home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
SGI Freeware 2002 November
/
SGI Freeware 2002 November - Disc 2.iso
/
dist
/
fw_host.idb
/
usr
/
freeware
/
catman
/
u_man
/
cat1
/
host-loc.loc.Z
/
host-loc.loc
Wrap
Text File
|
2002-01-08
|
44KB
|
1,255 lines
host(1) host(1)
NNAAMMEE
host - query nameserver about domain names and zones
SSYYNNOOPPSSIISS
hhoosstt [--vv] [--aa] [--tt _q_u_e_r_y_t_y_p_e] [_o_p_t_i_o_n_s] _n_a_m_e [_s_e_r_v_e_r]
hhoosstt [--vv] [--aa] [--tt _q_u_e_r_y_t_y_p_e] [_o_p_t_i_o_n_s] --ll _z_o_n_e [_s_e_r_v_e_r]
hhoosstt [--vv] [_o_p_t_i_o_n_s] --HH [--DD] [--EE] [--GG] _z_o_n_e
hhoosstt [--vv] [_o_p_t_i_o_n_s] --CC _z_o_n_e
hhoosstt [--vv] [_o_p_t_i_o_n_s] --AA _h_o_s_t
hhoosstt [_o_p_t_i_o_n_s] --xx [_n_a_m_e ...]
hhoosstt [_o_p_t_i_o_n_s] --XX _s_e_r_v_e_r [_n_a_m_e ...]
OOPPTTIIOONN SSYYNNTTAAXX
Besides the traditional short options (one letter with
single dash, and an optional value as separate argument),
there are now also long options in the format ----kkeeyy
wwoorrdd[=_v_a_l_u_e]. Many (but not all) short options have a
long equivalent. There are several long options without a
short equivalent. The long options are not yet documented
in this manual page, but a summary of the existing long
options, and the mapping to their short alternative, is
available via the command hhoosstt ----hheellpp.
DDEESSCCRRIIPPTTIIOONN
_h_o_s_t looks for information about Internet hosts and domain
names. It gets this information from a set of intercon
nected servers that are spread across the world. The
information is stored in the form of "resource records"
belonging to hierarchically organized "zones".
By default, the program simply converts between host names
and Internet addresses. However, with the --tt, --aa and --vv
options, it can be used to find all of the information
about domain names that is maintained by the domain name
server system. The information printed consists of vari
ous fields of the associated resource records that were
retrieved.
The arguments can be either host names (domain names) or
numeric Internet addresses.
A numeric Internet address consists of four decimal num
bers separated by dots, e.g. 119922..1166..119999..11, representing
the four bytes of the 32-bit address.
The default action is to look up the associated host name.
A host name or domain name consists of component names
(labels) separated by dots, e.g. nniikkhheeffhh..nniikkhheeff..nnll
The default action is to look up all of its Internet
addresses.
For single names without a trailing dot, the local domain
is automatically tacked on the end. Thus a user in domain
991527 1
host(1) host(1)
"nikhef.nl" can say "host nikhapo", and it will actually
look up "nikhapo.nikhef.nl". In all other cases, the name
is tried unchanged. Single names with trailing dot are
considered top-level domain specifications, e.g. "nl."
Note that the usual lookup convention for any name that
does not end with a trailing dot is to try first with the
local domain appended, and possibly other search domains.
(As of BIND 4.9, names that have embedded dots but no
trailing dot are first tried ``as is'' before appending
search domains) This convention is not used by this pro
gram.
The actual suffix to tack on the end is usually the local
domain as specified in the //eettcc//rreessoollvv..ccoonnff file, but this
can be overridden. See below for a description of how to
customize the host name lookup.
AARRGGUUMMEENNTTSS
The first argument is normally the host name (domain name)
for which you want to look up the requested information.
If the first argument is an Internet address, a query is
done on the special "reverse mapping" domain to look up
its associated host name.
If the --ll option is given, the first argument is a domain
zone name for which a complete listing is given. The pro
gram enters a special zone listing mode which has several
variants (see below).
The second argument is optional. It allows you to specify
a particular server to query. If you don't specify this
argument, default servers are used, as defined by the
//eettcc//rreessoollvv..ccoonnff file.
EEXXTTEENNDDEEDD SSYYNNTTAAXX
If the --xx option is given, it extends the syntax in the
sense that multiple arguments are allowed on the command
line. An optional explicit server must now be specified
using the --XX option as it cannot be given as an ordinary
argument any more. The --XX option implies --xx.
