Provided by: zonecheck_3.0.5-1_all 
NAME
zonecheck - DNS zone checking tool
SYNOPSIS
zonecheck [ -hqV ] [ -voet opt ] [ -46 ] [ -c conf ]
[ -n nslist ] [ -s key ] domainname
DESCRIPTION
The DNS is a critical resource for every network application, quite important to ensure
that a zone or domain name is correctly configured in the DNS.
ZoneCheck is intended to help solving misconfigurations or inconsistencies usually
revealed by an increase in the latency of the application, up to the output of
unexpected/inconsistant results.
OPTIONS
NOTE: It doesn't necessary make sense to combine some options together, if that case
happens the most recent option will be taken into account, silently discarding the
others.
--lang lang
Select another language (en, fr, ...). The syntax is the same as for the
environment variable LANG.
--debug, -d lvl
Select the debugging messages to print or activate debugging code. This parameter
will override the value of the environment variable ZC_DEBUG.
The available options are:
0x0001 : Initialisation
0x0002 : Localization / Internationalisation
0x0004 : Configuration
0x0008 : Autoconf
0x0010 : Loading tests
0x0020 : Tests performed
0x0040 : Debugging messages from tests
0x0400 : Information about cached object
0x0800 : Debugger itself
0x1000 : Crazy Debug, don't try this at home!
0x2000 : Dnsruby library debugging messages
0x4000 : Disable caching
0x8000 : Don't try to rescue exceptions
--help, -h
Show a short description of the different options available in ZoneCheck.
--version, -V
Display the version and exit.
--batch, -B filename
Depreciated option. You can use this script instead :
for domain in `cat list_dom`; do
echo "Testing $domain"
zonecheck $domain
done
--config, -c filename
Specify the location of the configuration file (default is zc.conf).
--testdir directory
Location of the directory holding the tests definition.
--profile, -P profilename
Force uses of profile profilename.
--category, -C catlist
Limit the test to perform to the categories specified by catlist. The syntax for
the catgory description is as follow:
allow=[+|] disallow=[-|!] subcomponent=: separator=,
ex: dns:soa,!dns,+
don't perform DNS tests that are not SOA related
--test, -T testname
testname is the test to perform. In this case failing to pass the test is
considered as fatal.
--testlist
List all the tests available.
--testdesc desctype
Give a description of the test, the possible values for desctype are name, success,
failure, explanation.
--resolver, -r resolver
Resolver to use (only IP address is accepted) for finding the information about the
tested zone, by default the name servers used are the one specified in
/etc/resolv.conf. Note that for finding the name servers the zone should already
have been delegated.
--ns, -n nslist
List of nameservers for the domain. Nameservers name are separated by a semicolon,
the name can be followed by the equal sign and its IP addresses separated by a
colon.
This can give the following example: ns1;ns2=ip1,ip2;ns3=ip3
--securedelegation, -s [dsordnskey]
Force the execution of the full DNSSEC profile. Arguments are optional. You can
precise the Trust Anchor of your zone by giving the DNSKEY or the DS and the
algorithm used to hash your key. Several Trust Anchors can be specified, separated
by commas (in that case, they _all_ have to match.)
This can give the following example:
DNSKEY:af1Bs0F+4rg-g19,DS:eAg7P4J1qfMg:SHA-1
DS:eAg7P4J1qfMg:SHA-1
DS-RDATA:5991 8 2
46DB8A99F9125B1F88AAC74DF7EC3FFCCC13CE7412C3BEBB2CB93BED4A05A960
DNSKEY:af1Bs0F+4rg-g19
--quiet, -q
Don't display extra titles.
--one, -1
Only display the most relevant message in a compact format.
--tagonly, -g
Display only tag. This option should be used for scripting.
--verbose, -v options
Display extra information, they can be prefix by '-' or '!' to remove the effect,
available options are:
intro, i
Print a short summary about the domain name and its nameservers.
testname, n
Print the name of the test when reporting a test status.
explain, x
Print an explanation for failed tests (reference to RFC, ...).
details, d
Print a detailed description of the failure (name or value of the resource
involved).
reportok, o
Report test even if they passed.
fatalonly, f
Only print fatal errors.
testdesc, t
Print the test description before performing it.
counter, c
Display a test progression bar (this option is not always available
according to the output media).
NOTE: testdesc and counter are mutually exclusive.
--output, -o options
Output rendering/format selection, avalaible options are:
byseverity, bs [default]
Output is sorted/merged by severity.
byhost, bh
Output is sorted/merged by host.
text, t [default]
Output plain text.
html, h
Output HTML.
xml, x
Output XML. (experimental)
NOTE: The following set are mutually exclusive: [byseverity|byhost] and
[text|html].
--error, -e options
Behaviour in case of error, available options are:
allfatal, af
All error are considered as fatals.
allwarning, aw
All error are considered as warnings.
dfltseverity, ds [default]
Use the severity associated with the test.
stop, s [default]
Stop on the first fatal error.
WARNING: the current implementation stop on the first error but for each
server.
nostop, ns
Never stop (even on fatal error). This generally result in a lot of errors
or unexpected results due to the previous fatal error.
NOTE: The following set are mutually exclusive: [allfatal|allwarning|dfltseverity]
and [stop|nostop].
--transp, -t options
Transport/routing layer selection, available options are:
ipv4, 4 [default]
Use the IPv4 routing protocol.
ipv6, 6 [default]
Use the IPv6 routing protocol.
udp, u Use the UDP transport layer.
tcp, t Use the TCP transport layer.
std, s [default]
Use the UDP with fallback to TCP for truncated messages.
