Penguin
Annotated edit history of zone(1) version 1, including all changes. View license author blame.
Rev Author # Line
1 perry 1 host
2 !!!host
3 NAME
4 SYNOPSIS
5 OPTION SYNTAX
6 DESCRIPTION
7 ARGUMENTS
8 QUERYTYPES
9 EXAMPLES
10 DIAGNOSTICS
11 EXIT STATUS
12 ENVIRONMENT
13 SPECIAL CONSIDERATIONS
14 RELATED DOCUMENTATION
15 AUTHOR
16 SEE ALSO
17 ----
18 !!NAME
19
20
21 host - query nameserver about domain names and zones
22 !!SYNOPSIS
23
24
25 __host__ [[__-v__] [[__-a__] [[__-t__ ''querytype''] [[''options''] '' name'' [[''server'']
26 __host__ [[__-v__] [[__-a__] [[__-t__ ''querytype''] [[''options''] __ -l__ ''zone'' [[''server'']
27 __host__ [[__-v__] [[''options''] __-H__ [[__-D__] [[__-E__] [[__-G__] ''zone
28 ''__host__ [[__-v__] [[''options''] __-C__ ''zone
29 ''__host__ [[__-v__] [[''options''] __-A__ ''host
30 ''__host__ [[''options''] __-x__ [[''name'' ...]
31 __host__ [[''options''] __-X__ ''server'' [[''name'' ...]
32 !!OPTION SYNTAX
33
34
35 Besides the traditional short options (one letter with
36 single dash, and an optional value as separate argument),
37 there are now also long options in the format
38 __--keyword__[[=''value'']. Many (but not all) short
39 options have a long equivalent. There are several long
40 options without a short equivalent. The long options are not
41 yet documented in this manual page, but a summary of the
42 existing long options, and the mapping to their short
43 alternative, is available via the command __host
44 --help__.
45 !!DESCRIPTION
46
47
48 ''host'' looks for information about Internet hosts and
49 domain names. It gets this information from a set of
50 interconnected servers that are spread across the world. The
51 information is stored in the form of
52 ''
53
54
55 By default, the program simply converts between host names
56 and Internet addresses. However, with the __-t__,
57 __-a__ and __-v__ options, it can be used to find all
58 of the information about domain names that is maintained by
59 the domain nameserver system. The information printed
60 consists of various fields of the associated resource
61 records that were retrieved.
62
63
64 The arguments can be either host names (domain names) or
65 numeric Internet addresses.
66
67
68 A numeric Internet address consists of four decimal numbers
69 separated by dots, e.g. __192.16.199.1__, representing
70 the four bytes of the 32-bit address.
71 The default action is to look up the associated host
72 name.
73
74
75 A host name or domain name consists of component names
76 (labels) separated by dots, e.g.
77 __nikhefh.nikhef.nl__
78 The default action is to look up all of its Internet
79 addresses.
80
81
82 For single names without a trailing dot, the local domain is
83 automatically tacked on the end. Thus a user in domain
84
85
86 Note that the usual lookup convention for any name that does
87 not end with a trailing dot is to try first with the local
88 domain appended, and possibly other search domains. (As of
89 BIND 4.9, names that have embedded dots but no trailing dot
90 are first tried ``as is'' before appending search domains)
91 This convention is not used by this program.
92
93
94 The actual suffix to tack on the end is usually the local
95 domain as specified in the __/etc/resolv.conf__ file, but
96 this can be overridden. See below for a description of how
97 to customize the host name lookup.
98 !!ARGUMENTS
99
100
101 The first argument is normally the host name (domain name)
102 for which you want to look up the requested information. If
103 the first argument is an Internet address, a query is done
104 on the special
105
106
107 If the __-l__ option is given, the first argument is a
108 domain zone name for which a complete listing is given. The
109 program enters a special zone listing mode which has several
110 variants (see below).
111
112
113 The second argument is optional. It allows you to specify a
114 particular server to query. If you don't specify this
115 argument, default servers are used, as defined by the
116 __/etc/resolv.conf__ file.
117
118
119 __EXTENDED SYNTAX__
120
121
122 If the __-x__ option is given, it extends the syntax in
123 the sense that multiple arguments are allowed on the command
124 line. An optional explicit server must now be specified
125 using the __-X__ option as it cannot be given as an
126 ordinary argument any more. The __-X__ option implies
127 __-x__.
128
129
130 The extended syntax allows no arguments at all, in which
131 case the arguments will be read from standard input. This
132 can be a pipe, redirection from a file, or an interactive
133 terminal. Note that these arguments are the names to be
134 queried, and not command options. Everything that appears
135 after a '#' or ';' on an input line will be skipped.
136 Multiple arguments per line are allowed.
137
138
139 __OPTIONS__
140
141
142 There are a number of options that can be used before the
143 specified arguments. Some of these options are meaningful
144 only to the people who maintain the domain database zones.
