Provided by: zonecheck_3.0.5-1_all bug

NAME

       zonecheck - DNS zone checking tool

SYNOPSIS

       zonecheck [ -hqV ] [ -voet opt ] [ -46 ] [ -c conf ]
                 [ -n nslist ] [ -s key ] domainname

DESCRIPTION

       The  DNS  is  a critical resource for every network application, quite important to ensure
       that a zone or domain name is correctly configured in the DNS.

       ZoneCheck is  intended  to  help  solving  misconfigurations  or  inconsistencies  usually
       revealed  by  an  increase  in  the  latency  of  the  application,  up  to  the output of
       unexpected/inconsistant results.

OPTIONS

       NOTE:  It doesn't necessary make sense to combine some  options  together,  if  that  case
              happens  the most recent option will be taken into account, silently discarding the
              others.

       --lang lang
              Select another language  (en,  fr,  ...).  The  syntax  is  the  same  as  for  the
              environment variable LANG.

       --debug, -d lvl
              Select  the debugging messages to print or activate debugging code.  This parameter
              will override the value of the environment variable ZC_DEBUG.
              The available options are:
                0x0001 : Initialisation
                0x0002 : Localization / Internationalisation
                0x0004 : Configuration
                0x0008 : Autoconf
                0x0010 : Loading tests
                0x0020 : Tests performed
                0x0040 : Debugging messages from tests
                0x0400 : Information about cached object
                0x0800 : Debugger itself

                0x1000 : Crazy Debug, don't try this at home!
                0x2000 : Dnsruby library debugging messages
                0x4000 : Disable caching
                0x8000 : Don't try to rescue exceptions

       --help, -h
              Show a short description of the different options available in ZoneCheck.

       --version, -V
              Display the version and exit.

       --batch, -B filename
              Depreciated option. You can use this script instead :
                for domain in `cat list_dom`; do
                  echo "Testing $domain"
                  zonecheck $domain
                done

       --config, -c filename
              Specify the location of the configuration file (default is zc.conf).

       --testdir directory
              Location of the directory holding the tests definition.

       --profile, -P profilename
              Force uses of profile profilename.

       --category, -C catlist
              Limit the test to perform to the categories specified by catlist.  The  syntax  for
              the catgory description is as follow:
                allow=[+|]    disallow=[-|!]    subcomponent=:    separator=,
                ex: dns:soa,!dns,+
                    don't perform DNS tests that are not SOA related

       --test, -T testname
              testname  is  the  test  to  perform.  In  this  case  failing  to pass the test is
              considered as fatal.

       --testlist
              List all the tests available.

       --testdesc desctype
              Give a description of the test, the possible values for desctype are name, success,
              failure, explanation.

       --resolver, -r resolver
              Resolver to use (only IP address is accepted) for finding the information about the
              tested  zone,  by  default  the  name  servers  used  are  the  one  specified   in
              /etc/resolv.conf.  Note  that  for finding the name servers the zone should already
              have been delegated.

       --ns, -n nslist
              List of nameservers for the domain. Nameservers name are separated by a  semicolon,
              the  name  can  be  followed  by the equal sign and its IP addresses separated by a
              colon.
              This can give the following example: ns1;ns2=ip1,ip2;ns3=ip3

       --securedelegation, -s [dsordnskey]
              Force the execution of the full DNSSEC profile. Arguments are  optional.   You  can
              precise  the  Trust  Anchor  of  your  zone  by giving the DNSKEY or the DS and the
              algorithm used to hash your key. Several Trust Anchors can be specified,  separated
              by commas (in that case, they _all_ have to match.)
              This can give the following example:
                DNSKEY:af1Bs0F+4rg-g19,DS:eAg7P4J1qfMg:SHA-1
                DS:eAg7P4J1qfMg:SHA-1
                DS-RDATA:5991                                 8                                 2
              46DB8A99F9125B1F88AAC74DF7EC3FFCCC13CE7412C3BEBB2CB93BED4A05A960
                DNSKEY:af1Bs0F+4rg-g19

       --quiet, -q
              Don't display extra titles.

       --one, -1
              Only display the most relevant message in a compact format.

