Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31559 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

nslint(8)						nslint(8)

NAME
       nslint - perform consistency checks on dns files

SYNOPSIS
       nslint [ -d ] [ -b named.boot ] [ -B nslint.boot ]
       nslint [ -d ] [ -c named.conf ] [ -C nslint.conf ]

DESCRIPTION
       Nslint  reads  the nameserver configuration files and per-
       forms a number of consistency checks on the  dns	 records.
       If  any	problems  are discovered, error messages are dis-
       played on stderr and nslint exits with a non-zero  status.

       Here is a short list of errors nslint detects:

	      Records that are malformed.

	      Names  that contain dots but are missing a trailing
	      dot.

	      PTR records with names that are missing a	 trailing
	      dot.

	      Names that contain illegal characters (rfc1034).

	      A records without matching PTR records

	      PTR records without matching A records

	      Names  with  more than one address on the same sub-
	      net.

	      Addresses in use by more than one name.

	      Names with CNAME and other records (rfc1033).

	      Unknown service and/or  protocol	keywords  in  WKS
	      records.

	      Missing quotes.

OPTIONS
       -b     Specify  an  alternate named.boot file. The default
	      is /etc/named.boot.

       -c     Specify an alternate  named.conf	file.  The
	      default is /etc/named.conf.

       -B     Specify  an  alternate nslint.boot file. The
	      default is nslint.boot in the last directory
	      line processed in named.boot (or the current
	      working directory).  This file is	 processed
	      like  a  second named.boot.  The most common
	      use is to tell nslint about A  records  that
	      match  PTR  records  that	 point outside the
	      domains listed in named.boot.

       -C     Specify an alternate nslint.conf	file.  The
	      default is nslint.conf in the last directory
	      line processed in named.conf (or the current
	      working  directory).  This file is processed
	      like a second named.conf.

       -d     Raise the debugging level. Debugging  infor-
	      mation is displayed on stdout.

       Nslint  knows  how to read old style named.boot and
       BIND 8's new named.conf files. If both files exist,
       nslint  will  prefer named.conf (on the theory that
       you forgot to delete named.boot when  you  upgraded
       to BIND 8).

ADVANCED CONFIGURATION
       There  are  some cases where it is necessary to use
       the  advanced  configuration  features  of  nslint.
       Advanced configuration is done with the nslint.boot
       file.

       The most common is when a site has a  demilitarized
       zone  (DMZ).  The problem here is that the DMZ net-
       work will have PTR records for  hosts  outside  its
       domain.	For  example  lets  say	 we have 128.0.rev
       with:

	      1.1     604800  in      ptr     gateway.lbl.gov.
	      2.1     604800  in      ptr     gateway.es.net.

       Obviously we will define	 an  A	record	for  gate-
       way.lbl.gov  pointing  to 128.0.1.1 but we will get
       errors because there is no  A  record  defined  for
       gateway.es.net.	  The  solution	 is  to	 create	 a
       nslint.boot file (in  the  same	directory  as  the
       other dns files) with:

	      primary es.net		      nslint.es.net

       And then create the file nslint.es.net with:

	      gateway 1	      in      a	      128.0.1.2

       Another	problem	 occurs when there is a CNAME that
       points to a host outside the local  domains.  Let's
       say we have info.lbl.gov pointing to larry.es.net:

	      info    604800  in      cname   larry.es.net.

       In this case we would need:

	      primary es.net		      nslint.es.net

       in nslint.boot and:

	      larry   1	      in      txt     "place holder"

       nslint.es.net.

       One  last  problem  when	 a pseudo host is setup to
       allow two more more actual hosts provide a service.
       For, let's say that lbl.gov contains:

	      server  604800  in      a	      128.0.6.6
	      server  604800  in      a	      128.0.6.94
	      ;
	      tom     604800  in      a	      128.0.6.6
	      tom     604800  in      mx 0    lbl.gov.
	      ;
	      jerry   604800  in      a	      128.0.6.94
	      jerry   604800  in      mx 0    lbl.gov.

       In  this	 case  nslint would complain about missing
       PTR records and ip addresses in use  by	more  than
       one  host.   To	suppress  these	 warnings, add you
       would the lines:

	      primary lbl.gov		      nslint.lbl.gov
	      primary 0.128.in-addr.arpa      nslint.128.0.rev

       to nslint.boot and create nslint.lbl.gov with:

	      server  1	      in      allowdupa	      128.0.6.6
	      server  1	      in      allowdupa	      128.0.6.94

       and create nslint.128.0.rev with:

	      6.6     604800  in      ptr     server.lbl.gov.
	      94.6    604800  in      ptr     server.lbl.gov.

       In this example, the allowdupa keyword tells nslint
       that  it's  ok  for  128.0.6.6 and 128.0.6.94 to be
       shared	by   server.lbl.gov,   tom.lbl.gov,    and
       jerry.lbl.gov.

       One  last  nslint  feature  helps detect hosts that
       have mistakenly had two ip  addresses  assigned	on
       the same subnet. This can happen when two different
       people request an ip address for the same  hostname
       or   when  someone  forgets  an	address	 has  been
       assigned and requests a new number.

       To detect such A records, add a nslint  section	to
       your nslint.conf containing something similar to:

	      nslint {
		     network "128.0.6/22";
		     network "128.0.6 255.255.252.0";
	      };

       The  two	 network lines in this example are equiva-
       lent ways of saying the	same  thing;  that  subnet
       128.0.6 has a 22 bit wide subnet mask.

       If you are using nslint.boot, the syntax would be:

	      network 128.0.6/22
	      network 128.0.6 255.255.252.0

       Again this shows two ways of saying the same thing.

       Using information from the above network statement,
       nslint  would would flag the following A records as
       being in error:

	      server  1	      in      a	      128.0.6.48
	      server  1	      in      a	      128.0.7.16

       Note that if you specify any network lines in  your
       nslint.conf  or	nslint.boot files, nslint requires
       you to include lines for	 all  networks;	 otherwise
       you  might forget to add network lines for new net-
       works.

FILES
       /etc/named.boot - default named configuration file
       nslint.boot - default nslint configuration file

SEE ALSO
       named(8), rfc1033, rfc1034

AUTHOR
       Craig Leres of the Lawrence Berkeley National Labo-
       ratory, University of California, Berkeley, CA.

       The current version is available via anonymous ftp:

	      ftp://ftp.ee.lbl.gov/nslint.tar.gz

BUGS
       Please send bug reports to nslint@ee.lbl.gov.

       Not everyone is guaranteed to agree  with  all  the
       checks done.

			  20 March 2001			nslint(8)

Vote for polarhome