145 The first options are the regularly used ones.
146
147
148 __-v__
149
150
151 causes printout to be in a
152 -vv__ is
153 __
154
155
156 __-t__ ''querytype''
157
158
159 allows you to specify a particular type of resource record
160 information to be looked up. Supported types are listed
161 below. The wildcard may be written as either __ANY__ or
162 __*__. Types may be given in upper or lower case. The
163 default is type __A__ for regular lookups, and __A__,
164 __NS__, and __PTR__ for zone listings.
165
166
167 __-a__
168
169
170 is equivalent to __-t ANY__. Note that this gives you
171 __
172
173
174 __SPECIAL MODES__
175
176
177 The following options put the program in a special
178 mode.
179
180
181 __-l__ ''zone''
182
183
184 generates the listing of an entire zone.
185
186
187 E.g. the command__
188 host -l nikhef.nl__
189 will give a listing of all hosts in the
190 -t__ option is used to
191 filter what information is extracted, as you would expect.
192 The default is address information from A records,
193 supplemented with data from PTR and NS records.
194
195
196 The command__
197 host -Z -a -l nikhef.nl__
198 will give a complete download of the zone data for
199
200
201 __-H__
202
203
204 can be specified instead of the __-l__ option. It will
205 print the count of the unique hostnames (names with an A
206 record) encountered within the zone. It will not count
207 pseudo names like
208 __
209
210
211 By default, this option will not print any resource
212 records.
213
214
215 Combined with the __-S__ option, it will give a complete
216 statistics survey of the zone.
217
218
219 The host count may be affected by duplicate hosts (see
220 below). To compute the most realistic value, subtract the
221 duplicate host count from the total host count.
222
223
224 __-G__
225
226
227 implies __-H__, but lists the names of gateway hosts.
228 These are the hosts that have more than one address. Gateway
229 hosts are not checked for duplicate addresses.
230
231
232 __-E__
233
234
235 implies __-H__, but lists the names of extrazone hosts.
236 An extrazone host in zone
237 __
238
239
240 __-D__
241
242
243 implies __-H__, but lists the names of duplicate hosts.
244 These are hosts with only one address, which is known to
245 have been defined also for another host with a different
246 name, possibly even in a different zone. This may be
247 intentional, but also may be an error.
248
249
250 __-C__
251
252
253 can be specified instead of the __-l__ option. It causes
254 the SOA records for the specified zone to be compared as
255 found at each of the authoritative nameservers for the zone
256 (as listed in the NS records). Nameserver recursion is
257 turned off, and it will be checked whether the answers are
258 really authoritative. If a server cannot provide an
259 authoritative SOA record, a lame delegation of the zone to
260 that server is reported. Discrepancies between the records
261 are reported. Various sanity checks are
262 performed.
263
264
265 __-A__
266
267
268 enters a special address check mode.
269
270
271 If the first argument is a host name, its addresses will be
272 retrieved, and for each of the addresses it will be checked
273 whether they map back to the given host.
274
275
276 If the first argument is a dotted quad Internet address, its
277 name will be retrieved, and it will be checked whether the
278 given address is listed among the known addresses belonging
279 to that host.
280
281
282 If the __-A__ flag is specified along with any zone
283 listing option, a reverse lookup of the address in each
284 encountered A record is performed, and it is checked whether
285 it is registered and maps back to the name of the A record.
286 This applies to forward zones. For reverse in-addr.arpa
287 zones, it is checked whether the target in PTR records maps
288 to a canonical host name.
289
290
291 __LISTING OPTIONS__
292
293
294 The following options apply only to the special zone listing
295 modes.
296
297
298 __-L__ ''level''
299
300
301 Recursively generate zone listings up to this level deep.
302 Level 1 traverses the parent zone and all of its delegated
303 zones. Each additional level descends into another layer of
304 delegated zones.
305
306
307 __-S__
308
309
310 prints statistics about the various types of resource
311 records found during zone listings, the number of various
312 host classifications, the number of delegated zones, and
313 some total statistics after recursive listings.
314
315
316 __-p__
317
318
319 causes only the primary nameserver of a zone to be contacted
320 for zone transfers during zone listings. Normally, zone
321 transfers are obtained from any one of the authoritative
322 servers that responds. The primary nameserver is obtained
323 from the SOA record of the zone. If a specific server is
324 given on the command line, this option will query that
325 server for the desired nameservers of the zone. This can be
326 used for testing purposes in case the zone has not been
327 registered yet.
328
329
330 __-P__ ''prefserver''
331
332
333 gives priority for zone transfers to preferred servers
334 residing in domains given by the comma-separated list
335 ''prefserver''. The more domain component labels match,
336 the higher the priority. If this option is not present,
337 priority is given to servers within your own domain or
338 parent domains. The order in which NS records are issued may
339 be unfavorable if they are subject to BIND 4.9 round-robin
340 reshuffling.