       --tagonly, -g
              Display only tag. This option should be used for scripting.

       --verbose, -v options
              Display extra information, they can be prefix by '-' or '!'  to remove the  effect,
              available options are:

              intro, i
                     Print a short summary about the domain name and its nameservers.

              testname, n
                     Print the name of the test when reporting a test status.

              explain, x
                     Print an explanation for failed tests (reference to RFC, ...).

              details, d
                     Print  a  detailed description of the failure (name or value of the resource
                     involved).

              reportok, o
                     Report test even if they passed.

              fatalonly, f
                     Only print fatal errors.

              testdesc, t
                     Print the test description before performing it.

              counter, c
                     Display a  test  progression  bar  (this  option  is  not  always  available
                     according to the output media).

              NOTE:  testdesc and counter are mutually exclusive.

       --output, -o options
              Output rendering/format selection, avalaible options are:

              byseverity, bs [default]
                     Output is sorted/merged by severity.

              byhost, bh
                     Output is sorted/merged by host.

              text, t [default]
                     Output plain text.

              html, h
                     Output HTML.

              xml, x
                     Output XML. (experimental)

              NOTE:  The   following   set   are   mutually  exclusive:  [byseverity|byhost]  and
                     [text|html].

       --error, -e options
              Behaviour in case of error, available options are:

              allfatal, af
                     All error are considered as fatals.

              allwarning, aw
                     All error are considered as warnings.

              dfltseverity, ds [default]
                     Use the severity associated with the test.

              stop, s [default]
                     Stop on the first fatal error.
                     WARNING: the current implementation stop on the first  error  but  for  each
                     server.

              nostop, ns
                     Never  stop  (even on fatal error). This generally result in a lot of errors
                     or unexpected results due to the previous fatal error.

              NOTE:  The following set are mutually exclusive: [allfatal|allwarning|dfltseverity]
                     and [stop|nostop].

       --transp, -t options
              Transport/routing layer selection, available options are:

              ipv4, 4 [default]
                     Use the IPv4 routing protocol.

              ipv6, 6 [default]
                     Use the IPv6 routing protocol.

              udp, u Use the UDP transport layer.

              tcp, t Use the TCP transport layer.

              std, s [default]
                     Use the UDP with fallback to TCP for truncated messages.

              NOTE:  udp, tcp and std are mutually exclusive.

       --edns [always|never|auto]
              Activate/Deactivate the use of EDNS for all queries. Three possible values: always,
              never, auto. Auto : automatically determine if the domain and  the  route  to  name
              servers can carry EDNS queries.

       --ipv4, -4
              Only check the zone with IPv4 connectivity.

       --ipv6, -6
              Only check the zone with IPv6 connectivity.

       --preset name
              Use of a preset configuration defined in the zc.conf configuration file.

       --option options
              Set extra options. The syntax is: -,-opt,opt,opt=foo

              ihtml  Generate HTML pages that are suitable for inclusion (for HTML output).

              nojavascript
                     Remove generation of javascript (for HTML output).

ENVIRONMENT

       LANG   Specify  the  lang  and  eventually  the  encoding to use to display messages.  For
              examples: fr, fr_CA, fr.latin1, fr_CA.utf8, ...

       ZC_CONFIG_DIR
              Directory where the configuration file and the different profiles are located.

       ZC_CONFIG_FILE
              Name of the configuration file to use (defaul to zc.conf), it is  override  by  the
              --config option.

       ZC_LOCALIZATION_DIR
              Directory where all the localization files are located.

       ZC_TEST_DIR
              Directory where all the tests are located, it is override by the --testdir option.

       ZC_HTML_PATH
              Path relative to the web server to use when generating HTML pages.

       ZC_DEBUG
              The  variable  as the same effect as the debug parameter, but its main advantage is
              that it is taken into account from the beginning of the program.

       ZC_INPUT
              The variable as the same effect as the undocumented INPUT parameter, it  allows  to
              chose  the  input  interface used by ZoneCheck, the currently supported values are:
              cli, cgi and inetd. But other interfaces doesn't accept the same parameters as  the
              one described here.