The extended syntax allows no arguments at all, in which
case the arguments will be read from standard input. This
can be a pipe, redirection from a file, or an interactive
terminal. Note that these arguments are the names to be
queried, and not command options. Everything that appears
after a '#' or ';' on an input line will be skipped. Mul
tiple arguments per line are allowed.
OOPPTTIIOONNSS
There are a number of options that can be used before the
specified arguments. Some of these options are meaningful
only to the people who maintain the domain database zones.
991527 2
host(1) host(1)
The first options are the regularly used ones.
--vv causes printout to be in a "verbose" format. All
resource record fields are printed. Without this
option, the ttl and class fields are not shown. Also
the contents of the "additional information" and
"authority information" sections in the answer from
the nameserver are printed, if present. Normally
these sections are not shown. In addition, the ver
bose option prints extra information about the various
actions that are taken by the program. Note that --vvvv
is "very verbose". This generates a lot of output.
--tt _q_u_e_r_y_t_y_p_e
allows you to specify a particular type of resource
record information to be looked up. Supported types
are listed below. The wildcard may be written as
either AANNYY or **. Types may be given in upper or lower
case. The default is type AA for regular lookups, and
AA, NNSS, and PPTTRR for zone listings.
--aa is equivalent to --tt AANNYY. Note that this gives you
"anything available" (currently cached) and not "all
defined data" if a non-authoritative server is
queried.
SSPPEECCIIAALL MMOODDEESS
The following options put the program in a special mode.
--ll _z_o_n_e
generates the listing of an entire zone.
E.g. the command
hhoosstt --ll nniikkhheeff..nnll
will give a listing of all hosts in the "nikhef.nl"
zone. The --tt option is used to filter what informa
tion is extracted, as you would expect. The default is
address information from A records, supplemented with
data from PTR and NS records.
The command
hhoosstt --ZZ --aa --ll nniikkhheeff..nnll
will give a complete download of the zone data for
"nikhef.nl", in the official master file format.
--HH can be specified instead of the --ll option. It will
print the count of the unique hostnames (names with an
A record) encountered within the zone. It will not
count pseudo names like "localhost", nor addresses
associated with the zone name itself. Neither are
counted the "glue records" that are necessary to
define nameservers for the zone and its delegated
zones.
991527 3
host(1) host(1)
By default, this option will not print any resource
records.
Combined with the --SS option, it will give a complete
statistics survey of the zone.
The host count may be affected by duplicate hosts (see
below). To compute the most realistic value, subtract
the duplicate host count from the total host count.
--GG implies --HH, but lists the names of gateway hosts.
These are the hosts that have more than one address.
Gateway hosts are not checked for duplicate addresses.
--EE implies --HH, but lists the names of extrazone hosts.
An extrazone host in zone "foo.bar" is of the form
"host.xxx.foo.bar" where "xxx.foo.bar" is not defined
as a delegated zone with an NS record. This may be
intentional, but also may be an error.
--DD implies --HH, but lists the names of duplicate hosts.
These are hosts with only one address, which is known
to have been defined also for another host with a dif
ferent name, possibly even in a different zone. This
may be intentional, but also may be an error.
--CC can be specified instead of the --ll option. It causes
the SOA records for the specified zone to be compared
as found at each of the authoritative nameservers for
the zone (as listed in the NS records). Nameserver
recursion is turned off, and it will be checked
whether the answers are really authoritative. If a
server cannot provide an authoritative SOA record, a
lame delegation of the zone to that server is
reported. Discrepancies between the records are
reported. Various sanity checks are performed.
--AA enters a special address check mode.
If the first argument is a host name, its addresses
will be retrieved, and for each of the addresses it
will be checked whether they map back to the given
host.
If the first argument is a dotted quad Internet
address, its name will be retrieved, and it will be
checked whether the given address is listed among the
known addresses belonging to that host.
If the --AA flag is specified along with any zone list
ing option, a reverse lookup of the address in each
encountered A record is performed, and it is checked
whether it is registered and maps back to the name of
the A record. This applies to forward zones. For
991527 4
host(1) host(1)
reverse in-addr.arpa zones, it is checked whether the
target in PTR records maps to a canonical host name.
LLIISSTTIINNGG OOPPTTIIOONNSS
The following options apply only to the special zone list
ing modes.
--LL _l_e_v_e_l
Recursively generate zone listings up to this level
deep. Level 1 traverses the parent zone and all of
its delegated zones. Each additional level descends
into another layer of delegated zones.
--SS prints statistics about the various types of resource
records found during zone listings, the number of var
ious host classifications, the number of delegated
zones, and some total statistics after recursive list
ings.