341
342
343 __-N__ ''skipzone''
344
345
346 prohibits zone transfers for the zones given by the
347 comma-separated list ''skipzone''. This may be used
348 during recursive zone listings when certain zones are known
349 to contain bogus information which should be excluded from
350 further processing.
351
352
353 __COMMON OPTIONS__
354
355
356 The following options can be used in both normal mode and
357 domain listing mode.
358
359
360 __-d__
361
362
363 turns on debugging. Nameserver transactions are shown in
364 detail. Note that __-dd__ prints even more debugging
365 output.
366
367
368 __-f__ ''filename''
369
370
371 writes the resource record output to the given logfile as
372 well as to standard output.
373
374
375 __-F__ ''filename''
376
377
378 same as __-f__, but exchange the role of stdout and
379 logfile. All stdout output (including verbose and debug
380 printout) goes to the logfile, and stdout gets only the
381 extra resource record output (so that it can be used in
382 pipes).
383
384
385 __-I__ ''chars''
386
387
388 suppresses warning messages about illegal domain names
389 containing invalid characters, by specifying such characters
390 in the string ''chars''. The underscore is a good
391 candidate.
392
393
394 __-i__
395
396
397 constructs a query for the
398 in-addr.arpa__ domain in case a numeric (dotted quad)
399 address was specified. Useful primarily for zone listing
400 mode, since for numeric regular lookups such query is done
401 anyway (but with -i you see the actual PTR resource record
402 outcome).
403
404
405 __-n__
406
407
408 constructs a query for the
409 nsap.int__ domain in case an nsap address was
410 specified. This can be used to look up the names associated
411 with nsap addresses, or to list reverse nsap zones. An nsap
412 address consists of an even number of hexadecimal digits,
413 with a maximum of 40, optionally separated by interspersed
414 dots. An optional prefix
415 __-Z__ option forces the output to be in the official
416 zone file format.
417
418
419 __-q__
420
421
422 be quiet and suppress various warning messages (the ones
423 preceded by
424
425
426 __-Q__
427
428
429 selects quick mode, in which several potentially time
430 consuming special checks are not carried out, and statistics
431 gathering is skipped if not explicitly
432 selected.
433
434
435 __-T__
436
437
438 prints the time-to-live values during non-verbose output. By
439 default the ttl is shown only in verbose mode.
440
441
442 __-Z__
443
444
445 prints the selected resource record output in full zone file
446 format, including trailing dot in domain names, plus ttl
447 value and class name.
448
449
450 __OTHER OPTIONS__
451
452
453 The following options are used only in special
454 circumstances.
455
456
457 __-c__ ''class''
458
459
460 allows you to specify a particular resource record class.
461 Supported are __IN__, __INTERNET__, __CS__,
462 __CSNET__, __CH__, __CHAOS__, __HS__,
463 __HESIOD__, and the wildcard __ANY__ or __*__. The
464 default class is __IN__.
465
466
467 __-e__
468
469
470 excludes information about names that are not residing
471 within the given zone during zone listings, such as some
472 glue records. For regular queries, it suppresses the
473 printing of the
474
475
476 __-m__
477
478
479 is equivalent to __-t MAILB__, which filters any of types
480 __MB__, __MR__, __MG__, or __MINFO__. In
481 addition, __MR__ and __MG__ records will be
482 recursively expanded into __MB__ records.
483
484
485 __-o__
486
487
488 suppresses the resource record output to stdout. Can be used
489 in combination with the __-f__ option to separate the
490 resource record output from verbose and debug comments and
491 error messages.
492
493
494 __-r__
495
496
497 causes nameserver recursion to be turned off in the request.
498 This means that the contacted nameserver will return only
499 data it has currently cached in its own database. It will
500 not ask other servers to retrieve the information. Note that
501 nameserver recursion is always turned off when checking SOA
502 records using the __-C__ option. Authoritative servers
503 should have all relevant information available.
504
505
506 __-R__
507
508
509 Normally querynames are assumed to be fully qualified and
510 are tried as such, unless it is a single name, which is
511 always tried (and only once) in the default domain. This
512 option simulates the default BIND behavior by qualifying any
513 specified name by repeatedly adding search domains, with the
514 exception that the search terminates immediately if the name
515 exists but does not have the desired querytype. The default
516 search domains are constructed from the default domain by
517 repeatedly peeling off the first component, until a final
518 domain with only one dot remains.
519
520
521 __-s__ ''seconds''
522
523
524 specifies a new nameserver timeout value. The program will
525 wait for a nameserver reply in two attempts of this number
526 of seconds. Normally it does 2 attempts of 5 seconds per
527 nameserver address tried. The actual timeout algorithm is
528 slightly more complicated, extending the timeout value
529 dynamically depending on the number of tries and the number
530 of nameserver addresses.
