193 * Valid input with class and type in :rfc:`1035` format and rdata in :rfc:`3597` format. 194 * Output in :rfc:`1035` format: ``IN A 192.0.2.1`` 195 196 echo 'IN HTTPS 1 . key3=\\001\\000' | named-rrchecker -p 197 * Valid input with :rfc:`9460` syntax for an unknown `key3` field. Syntax ``\001\000`` produces two octets with values 1 and 0, respectively. 198 * Output: ``IN HTTPS 1 . port=256`` 199 * `key3` matches the standardized key name `port`. 200 * Octets 1 and 0 were decoded as integer values in big-endian encoding. 201 202 echo 'IN HTTPS 1 . key3=\\001' | named-rrchecker -p 203 * Invalid input - the length of the value for `key3` (i.e. port) does not match the known standard format for that parameter in the SVCB RRTYPE. 204 205 echo 'IN HTTPS 1 . port=\\001\\000' | named-rrchecker -p 206 * Invalid input - the key `port`, when specified using its standard mnemonic name, **must** use standard key-specific syntax. 207 208 Meta values 209 ^^^^^^^^^^^ 210 211 echo 'IN AXFR' | named-rrchecker 212 * Invalid input - AXFR is a meta type, not a genuine RRTYPE. 213 214 echo 'ANY A 192.0.2.1' | named-rrchecker 215 * Invalid input - ANY is meta class, not a true class. 216 217 echo 'A 192.0.2.1' | named-rrchecker 218 * Invalid input - the class field is missing, so the parser would try and fail to interpret the RRTYPE A as the class. 219 220 221 Return Codes 222 ~~~~~~~~~~~~ 223 224 0 225 The whole input was parsed as one syntactically valid resource record. 226 227 1 228 The input is not a syntactically valid resource record, or the given type is not 229 supported, or either/both class and type are meta-values, which should not appear in zone files. 230 231 232 See Also 233 ~~~~~~~~ 234 235 :rfc:`1034`, :rfc:`1035`, :rfc:`3957`, :iscman:`named(8) <named>`. 236
Indexes created Sun Mar 01 05:31:48 UTC 2026