--pp causes only the primary nameserver of a zone to be
contacted for zone transfers during zone listings.
Normally, zone transfers are obtained from any one of
the authoritative servers that responds. The primary
nameserver is obtained from the SOA record of the
zone. If a specific server is given on the command
line, this option will query that server for the
desired nameservers of the zone. This can be used for
testing purposes in case the zone has not been regis
tered yet.
--PP _p_r_e_f_s_e_r_v_e_r
gives priority for zone transfers to preferred servers
residing in domains given by the comma-separated list
_p_r_e_f_s_e_r_v_e_r. The more domain component labels match,
the higher the priority. If this option is not pre
sent, priority is given to servers within your own
domain or parent domains. The order in which NS
records are issued may be unfavorable if they are sub
ject to BIND 4.9 round-robin reshuffling.
--NN _s_k_i_p_z_o_n_e
prohibits zone transfers for the zones given by the
comma-separated list _s_k_i_p_z_o_n_e. This may be used during
recursive zone listings when certain zones are known
to contain bogus information which should be excluded
from further processing.
CCOOMMMMOONN OOPPTTIIOONNSS
The following options can be used in both normal mode and
domain listing mode.
--dd turns on debugging. Nameserver transactions are shown
in detail. Note that --dddd prints even more debugging
output.
991527 5
host(1) host(1)
--ff _f_i_l_e_n_a_m_e
writes the resource record output to the given logfile
as well as to standard output.
--FF _f_i_l_e_n_a_m_e
same as --ff, but exchange the role of stdout and log
file. All stdout output (including verbose and debug
printout) goes to the logfile, and stdout gets only
the extra resource record output (so that it can be
used in pipes).
--II _c_h_a_r_s
suppresses warning messages about illegal domain names
containing invalid characters, by specifying such
characters in the string _c_h_a_r_s. The underscore is a
good candidate.
--ii constructs a query for the "reverse mapping" iinn--
aaddddrr..aarrppaa domain in case a numeric (dotted quad)
address was specified. Useful primarily for zone
listing mode, since for numeric regular lookups such
query is done anyway (but with -i you see the actual
PTR resource record outcome).
--nn constructs a query for the "reverse mapping" nnssaapp..iinntt
domain in case an nsap address was specified. This
can be used to look up the names associated with nsap
addresses, or to list reverse nsap zones. An nsap
address consists of an even number of hexadecimal dig
its, with a maximum of 40, optionally separated by
interspersed dots. An optional prefix "0x" is
skipped. If this option is used, all reverse nsap.int
names are by default printed in forward notation, only
to improve readability. The --ZZ option forces the out
put to be in the official zone file format.
--qq be quiet and suppress various warning messages (the
ones preceded by " !!! "). Serious error messages
(preceded by " *** ") are never suppressed.
--QQ selects quick mode, in which several potentially time
consuming special checks are not carried out, and
statistics gathering is skipped if not explicitly
selected.
--TT prints the time-to-live values during non-verbose out
put. By default the ttl is shown only in verbose
mode.
--ZZ prints the selected resource record output in full
zone file format, including trailing dot in domain
names, plus ttl value and class name.
991527 6
host(1) host(1)
OOTTHHEERR OOPPTTIIOONNSS
The following options are used only in special circum
stances.
--cc _c_l_a_s_s
allows you to specify a particular resource record
class. Supported are IINN, IINNTTEERRNNEETT, CCSS, CCSSNNEETT, CCHH,
CCHHAAOOSS, HHSS, HHEESSIIOODD, and the wildcard AANNYY or **. The
default class is IINN.
--ee excludes information about names that are not residing
within the given zone during zone listings, such as
some glue records. For regular queries, it suppresses
the printing of the "additional information" and
"authority information" sections in the answer from
the nameserver.
--mm is equivalent to --tt MMAAIILLBB, which filters any of types
MMBB, MMRR, MMGG, or MMIINNFFOO. In addition, MMRR and MMGG records
will be recursively expanded into MMBB records.
--oo suppresses the resource record output to stdout. Can
be used in combination with the --ff option to separate
the resource record output from verbose and debug com
ments and error messages.
--rr causes nameserver recursion to be turned off in the
request. This means that the contacted nameserver
will return only data it has currently cached in its
own database. It will not ask other servers to
retrieve the information. Note that nameserver recur
sion is always turned off when checking SOA records
using the --CC option. Authoritative servers should have
all relevant information available.