531
532
533 __-u__
534
535
536 forces the use of virtual circuits (TCP) instead of
537 datagrams (UDP) when issuing nameserver queries. This is
538 slower, but potentially more reliable. Note that a virtual
539 circuit is automatically chosen in case a query exceeds the
540 maximum datagram packet size. Also if a datagram answer
541 turns out to be truncated, the query is retried using
542 virtual circuit. A zone transfer is always done via a
543 virtual circuit.
544
545
546 __-w__
547
548
549 causes the program to retry forever if the response to a
550 regular query times out. Normally it will time out after
551 some 10 seconds per nameserver address tried.
552
553
554 __-V__
555
556
557 prints just the version number of the __host__ program,
558 and exits.
559
560
561 __SPECIAL OPTIONS__
562
563
564 The following options are used only in special
565 circumstances.
566
567
568 __-O__ ''srcaddr''
569
570
571 Define an explicit source IP address for sending nameserver
572 queries. This may be necessary for multi-homed hosts with
573 asymmetric routing policy.
574
575
576 __-j__ ''minport'' __-J__
577 ''maxport''
578
579
580 Define a range of explicit port numbers to be assigned to
581 the source IP address of the client socket for sending the
582 nameserver queries and receiving the replies. Normally the
583 kernel chooses a random free port number. This may be an
584 inappropriate number if you are behind a firewall that
585 filters random port numbers on incoming traffic.
586 If only one of __-j__ or __-J__ is given, a single
587 explicit port number is defined. This is ok for UDP queries,
588 but may not be sufficient for TCP queries.
589
590
591 __DEFAULT OPTIONS__
592
593
594 Default options and parameters can be preset in an
595 environment variable __HOST_DEFAULTS__ using the same
596 syntax as on the command line. They will be evaluated before
597 the command line arguments.
598 !!QUERYTYPES
599
600
601 The following querytypes (resource record types) are
602 supported. Indicated within parentheses are the various
603 kinds of data fields.
604
605
606 __A__ Host address (dotted quad)
607
608
609 __NS__ Authoritative nameserver (domain
610 name)
611
612
613 __MD__ Mail destination (domain name)
614
615
616 __MF__ Mail forwarder (domain name)
617
618
619 __CNAME__
620
621
622 Canonical name for an alias (domain name)
623
624
625 __SOA__
626
627
628 Marks the start of a zone of authority (domain name of
629 primary, domain name of hostmaster, serial, refresh, retry,
630 expiration, default ttl)
631
632
633 __MB__ Mailbox domain name (domain name)
634
635
636 __MG__ Mail group member (domain name)
637
638
639 __MR__ Mail rename domain name (domain name)
640
641
642 __NULL__
643
644
645 Null resource record (no format or data)
646
647
648 __WKS__
649
650
651 Well-known service description (dotted quad, protocol name,
652 list of services)
653
654
655 __PTR__
656
657
658 Domain name pointer (domain name)
659
660
661 __HINFO__
662
663
664 Host information (CPU type string, OS type
665 string)
666
667
668 __MINFO__
669
670
671 Mailbox or mail list information (request domain name, error
672 domain name)
673
674
675 __MX__ Mail exchanger (preference value, domain
676 name)
677
678
679 __TXT__
680
681
682 Descriptive text (one or more strings)
683
684
685 __UINFO__
686
687
688 User information (string)
689
690
691 __UID__
692
693
694 User identification (number)
695
696
697 __GID__
698
699
700 Group identification (number)
701
702
703 __UNSPEC__
704
705
706 Unspecified binary data (data)
707
708
709 __ANY__
710
711
712 Matches information of any type available.
713
714
715 __MAILB__
716
717
718 Matches any of types __MB__, __MR__, __MG__, or
719 __MINFO__.
720
721
722 __MAILA__
723
724
725 Matches any of types __MD__, or __MF__.
726
727
728 The following types have been defined in RFC 1183, but are
729 not yet in general use. They are recognized by this
730 program.
731
732
733 __RP__ Responsible person (domain name for MB, domain
734 name for TXT)
735
736
737 __AFSDB__
738
739
740 AFS database location (type, domain name)
741
742
743 __X25__
744
745
746 X25 address (address string)
747
748
749 __ISDN__
750
751
752 ISDN address (address string, optional subaddress
753 string)
754
755
756 __RT__ Route through host (preference value, domain
757 name)
758
759
760 The following types have been defined in RFC 1348, but are
761 not yet in general use. They are recognized by this program.
762 RFC 1348 has already been obsoleted by RFC 1637 and RFC
763 1706, which defines a new experimental usage of NSAP
764 records. This program has now hooks to manipulate
765 them.
766
767
768 __NSAP__
769
770
771 NSAP address (encoded address)
772
773
774 __NSAP-PTR__
775
776
777 NSAP pointer (domain name)
778
779
780 The following are new types as per RFC 1664 and RFC 1712.
781 Note that the GPOS type has been withdrawn already, and has
782 been superseded by the LOC type.
