Network
named-checkzone
Check BIND DNS zone file syntax and validity.
dnsbindzonevalidatenamed
Additional Notes
named-checkzone validates the syntax and consistency of BIND DNS zone files. It checks for correct resource record formatting, valid domain names, proper TTL values, serial number issues, and referential integrity (e.g., that NS records point to valid A records).
It is an essential tool before reloading a zone in a production BIND nameserver. Running named-checkzone on a zone file catches syntax errors that would otherwise cause the zone to fail to load, potentially disrupting DNS service.
Syntax
named-checkzone [options] zone-name zone-file
Parameters
zone-name: The DNS zone name (e.g.,example.com).zone-file: The path to the zone file to check.
Common Options
-q: Quiet mode; only output error messages.-v: Verbose output showing records being checked.-d: Enable debugging output.-D: Detailed debugging.-c class: Specify the DNS class (INfor internet, default).-j: Use journal file if present.-k mode: Check for DNSSEC key coverage.-L serial: Override the serial number found in the zone.-m mode: Set the check mode for MX records (ignore,warn,fail).-M mode: Set the check mode for name server (NS) records.-S mode: Set the check mode for stability.-t dir: Chroot directory to prepend to file paths.-w dir: Directory path for$INCLUDEfiles.-s: Check Sender Policy Framework (SPF) records.-l: List zones that need to be checked (BIND 9.18+).-o file: Write the optimized zone file to the specified file.
Examples
named-checkzone example.com /var/named/example.com.zone
Check the zone file for example.com.
named-checkzone -q example.com /var/named/example.com.zone
Quiet mode; report only errors.
named-checkzone -s example.com /var/named/example.com.zone
Include SPF record validation.
named-checkzone -o /tmp/example-optimized.zone example.com /var/named/example.com.zone
Check and write an optimized version of the zone file.
Practical Notes
- Always run
named-checkzoneafter editing a zone file and before reloading the nameserver. - The serial number should be incremented each time the zone file is modified;
named-checkzonewill warn if it has not changed. - Common errors include missing trailing dots on FQDNs, incorrect TTL values, and unbalanced parentheses.
- For reverse DNS zones, the zone name is the reverse IP range (e.g.,
1.168.192.in-addr.arpa).