--RR Normally querynames are assumed to be fully qualified
and are tried as such, unless it is a single name,
which is always tried (and only once) in the default
domain. This option simulates the default BIND behav
ior by qualifying any specified name by repeatedly
adding search domains, with the exception that the
search terminates immediately if the name exists but
does not have the desired querytype. The default
search domains are constructed from the default domain
by repeatedly peeling off the first component, until a
final domain with only one dot remains.
--ss _s_e_c_o_n_d_s
specifies a new nameserver timeout value. The program
will wait for a nameserver reply in two attempts of
this number of seconds. Normally it does 2 attempts
of 5 seconds per nameserver address tried. The actual
timeout algorithm is slightly more complicated,
extending the timeout value dynamically depending on
991527 7
host(1) host(1)
the number of tries and the number of nameserver
addresses.
--uu forces the use of virtual circuits (TCP) instead of
datagrams (UDP) when issuing nameserver queries. This
is slower, but potentially more reliable. Note that a
virtual circuit is automatically chosen in case a
query exceeds the maximum datagram packet size. Also
if a datagram answer turns out to be truncated, the
query is retried using virtual circuit. A zone trans
fer is always done via a virtual circuit.
--ww causes the program to retry forever if the response to
a regular query times out. Normally it will time out
after some 10 seconds per nameserver address tried.
--VV prints just the version number of the hhoosstt program,
and exits.
SSPPEECCIIAALL OOPPTTIIOONNSS
The following options are used only in special circum
stances.
--OO _s_r_c_a_d_d_r
Define an explicit source IP address for sending name
server queries. This may be necessary for multi-homed
hosts with asymmetric routing policy.
--jj _m_i_n_p_o_r_t --JJ _m_a_x_p_o_r_t
Define a range of explicit port numbers to be assigned
to the source IP address of the client socket for
sending the nameserver queries and receiving the
replies. Normally the kernel chooses a random free
port number. This may be an inappropriate number if
you are behind a firewall that filters random port
numbers on incoming traffic.
If only one of --jj or --JJ is given, a single explicit
port number is defined. This is ok for UDP queries,
but may not be sufficient for TCP queries.
DDEEFFAAUULLTT OOPPTTIIOONNSS
Default options and parameters can be preset in an envi
ronment variable HHOOSSTT__DDEEFFAAUULLTTSS using the same syntax as on
the command line. They will be evaluated before the com
mand line arguments.
QQUUEERRYYTTYYPPEESS
The following querytypes (resource record types) are sup
ported. Indicated within parentheses are the various
kinds of data fields.
AA Host address (dotted quad)
NNSS Authoritative nameserver (domain name)
991527 8
host(1) host(1)
MMDD Mail destination (domain name)
MMFF Mail forwarder (domain name)
CCNNAAMMEE Canonical name for an alias (domain name)
SSOOAA Marks the start of a zone of authority (domain
name of primary, domain name of hostmaster,
serial, refresh, retry, expiration, default ttl)
MMBB Mailbox domain name (domain name)
MMGG Mail group member (domain name)
MMRR Mail rename domain name (domain name)
NNUULLLL Null resource record (no format or data)
WWKKSS Well-known service description (dotted quad,
protocol name, list of services)
PPTTRR Domain name pointer (domain name)
HHIINNFFOO Host information (CPU type string, OS type
string)
MMIINNFFOO Mailbox or mail list information (request domain
name, error domain name)
MMXX Mail exchanger (preference value, domain name)
TTXXTT Descriptive text (one or more strings)
UUIINNFFOO User information (string)
UUIIDD User identification (number)
GGIIDD Group identification (number)
UUNNSSPPEECC Unspecified binary data (data)
AANNYY Matches information of any type available.
MMAAIILLBB Matches any of types MMBB, MMRR, MMGG, or MMIINNFFOO.
MMAAIILLAA Matches any of types MMDD, or MMFF.
The following types have been defined in RFC 1183, but are
not yet in general use. They are recognized by this pro
gram.
RRPP Responsible person (domain name for MB, domain
name for TXT)
991527 9
host(1) host(1)
AAFFSSDDBB AFS database location (type, domain name)
XX2255 X25 address (address string)
IISSDDNN ISDN address (address string, optional subad
dress string)
RRTT Route through host (preference value, domain
name)
The following types have been defined in RFC 1348, but are
not yet in general use. They are recognized by this pro
gram. RFC 1348 has already been obsoleted by RFC 1637 and
RFC 1706, which defines a new experimental usage of NSAP
records. This program has now hooks to manipulate them.
NNSSAAPP NSAP address (encoded address)
NNSSAAPP--PPTTRR NSAP pointer (domain name)
The following are new types as per RFC 1664 and RFC 1712.