783
784
785 __PX__ X400 to RFC822 mapping (preference value, rfc822
786 domain, x400 domain)
787
788
789 __GPOS__
790
791
792 Geographical position (longitude string, latitude string,
793 altitude string)
794
795
796 The following types have been reserved in RFC 1700, and are
797 defined in RFC 2065 and revised per RFC 2035.
798
799
800 __SIG__
801
802
803 Security signature
804
805
806 __KEY__
807
808
809 Security key
810
811
812 __NXT__
813
814
815 Next valid record
816
817
818 The IP v6 address architecture and DNS extensions are
819 defined in RFC 1884 and RFC 1886.
820
821
822 __AAAA__
823
824
825 IP v6 address (address spec with colons)
826
827
828 The following type is documented in RFC 1876.
829
830
831 __LOC__
832
833
834 Geographical location (latitude, longitude, altitude,
835 precision)
836
837
838 The following types have been proposed, but are still in
839 draft.
840
841
842 __EID__
843
844
845 Endpoint identifier
846
847
848 __NIMLOC__
849
850
851 Nimrod locator
852
853
854 __ATMA__
855
856
857 ATM address
858
859
860 The following type is defined per RFC 2168.
861
862
863 __NAPTR__
864
865
866 Naming authority URN
867
868
869 The following type is proposed in RFC 2052, updated by RFC
870 2782.
871
872
873 __SRV__
874
875
876 Internet service information
877
878
879 The following type is proposed in RFC 2230.
880
881
882 __KX__ Key exchanger (preference value, domain
883 name)
884
885
886 The following type is defined in RFC 2538.
887
888
889 __CERT__
890
891
892 The following types have been proposed, but are still in
893 draft.
894
895
896 __A6__
897
898
899 __DNAME__
900
901
902 __SINK__
903
904
905 The following type is defined in RFC 2671.
906
907
908 __OPT__
909 !!EXAMPLES
910
911
912 A very good summary and validation of an entire zone can be
913 obtained with the following command:
914
915
916 __host -G -S -C -A -L 1__ ''zone''
917 !!DIAGNOSTICS
918
919
920 __FAILURE MESSAGES__
921
922
923 The following messages are printed to show the reason of
924 failure for a particular query. The name of an explicit
925 server, if specified, may be included. If a special class
926 was requested, it is also shown.
927
928
929 Nameserver [[''server''] not running
930
931
932 The contacted server host does not have a nameserver
933 running.
934
935
936 Nameserver [[''server''] not responding
937
938
939 The nameserver at the contacted server host did not give a
940 reply within the specified time frame.
941
942
943 Nameserver [[''server''] not reachable
944
945
946 The network route to the intended server host is
947 blocked.
948
949
950 ''name'' does not exist [[at ''server''] (Authoritative
951 answer)
952
953
954 The queryname does definitely not exist at all.
955
956
957 ''name'' does not exist [[at ''server''], try
958 again
959
960
961 The queryname does not exist, but the answer was not
962 authoritative, so it is still undecided.
963
964
965 ''name'' has no ''type'' record [[at ''server'']
966 (Authoritative answer)
967
968
969 The queryname is valid, but the specified type does not
970 exist. This status is here returned only in case
971 authoritative.
972
973
974 ''name type'' record currently not present [[at
975 ''server'']
976
977
978 The specified type does not exist, but we don't know whether
979 the queryname is valid or not. The answer was not
980 authoritative. Perhaps recursion was off, and no data was
981 cached locally.
982
983
984 ''name type'' record not found [[at ''server''], try
985 again
986
987
988 Some intermediate failure, e.g. timeout reaching a
989 nameserver.
990
991
992 ''name type'' record not found [[at ''server''], server
993 failure
994
995
996 Some explicit nameserver failure to process the query, due
997 to internal or forwarding errors. This may also be returned
998 if the zone data has expired at a secondary server, of when
999 the server is not authoritative for some class.
1000
1001
1002 ''name type'' record not found [[at ''server''], no
1003 recovery
1004
1005
1006 Some irrecoverable format error, or server
1007 refusal.
1008
1009
1010 ''name type'' record query refused [[by
1011 ''server'']
1012
1013
1014 The contacted nameserver explicitly refused to answer the
1015 query. Some nameservers are configured to refuse zone
1016 transfer requests that come from arbitrary
1017 clients.
1018
1019
1020 ''name type'' record not found [[at
1021 ''server'']
1022
1023
1024 The exact reason for failure could not be determined. (This
1025 should not happen).
1026
1027
1028 ''zone'' has lame delegation to
1029 ''server''
1030
1031
1032 If we query a supposedly authoritative nameserver for the
1033 SOA record of a zone, the information should be available
1034 and the answer should be authoritative. If not, a lame
1035 delegation is flagged. This is also done if the server turns
1036 out not to exist at all. Ditto if we ask for a zone transfer
1037 and the server cannot provide it.
1038
1039
1040 No nameservers for ''zone'' found
1041
1042
1043 It was not possible to retrieve the name of any nameserver
1044 for the desired zone, in order to do a zone
1045 transfer.