       ZC_IP_STACK
              Restrict  the IP stack available to IPv4 or IPv6, for that set it respectively to 4
              or 6.  This is particularly useful if you have an IPv6 stack on your  computer  but
              don't have the connectivity, in that case define ZC_IP_STACK=4.

       ZC_XML_PARSER
              If  ruby-libxml  is  installed, this parser will be used instead of rexml for speed
              improvement, but you can force the use of rexml by setting ZC_XML_PARSER to rexml.

       NOTE:  The following variables are mainly useful when it is not possible for the  user  to
              specify  alternative  value  with  the  selected  input  interface:  ZC_CONFIG_DIR,
              ZC_CONFIG_FILE, ZC_LOCALIZATION_DIR, ZC_TEST_DIR.  Such a case  happen  when  using
              the  cgi  interface, and you don't want the user to read an arbitrary configuration
              file, but as the provider of the service you want to use another configuration.

EXIT STATUS

       The following exit status can be reported by ZoneCheck:

       0      Everything went fine, no fatal errors were reported, the  domain  configuration  is
              correct.

       1      The  program  completed  but some tests failed with a fatal severity, the domain is
              NOT correctly configured.

       2      The program completed but some tests failed  due  with  a  fatal  severity  due  to
              timeout  occuring,  the domain has been considered as NOT correctly configured, but
              you could want to check again later. This is currently not implemented.

       3      The user aborted the program before it's completion.

       4      An error which is not directly related to the  tests  performed  has  occured  (ie:
              something went wrong).

       9      The user (you?) didn't bother reading the man page...

FILES

       /usr/local/etc/zonecheck/zc.conf
              The default configuration file.

       /usr/local/etc/zonecheck/*.profile
              The test sequence to use for different domains.

       /usr/local/libexec/zc/test
              Contains the code of the tests performed by ZoneCheck.

       /usr/local/libexec/zc/locale
              Contains the different translations.

       /usr/local/libexec/zc/www
              Contains a website sample for the web interface.

EXAMPLES

       Test  the  domain_name  with IPv6 only connectivity, print a summary information about the
       tested domain as well as explanations and details of failed tests.
              zonecheck -6 --verbose=i,x,d domain_name

       Ask for the 'error' message associated with the test 'soa'.
              zonecheck --testdesc error -T soa

       Only print tests which have failed and the result (succeed/failed), this  would  be  ideal
       for giving people, through email fir example, a short description of why their domains are
       not correctly configured.
              zonecheck -q -vn,d,x,f domain_name

       If you want to test your domain, you will certainly like to use these parameters (the  use
       of  IPv4 only as been forced because now people have computer with IPv6 stack but very few
       have the IPv6 connectivity, so autodetection will failed).
              zonecheck -4 -vi,x,d,c domain_name

SEE ALSO

       RFC 1033, RFC 1034, RFC 1035, dig(1)

AUTHORS

       Stephane D'Alu with the help of people working at AFNIC is the author of this version, but
       don't forget also to take a look at the CREDITS file available in the distribution.

HISTORY

       ZoneCheck was initiated and developed by engineers working at NIC France (INRIA's service)
       to check the correct configuration of a zone before delegating a domain  name  under  .fr.
       Its  development  continued  at  AFNIC,  which  took  over the activities of NIC France on
       January 1 1998.

       ZoneCheck-1.* was created in 1995 by Benoit Grange and has been maintained  by  him  until
       1997.  The prototype was a script using the dig command, which evolved into a perl program
       based on the DNS resolver Resolv5. Vincent Gillet maintained the programme in  1998.  This
       task has been taken over by Erwan Mas and Philippe Lubrano from 1998 until now.

       ZoneCheck-2.* is a rewrite from scratch done in ruby at the end of 2002 by Stephane D'Alu,
       so as to create a modular and extensible version. And is the current version of ZoneCheck.

BUGS

       Please send problems, bugs, questions, desirable enhancements, source code  contributions,
       by using the interface provided by:

              http://savannah.nongnu.org/projects/zonecheck

       You can also consult the ZoneCheck homepage for more information:

              http://www.zonecheck.fr/

                                         26 January 2003                             ZONECHECK(1)