Note that the GPOS type has been withdrawn already, and
has been superseded by the LOC type.
PPXX X400 to RFC822 mapping (preference value, rfc822
domain, x400 domain)
GGPPOOSS Geographical position (longitude string, lati
tude string, altitude string)
The following types have been reserved in RFC 1700, and
are defined in RFC 2065 and revised per RFC 2035.
SSIIGG Security signature
KKEEYY Security key
NNXXTT Next valid record
The IP v6 address architecture and DNS extensions are
defined in RFC 1884 and RFC 1886.
AAAAAAAA IP v6 address (address spec with colons)
The following type is documented in RFC 1876.
LLOOCC Geographical location (latitude, longitude,
altitude, precision)
The following types have been proposed, but are still in
draft.
EEIIDD Endpoint identifier
991527 10
host(1) host(1)
NNIIMMLLOOCC Nimrod locator
AATTMMAA ATM address
The following type is defined per RFC 2168.
NNAAPPTTRR Naming authority URN
The following type is proposed in RFC 2052, updated by RFC
2782.
SSRRVV Internet service information
The following type is proposed in RFC 2230.
KKXX Key exchanger (preference value, domain name)
The following type is defined in RFC 2538.
CCEERRTT
The following types have been proposed, but are still in
draft.
AA66
DDNNAAMMEE
SSIINNKK
The following type is defined in RFC 2671.
OOPPTT
EEXXAAMMPPLLEESS
A very good summary and validation of an entire zone can
be obtained with the following command:
hhoosstt --GG --SS --CC --AA --LL 11 _z_o_n_e
DDIIAAGGNNOOSSTTIICCSS
FFAAIILLUURREE MMEESSSSAAGGEESS
The following messages are printed to show the reason of
failure for a particular query. The name of an explicit
server, if specified, may be included. If a special class
was requested, it is also shown.
Nameserver [_s_e_r_v_e_r] not running
The contacted server host does not have a nameserver
running.
Nameserver [_s_e_r_v_e_r] not responding
The nameserver at the contacted server host did not
991527 11
host(1) host(1)
give a reply within the specified time frame.
Nameserver [_s_e_r_v_e_r] not reachable
The network route to the intended server host is
blocked.
_n_a_m_e does not exist [at _s_e_r_v_e_r] (Authoritative answer)
The queryname does definitely not exist at all.
_n_a_m_e does not exist [at _s_e_r_v_e_r], try again
The queryname does not exist, but the answer was not
authoritative, so it is still undecided.
_n_a_m_e has no _t_y_p_e record [at _s_e_r_v_e_r] (Authoritative answer)
The queryname is valid, but the specified type does
not exist. This status is here returned only in case
authoritative.
_n_a_m_e _t_y_p_e record currently not present [at _s_e_r_v_e_r]
The specified type does not exist, but we don't know
whether the queryname is valid or not. The answer was
not authoritative. Perhaps recursion was off, and no
data was cached locally.
_n_a_m_e _t_y_p_e record not found [at _s_e_r_v_e_r], try again
Some intermediate failure, e.g. timeout reaching a
nameserver.
_n_a_m_e _t_y_p_e record not found [at _s_e_r_v_e_r], server failure
Some explicit nameserver failure to process the query,
due to internal or forwarding errors. This may also be
returned if the zone data has expired at a secondary
server, of when the server is not authoritative for
some class.
_n_a_m_e _t_y_p_e record not found [at _s_e_r_v_e_r], no recovery
Some irrecoverable format error, or server refusal.
_n_a_m_e _t_y_p_e record query refused [by _s_e_r_v_e_r]
The contacted nameserver explicitly refused to answer
the query. Some nameservers are configured to refuse
zone transfer requests that come from arbitrary
clients.
_n_a_m_e _t_y_p_e record not found [at _s_e_r_v_e_r]
The exact reason for failure could not be determined.
(This should not happen).
_z_o_n_e has lame delegation to _s_e_r_v_e_r
If we query a supposedly authoritative nameserver for
the SOA record of a zone, the information should be
available and the answer should be authoritative. If
not, a lame delegation is flagged. This is also done
if the server turns out not to exist at all. Ditto if
991527 12
host(1) host(1)
we ask for a zone transfer and the server cannot pro
vide it.
No nameservers for _z_o_n_e found
It was not possible to retrieve the name of any name
server for the desired zone, in order to do a zone
transfer.
No addresses of nameservers for _z_o_n_e found
We got some nameserver names, but it was not possible
to retrieve addresses for any of them.