1046
1047
1048 No addresses of nameservers for ''zone''
1049 found
1050
1051
1052 We got some nameserver names, but it was not possible to
1053 retrieve addresses for any of them.
1054
1055
1056 No nameservers for ''zone'' responded
1057
1058
1059 When trying all nameservers in succession to do a zone
1060 transfer, none of them were able or willing to provide
1061 it.
1062
1063
1064 __WARNING AND ERROR MESSAGES__
1065
1066
1067 Miscellaneous warning messages may be generated. They are
1068 preceded by
1069
1070
1071 Error messages are preceded by
1072
1073
1074 ''zone'' has only one nameserver
1075 ''server''
1076
1077
1078 When retrieving the nameservers for a zone, it appears that
1079 only one single nameserver exists. This is against the
1080 recommendations.
1081
1082
1083 ''zone'' nameserver ''server'' is not canonical
1084 (''realserver'')
1085
1086
1087 When retrieving the nameservers for a zone, the name of the
1088 specified server appears not to be canonical. This may cause
1089 serious operational problems. The canonical name is given
1090 between parentheses.
1091
1092
1093 empty zone transfer for ''zone'' from
1094 ''server''
1095
1096
1097 The zone transfer from the specified server contained no
1098 data, perhaps only the SOA record. This could happen if we
1099 query the victim of a lame delegation which happens to have
1100 the SOA record in its cache.
1101
1102
1103 extraneous NS record for ''name'' within ''zone'' from
1104 ''server''
1105
1106
1107 During a zone transfer, an NS record appears for a name
1108 which is not a delegated subzone of the current
1109 zone.
1110
1111
1112 extraneous SOA record for ''name'' within ''zone''
1113 from ''server''
1114
1115
1116 During a zone transfer, an SOA record appears for a name
1117 which is not the name of the current zone.
1118
1119
1120 extraneous glue record for ''name'' within ''zone''
1121 from ''server''
1122
1123
1124 During a zone transfer, a glue record is included for a name
1125 which is not part of the zone or its delegated subzones.
1126 This is done in some older versions of BIND. It is
1127 undesirable since unauthoritative, or even incorrect,
1128 information may be propagated.
1129
1130
1131 incomplete ''type'' record for ''name''
1132
1133
1134 When decoding the resource record data from the answer to a
1135 query, not all required data fields were present. This is
1136 frequently the case for HINFO records of which only one of
1137 the two data field is encoded.
1138
1139
1140 ''name'' has both NS and A records within ''zone''
1141 from ''server''
1142
1143
1144 An A record has been defined for the delegated zone
1145 ''name''. This is signalled only during the transfer of
1146 the parent ''zone''. It is not an error, but the overall
1147 hostcount may be wrong, since the A record is counted as a
1148 host in the parent zone. This A record is not included in
1149 the hostcount of the delegated zone.
1150
1151
1152 ''name type'' record has zero ttl
1153
1154
1155 Resource records with a zero ttl value are special. They are
1156 not cached after retrieval from an authoritative
1157 nameserver.
1158
1159
1160 ''name type'' records have different ttl within
1161 ''zone'' from ''server''
1162
1163
1164 Resource records of the same name/type/class should have the
1165 same ttl value in zone listings. This is sometimes not the
1166 case, due to the independent definition of glue records or
1167 other information in the parent zone, which is not kept in
1168 sync with the definition in the delegated zone.
1169
1170
1171 ''name type'' record has illegal name
1172
1173
1174 The name of an A or MX record contains invalid characters.
1175 Only alphanumeric characters and hyphen '-' are valid in
1176 components (labels) between dots.
1177
1178
1179 ''name type'' host ''server'' has illegal
1180 name
1181
1182
1183 The name of an NS or MX target host contains invalid
1184 characters. Only alphanumeric characters and hyphen '-' are
1185 valid in components (labels) between dots.
1186
1187
1188 ''name type'' host ''server'' does not
1189 exist
1190
1191
1192 The NS or MX target host ''server'' does not exist at
1193 all. In case of NS, a lame delegation of ''name'' to
1194 ''server'' is flagged. It also applies to the PTR target
1195 host in reverse zones.
1196
1197
1198 ''name type'' host ''server'' has no A
1199 record
1200
1201
1202 The NS or MX target host ''server'' has no address. In
1203 case of NS, a lame delegation of ''name'' to
1204 ''server'' is flagged. It also applies to the PTR target
1205 host in reverse zones.
1206
1207
1208 ''name type'' host ''server'' is not
1209 canonical
1210
1211
1212 The NS or MX target host ''server'' is not a canonical
1213 name. This may cause serious operational problems during
1214 domain data retrieval, or electronic mail delivery. It also
1215 applies to the PTR target host in reverse
1216 zones.
1217
1218
1219 ''name type'' target ''domain'' does not
1220 exist
1221
1222
1223 The CNAME target ''domain'' does not exist at
1224 all.