NOTE: udp, tcp and std are mutually exclusive.
--edns [always|never|auto]
Activate/Deactivate the use of EDNS for all queries. Three possible values: always,
never, auto. Auto : automatically determine if the domain and the route to name
servers can carry EDNS queries.
--ipv4, -4
Only check the zone with IPv4 connectivity.
--ipv6, -6
Only check the zone with IPv6 connectivity.
--preset name
Use of a preset configuration defined in the zc.conf configuration file.
--option options
Set extra options. The syntax is: -,-opt,opt,opt=foo
ihtml Generate HTML pages that are suitable for inclusion (for HTML output).
nojavascript
Remove generation of javascript (for HTML output).
ENVIRONMENT
LANG Specify the lang and eventually the encoding to use to display messages. For
examples: fr, fr_CA, fr.latin1, fr_CA.utf8, ...
ZC_CONFIG_DIR
Directory where the configuration file and the different profiles are located.
ZC_CONFIG_FILE
Name of the configuration file to use (defaul to zc.conf), it is override by the
--config option.
ZC_LOCALIZATION_DIR
Directory where all the localization files are located.
ZC_TEST_DIR
Directory where all the tests are located, it is override by the --testdir option.
ZC_HTML_PATH
Path relative to the web server to use when generating HTML pages.
ZC_DEBUG
The variable as the same effect as the debug parameter, but its main advantage is
that it is taken into account from the beginning of the program.
ZC_INPUT
The variable as the same effect as the undocumented INPUT parameter, it allows to
chose the input interface used by ZoneCheck, the currently supported values are:
cli, cgi and inetd. But other interfaces doesn't accept the same parameters as the
one described here.
ZC_IP_STACK
Restrict the IP stack available to IPv4 or IPv6, for that set it respectively to 4
or 6. This is particularly useful if you have an IPv6 stack on your computer but
don't have the connectivity, in that case define ZC_IP_STACK=4.
ZC_XML_PARSER
If ruby-libxml is installed, this parser will be used instead of rexml for speed
improvement, but you can force the use of rexml by setting ZC_XML_PARSER to rexml.
NOTE: The following variables are mainly useful when it is not possible for the user to
specify alternative value with the selected input interface: ZC_CONFIG_DIR,
ZC_CONFIG_FILE, ZC_LOCALIZATION_DIR, ZC_TEST_DIR. Such a case happen when using
the cgi interface, and you don't want the user to read an arbitrary configuration
file, but as the provider of the service you want to use another configuration.
EXIT STATUS
The following exit status can be reported by ZoneCheck:
0 Everything went fine, no fatal errors were reported, the domain configuration is
correct.
1 The program completed but some tests failed with a fatal severity, the domain is
NOT correctly configured.
2 The program completed but some tests failed due with a fatal severity due to
timeout occuring, the domain has been considered as NOT correctly configured, but
you could want to check again later. This is currently not implemented.
3 The user aborted the program before it's completion.
4 An error which is not directly related to the tests performed has occured (ie:
something went wrong).
9 The user (you?) didn't bother reading the man page...
FILES
/usr/local/etc/zonecheck/zc.conf
The default configuration file.
/usr/local/etc/zonecheck/*.profile
The test sequence to use for different domains.
/usr/local/libexec/zc/test
Contains the code of the tests performed by ZoneCheck.
/usr/local/libexec/zc/locale
Contains the different translations.
/usr/local/libexec/zc/www
Contains a website sample for the web interface.
EXAMPLES
Test the domain_name with IPv6 only connectivity, print a summary information about the
tested domain as well as explanations and details of failed tests.
zonecheck -6 --verbose=i,x,d domain_name
Ask for the 'error' message associated with the test 'soa'.
zonecheck --testdesc error -T soa
Only print tests which have failed and the result (succeed/failed), this would be ideal
for giving people, through email fir example, a short description of why their domains are
not correctly configured.
zonecheck -q -vn,d,x,f domain_name
If you want to test your domain, you will certainly like to use these parameters (the use
of IPv4 only as been forced because now people have computer with IPv6 stack but very few
have the IPv6 connectivity, so autodetection will failed).
zonecheck -4 -vi,x,d,c domain_name
SEE ALSO
RFC 1033, RFC 1034, RFC 1035, dig(1)
AUTHORS
Stephane D'Alu with the help of people working at AFNIC is the author of this version, but
don't forget also to take a look at the CREDITS file available in the distribution.
HISTORY
ZoneCheck was initiated and developed by engineers working at NIC France (INRIA's service)
to check the correct configuration of a zone before delegating a domain name under .fr.
Its development continued at AFNIC, which took over the activities of NIC France on
January 1 1998.
ZoneCheck-1.* was created in 1995 by Benoit Grange and has been maintained by him until
1997. The prototype was a script using the dig command, which evolved into a perl program
based on the DNS resolver Resolv5. Vincent Gillet maintained the programme in 1998. This
task has been taken over by Erwan Mas and Philippe Lubrano from 1998 until now.
ZoneCheck-2.* is a rewrite from scratch done in ruby at the end of 2002 by Stephane D'Alu,
so as to create a modular and extensible version. And is the current version of ZoneCheck.
BUGS
Please send problems, bugs, questions, desirable enhancements, source code contributions,
by using the interface provided by:
http://savannah.nongnu.org/projects/zonecheck
You can also consult the ZoneCheck homepage for more information:
http://www.zonecheck.fr/
26 January 2003 ZONECHECK(1)