No nameservers for _z_o_n_e responded
When trying all nameservers in succession to do a zone
transfer, none of them were able or willing to provide
it.
WWAARRNNIINNGG AANNDD EERRRROORR MMEESSSSAAGGEESS
Miscellaneous warning messages may be generated. They are
preceded by " !!! " and indicate some non-fatal condition,
usually during the interpretation of the retrieved data.
These messages can be suppressed with the -q command line
option.
Error messages are preceded by " *** " and indicate a
serious problem, such as format errors in the answers to
queries, but also major violations of the specifications.
Those messages cannot be suppressed.
_z_o_n_e has only one nameserver _s_e_r_v_e_r
When retrieving the nameservers for a zone, it appears
that only one single nameserver exists. This is
against the recommendations.
_z_o_n_e nameserver _s_e_r_v_e_r is not canonical (_r_e_a_l_s_e_r_v_e_r)
When retrieving the nameservers for a zone, the name
of the specified server appears not to be canonical.
This may cause serious operational problems. The
canonical name is given between parentheses.
empty zone transfer for _z_o_n_e from _s_e_r_v_e_r
The zone transfer from the specified server contained
no data, perhaps only the SOA record. This could hap
pen if we query the victim of a lame delegation which
happens to have the SOA record in its cache.
extraneous NS record for _n_a_m_e within _z_o_n_e from _s_e_r_v_e_r
During a zone transfer, an NS record appears for a
name which is not a delegated subzone of the current
zone.
extraneous SOA record for _n_a_m_e within _z_o_n_e from _s_e_r_v_e_r
During a zone transfer, an SOA record appears for a
name which is not the name of the current zone.
991527 13
host(1) host(1)
extraneous glue record for _n_a_m_e within _z_o_n_e from _s_e_r_v_e_r
During a zone transfer, a glue record is included for
a name which is not part of the zone or its delegated
subzones. This is done in some older versions of BIND.
It is undesirable since unauthoritative, or even
incorrect, information may be propagated.
incomplete _t_y_p_e record for _n_a_m_e
When decoding the resource record data from the answer
to a query, not all required data fields were present.
This is frequently the case for HINFO records of which
only one of the two data field is encoded.
_n_a_m_e has both NS and A records within _z_o_n_e from _s_e_r_v_e_r
An A record has been defined for the delegated zone
_n_a_m_e. This is signalled only during the transfer of
the parent _z_o_n_e. It is not an error, but the overall
hostcount may be wrong, since the A record is counted
as a host in the parent zone. This A record is not
included in the hostcount of the delegated zone.
_n_a_m_e _t_y_p_e record has zero ttl
Resource records with a zero ttl value are special.
They are not cached after retrieval from an authorita
tive nameserver.
_n_a_m_e _t_y_p_e records have different ttl within _z_o_n_e from
_s_e_r_v_e_r
Resource records of the same name/type/class should
have the same ttl value in zone listings. This is
sometimes not the case, due to the independent defini
tion of glue records or other information in the par
ent zone, which is not kept in sync with the defini
tion in the delegated zone.
_n_a_m_e _t_y_p_e record has illegal name
The name of an A or MX record contains invalid charac
ters. Only alphanumeric characters and hyphen '-' are
valid in components (labels) between dots.
_n_a_m_e _t_y_p_e host _s_e_r_v_e_r has illegal name
The name of an NS or MX target host contains invalid
characters. Only alphanumeric characters and hyphen
'-' are valid in components (labels) between dots.
_n_a_m_e _t_y_p_e host _s_e_r_v_e_r does not exist
The NS or MX target host _s_e_r_v_e_r does not exist at all.
In case of NS, a lame delegation of _n_a_m_e to _s_e_r_v_e_r is
flagged. It also applies to the PTR target host in
reverse zones.
_n_a_m_e _t_y_p_e host _s_e_r_v_e_r has no A record
The NS or MX target host _s_e_r_v_e_r has no address. In
case of NS, a lame delegation of _n_a_m_e to _s_e_r_v_e_r is
991527 14
host(1) host(1)
flagged. It also applies to the PTR target host in
reverse zones.
_n_a_m_e _t_y_p_e host _s_e_r_v_e_r is not canonical
The NS or MX target host _s_e_r_v_e_r is not a canonical
name. This may cause serious operational problems
during domain data retrieval, or electronic mail
delivery. It also applies to the PTR target host in
reverse zones.
_n_a_m_e _t_y_p_e target _d_o_m_a_i_n does not exist
The CNAME target _d_o_m_a_i_n does not exist at all.