1225
1226
1227 ''name type'' target ''domain'' has no ANY
1228 record
1229
1230
1231 The CNAME target ''domain'' does not seem to have any
1232 associated resource record, although the name seems to
1233 exist.
1234
1235
1236 ''name'' address ''A.B.C.D'' is not
1237 registered
1238
1239
1240 The reverse lookup of the address of an A record failed in
1241 an authoritative fashion. It was not present in the
1242 corresponding in-addr.arpa zone.
1243
1244
1245 ''name'' address ''A.B.C.D'' maps to
1246 ''realname''
1247
1248
1249 The reverse lookup of the address of an A record succeeded,
1250 but it did not map back to the name of the A record. There
1251 may be A records with different names for the same address.
1252 In the reverse in-addr.arpa zone there is usually only one
1253 PTR to the ``official'' host name.
1254
1255
1256 ''name'' address ''A.B.C.D'' maps to alias
1257 ''aliasname''
1258
1259
1260 In case of multiple PTR records, the first one encountered
1261 points to the ``official'' host name. Subsequent ones are
1262 returned as alias names via gethostbyaddr() as of BIND 4.9.
1263 Note that PTR records are exempt from round-robin
1264 reshuffling.
1265
1266
1267 ''zone'' SOA record at ''server'' is not
1268 authoritative
1269
1270
1271 When checking the SOA for a zone at one of its supposedly
1272 authoritative nameservers, the SOA information turns out to
1273 be not authoritative. This could be determined by making a
1274 query without nameserver recursion turned on.
1275
1276
1277 ''zone'' SOA primary ''server'' is not advertised via
1278 NS
1279
1280
1281 The primary nameserver is not among the list of nameservers
1282 retrieved via NS records for the zone. This is not an error
1283 per se, since only publicly accessible nameservers may be
1284 advertised, and others may be behind a
1285 firewall.
1286
1287
1288 ''zone'' SOA primary ''server'' has illegal
1289 name
1290
1291
1292 The name of the primary nameserver contains invalid
1293 characters.
1294
1295
1296 ''zone'' SOA hostmaster ''mailbox'' has illegal
1297 mailbox
1298
1299
1300 The name of the hostmaster mailbox contains invalid
1301 characters. A common mistake is to use an RFC822 email
1302 address with a ``@'', whereas the at-sign should have been
1303 replaced with a dot.
1304
1305
1306 ''zone'' SOA serial has high bit set
1307
1308
1309 Although the serial number is an unsigned 32-bit value,
1310 overflow into the high bit can inadvertently occur by making
1311 inappropriate use of the dotted decimal notation in the zone
1312 file. This may lead to synchronization failures between
1313 primary and secondary servers.
1314
1315
1316 ''zone'' SOA retry exceeds refresh
1317
1318
1319 A failing refresh would be retried after it is time for the
1320 next refresh.
1321
1322
1323 ''zone'' SOA refresh+retry exceeds expire
1324
1325
1326 The retry after a failing refresh would be done after the
1327 data has already expired.
1328
1329
1330 ''zone'' SOA expire is less than 1 week
1331
1332
1333 The authoritative data at secondary servers expires after
1334 only one week of failing refresh attempts. This is probably
1335 a little too early under normal circumstances.
1336
1337
1338 ''zone'' SOA expire is more than 6 months
1339
1340
1341 Secondary servers will retry failing refresh attempts for a
1342 period of more than 6 months before their authoritative data
1343 expires. As BIND 8 concludes: war must have broken
1344 out.
1345
1346
1347 ''server1'' and ''server2'' have different primary for
1348 ''zone''
1349
1350
1351 If the SOA record is different, the zone data is probably
1352 different as well. What you get depends on which server you
1353 happen to query.
1354
1355
1356 ''server1'' and ''server2'' have different hostmaster
1357 for ''zone''
1358
1359
1360 If the SOA record is different, the zone data is probably
1361 different as well. What you get depends on which server you
1362 happen to query.
1363
1364
1365 ''server1'' and ''server2'' have different serial for
1366 ''zone''
1367
1368
1369 This is usually not an error, but happens during the period
1370 after the primary server has updated its zone data, but
1371 before a secondary performed a refresh. Nevertheless there
1372 could be an error if a mistake has been made in properly
1373 adapting the serial number.
1374
1375
1376 ''server1'' and ''server2'' have different refresh for
1377 ''zone''
1378
1379
1380 If the SOA record is different, the zone data is probably
1381 different as well. What you get depends on which server you
1382 happen to query.
1383
1384
1385 ''server1'' and ''server2'' have different retry for
1386 ''zone''
1387
1388
1389 If the SOA record is different, the zone data is probably
1390 different as well. What you get depends on which server you
1391 happen to query.
1392
1393
1394 ''server1'' and ''server2'' have different expire for
1395 ''zone''
1396
1397
1398 If the SOA record is different, the zone data is probably
1399 different as well. What you get depends on which server you
1400 happen to query.