_n_a_m_e _t_y_p_e target _d_o_m_a_i_n has no ANY record
The CNAME target _d_o_m_a_i_n does not seem to have any
associated resource record, although the name seems to
exist.
_n_a_m_e address _A_._B_._C_._D is not registered
The reverse lookup of the address of an A record
failed in an authoritative fashion. It was not present
in the corresponding in-addr.arpa zone.
_n_a_m_e address _A_._B_._C_._D maps to _r_e_a_l_n_a_m_e
The reverse lookup of the address of an A record suc
ceeded, but it did not map back to the name of the A
record. There may be A records with different names
for the same address. In the reverse in-addr.arpa
zone there is usually only one PTR to the ``official''
host name.
_n_a_m_e address _A_._B_._C_._D maps to alias _a_l_i_a_s_n_a_m_e
In case of multiple PTR records, the first one encoun
tered points to the ``official'' host name. Subsequent
ones are returned as alias names via gethostbyaddr()
as of BIND 4.9. Note that PTR records are exempt from
round-robin reshuffling.
_z_o_n_e SOA record at _s_e_r_v_e_r is not authoritative
When checking the SOA for a zone at one of its suppos
edly authoritative nameservers, the SOA information
turns out to be not authoritative. This could be
determined by making a query without nameserver recur
sion turned on.
_z_o_n_e SOA primary _s_e_r_v_e_r is not advertised via NS
The primary nameserver is not among the list of name
servers retrieved via NS records for the zone. This
is not an error per se, since only publicly accessible
nameservers may be advertised, and others may be
behind a firewall.
_z_o_n_e SOA primary _s_e_r_v_e_r has illegal name
The name of the primary nameserver contains invalid
991527 15
host(1) host(1)
characters.
_z_o_n_e SOA hostmaster _m_a_i_l_b_o_x has illegal mailbox
The name of the hostmaster mailbox contains invalid
characters. A common mistake is to use an RFC822
email address with a ``@'', whereas the at-sign should
have been replaced with a dot.
_z_o_n_e SOA serial has high bit set
Although the serial number is an unsigned 32-bit
value, overflow into the high bit can inadvertently
occur by making inappropriate use of the dotted deci
mal notation in the zone file. This may lead to syn
chronization failures between primary and secondary
servers.
_z_o_n_e SOA retry exceeds refresh
A failing refresh would be retried after it is time
for the next refresh.
_z_o_n_e SOA refresh+retry exceeds expire
The retry after a failing refresh would be done after
the data has already expired.
_z_o_n_e SOA expire is less than 1 week
The authoritative data at secondary servers expires
after only one week of failing refresh attempts. This
is probably a little too early under normal circum
stances.
_z_o_n_e SOA expire is more than 6 months
Secondary servers will retry failing refresh attempts
for a period of more than 6 months before their
authoritative data expires. As BIND 8 concludes: war
must have broken out.
_s_e_r_v_e_r_1 and _s_e_r_v_e_r_2 have different primary for _z_o_n_e
If the SOA record is different, the zone data is prob
ably different as well. What you get depends on which
server you happen to query.
_s_e_r_v_e_r_1 and _s_e_r_v_e_r_2 have different hostmaster for _z_o_n_e
If the SOA record is different, the zone data is prob
ably different as well. What you get depends on which
server you happen to query.
_s_e_r_v_e_r_1 and _s_e_r_v_e_r_2 have different serial for _z_o_n_e
This is usually not an error, but happens during the
period after the primary server has updated its zone
data, but before a secondary performed a refresh. Nev
ertheless there could be an error if a mistake has
been made in properly adapting the serial number.
991527 16
host(1) host(1)
_s_e_r_v_e_r_1 and _s_e_r_v_e_r_2 have different refresh for _z_o_n_e
If the SOA record is different, the zone data is prob
ably different as well. What you get depends on which
server you happen to query.
_s_e_r_v_e_r_1 and _s_e_r_v_e_r_2 have different retry for _z_o_n_e
If the SOA record is different, the zone data is prob
ably different as well. What you get depends on which
server you happen to query.
_s_e_r_v_e_r_1 and _s_e_r_v_e_r_2 have different expire for _z_o_n_e
If the SOA record is different, the zone data is prob
ably different as well. What you get depends on which
server you happen to query.
_s_e_r_v_e_r_1 and _s_e_r_v_e_r_2 have different defttl for _z_o_n_e
If the SOA record is different, the zone data is prob
ably different as well. What you get depends on which
server you happen to query.
EEXXIITT SSTTAATTUUSS
The program returns a zero exit status if the requested
information could be retrieved successfully, or in case
zone listings or SOA checks were performed without any
serious error. Otherwise it returns a non-zero exit sta
tus.
EENNVVIIRROONNMMEENNTT
CCUUSSTTOOMMIIZZIINNGG HHOOSSTT NNAAMMEE LLOOOOKKUUPP
In general, if the name supplied by the user does not have
any dots in it, a default domain is appended to the end.
This domain is usually defined in the //eettcc//rreessoollvv..ccoonnff
file. If not, it is derived by taking the local hostname
and taking everything after its first dot.
The user can override this, and specify a different
default domain, by defining it in the environment variable
_L_O_C_A_L_D_O_M_A_I_N.
In addition, the user can supply his own single-word
abbreviations for host names. They should be in a file
consisting of one line per abbreviation. Each line con
tains an abbreviation, white space, and then the fully
qualified host name. The name of this file must be speci
fied in the environment variable _H_O_S_T_A_L_I_A_S_E_S.
SSPPEECCIIAALL CCOONNSSIIDDEERRAATTIIOONNSS
The complete set of resource record information for a
domain name is available from an authoritative nameserver
only. Therefore, if you query another server with the "-a"
option, only a subset of the data may be presented, since
this option asks for any data that the latter server cur
rently knows about, not all data that may possibly exist.
Note that the "-v" option shows whether an answer is
991527 17
host(1) host(1)
authoritative or not.
When listing a zone with the "-l" option, information will
be fetched from authoritative nameservers for that zone.
This is implemented by doing a complete zone transfer and
then filtering out the information that you have asked
for. Note that direct contact with such nameservers must
be possible for this option to work. This option should
be used with caution. Servers may be configured to refuse
zone transfers if they are flooded with requests.
RREELLAATTEEDD DDOOCCUUMMEENNTTAATTIIOONN
rfc819, Domain naming convention for internet applications
rfc883, Domain names - implementation and specification
rfc920, Domain requirements
rfc952, DOD Internet host table specification
rfc974, Mail routing and the domain system
rfc1032, Domain administrators guide
rfc1033, Domain administrators operations guide
rfc1034, Domain names - concepts and facilities
rfc1035, Domain names - implementation and specification
rfc1101, DNS encoding of network names and other types
rfc1122, Requirements for Internet hosts - comm. layers
rfc1123, Requirements for Internet hosts - application
rfc1183, New DNS RR definitions
rfc1348, DNS NSAP RRs
rfc1535, A security problem and proposed correction
rfc1536, Common DNS implementation errors
rfc1537, Common DNS data file configuration errors
rfc1591, Domain Name System structure and delegation
rfc1597, Address allocation for private internets
rfc1627, Network 10 considered harmful
rfc1637, DNS NSAP resource records
rfc1664, Using DNS to distribute X.400 address mappings
rfc1700, Assigned numbers
rfc1706, DNS NSAP resource records
rfc1712, DNS encoding of geographical location (GPOS)
rfc1713, Tools for DNS debugging
rfc1794, DNS support for load balancing
rfc1876, Expressing location information in the DNS (LOC)
rfc1884, IP v6 addressing architecture
rfc1886, DNS extensions to support IP v6 (AAAA)
rfc1912, Common DNS operational and configuration errors
rfc1982, Serial number arithmetic
rfc1995, Incremental zone transfer in DNS (IXFR)
rfc1996, Prompt notification of zone changes
rfc2010, Operational criteria for root nameservers
rfc2052, Specification of location of services (SRV)
rfc2065, DNS security extensions (KEY/SIG/NXT)
rfc2136, Dynamic updates in the DNS
rfc2137, Secure DNS dynamic update
rfc2163, Using DNS to distribute global address mapping
(PX)
rfc2168, Resolution of Uniform Resource Identifiers
991527 18
host(1) host(1)
(NAPTR)
rfc2181, Clarifications to the DNS specification
rfc2230, Key exchange delegation record for the DNS (KX)
rfc2308, Negative cacheing of DNS queries
rfc2317, Classless in-addr.arpa delegation
rfc2535, DNS security extensions (KEY/SIG/NXT)
rfc2538, Storing certificates in the DNS (CERT)
rfc2541, DNS security operational considerations
rfc2671, Extension mechanisms for DNS (OPT)
rfc2782, Specifying the location of services (SRV)
AAUUTTHHOORR
This program is originally from Rutgers University.
Rewritten by Eric Wassenaar, NIKHEF, <e07@nikhef.nl>
SSEEEE AALLSSOO
named(8), resolv.conf(5), resolver(3)
991527 19