1401
1402
1403 ''server1'' and ''server2'' have different defttl for
1404 ''zone''
1405
1406
1407 If the SOA record is different, the zone data is probably
1408 different as well. What you get depends on which server you
1409 happen to query.
1410 !!EXIT STATUS
1411
1412
1413 The program returns a zero exit status if the requested
1414 information could be retrieved successfully, or in case zone
1415 listings or SOA checks were performed without any serious
1416 error. Otherwise it returns a non-zero exit
1417 status.
1418 !!ENVIRONMENT
1419
1420
1421 __CUSTOMIZING HOST NAME LOOKUP__
1422
1423
1424 In general, if the name supplied by the user does not have
1425 any dots in it, a default domain is appended to the end.
1426 This domain is usually defined in the
1427 __/etc/resolv.conf__ file. If not, it is derived by
1428 taking the local hostname and taking everything after its
1429 first dot.
1430
1431
1432 The user can override this, and specify a different default
1433 domain, by defining it in the environment variable
1434 ''LOCALDOMAIN''.
1435
1436
1437 In addition, the user can supply his own single-word
1438 abbreviations for host names. They should be in a file
1439 consisting of one line per abbreviation. Each line contains
1440 an abbreviation, white space, and then the fully qualified
1441 host name. The name of this file must be specified in the
1442 environment variable ''HOSTALIASES''.
1443 !!SPECIAL CONSIDERATIONS
1444
1445
1446 The complete set of resource record information for a domain
1447 name is available from an authoritative nameserver only.
1448 Therefore, if you query another server with the
1449
1450
1451 When listing a zone with the
1452 !!RELATED DOCUMENTATION
1453
1454
1455 rfc819, Domain naming convention for internet
1456 applications
1457 rfc883, Domain names - implementation and specification
1458 rfc920, Domain requirements
1459 rfc952, DOD Internet host table specification
1460 rfc974, Mail routing and the domain system
1461 rfc1032, Domain administrators guide
1462 rfc1033, Domain administrators operations guide
1463 rfc1034, Domain names - concepts and facilities
1464 rfc1035, Domain names - implementation and specification
1465 rfc1101, DNS encoding of network names and other types
1466 rfc1122, Requirements for Internet hosts - comm. layers
1467 rfc1123, Requirements for Internet hosts - application
1468 rfc1183, New DNS RR definitions
1469 rfc1348, DNS NSAP RRs
1470 rfc1535, A security problem and proposed correction
1471 rfc1536, Common DNS implementation errors
1472 rfc1537, Common DNS data file configuration errors
1473 rfc1591, Domain Name System structure and delegation
1474 rfc1597, Address allocation for private internets
1475 rfc1627, Network 10 considered harmful
1476 rfc1637, DNS NSAP resource records
1477 rfc1664, Using DNS to distribute X.400 address mappings
1478 rfc1700, Assigned numbers
1479 rfc1706, DNS NSAP resource records
1480 rfc1712, DNS encoding of geographical location (GPOS)
1481 rfc1713, Tools for DNS debugging
1482 rfc1794, DNS support for load balancing
1483 rfc1876, Expressing location information in the DNS
1484 (LOC)
1485 rfc1884, IP v6 addressing architecture
1486 rfc1886, DNS extensions to support IP v6 (AAAA)
1487 rfc1912, Common DNS operational and configuration errors
1488 rfc1982, Serial number arithmetic
1489 rfc1995, Incremental zone transfer in DNS (IXFR)
1490 rfc1996, Prompt notification of zone changes
1491 rfc2010, Operational criteria for root nameservers
1492 rfc2052, Specification of location of services (SRV)
1493 rfc2065, DNS security extensions (KEY/SIG/NXT)
1494 rfc2136, Dynamic updates in the DNS
1495 rfc2137, Secure DNS dynamic update
1496 rfc2163, Using DNS to distribute global address mapping
1497 (PX)
1498 rfc2168, Resolution of Uniform Resource Identifiers
1499 (NAPTR)
1500 rfc2181, Clarifications to the DNS specification
1501 rfc2230, Key exchange delegation record for the DNS (KX)
1502 rfc2308, Negative cacheing of DNS queries
1503 rfc2317, Classless in-addr.arpa delegation
1504 rfc2535, DNS security extensions (KEY/SIG/NXT)
1505 rfc2538, Storing certificates in the DNS (CERT)
1506 rfc2541, DNS security operational considerations
1507 rfc2671, Extension mechanisms for DNS (OPT)
1508 rfc2782, Specifying the location of services
1509 (SRV)
1510 !!AUTHOR
1511
1512
1513 This program is originally from Rutgers University.
1514 Rewritten by Eric Wassenaar, NIKHEF,
1515 !!SEE ALSO
1516
1517
1518 named(8), resolv.conf(5), resolver(3)
1519 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.