nslint
Section: Maintenance Commands (8)
Updated: July 12, 1996
Index
Return to Main Contents
NAME
nslint - perform consistency checks on dns files
SYNOPSIS
nslint
[
-d
] [
-b
named.boot
] [
-B
nslint.boot
]
DESCRIPTION
Nslint
reads the nameserver configuration files and performs a number of
consistency checks on the dns records. If any problems are discovered,
error messages are displayed on
stderr
and
nslint
exits with a non-zero status.
Here is a short list of errors
nslint
detects:
-
Records that are malformed.
-
Names that contain dots but are missing a trailing dot.
-
PTR
records with names that are missing a trailing dot.
-
Names that contain illegal characters (rfc1034).
-
A
records
without matching
PTR
records
-
PTR
records
without matching
A
records
-
Addresses in use by more than one name.
-
Names with
CNAME
and other records (rfc1033).
-
Unknown service and/or protocol keywords in
WKS
records.
-
Missing quotes.
OPTIONS
- -b
-
Specify an alternate
named.boot
file. The default is
/etc/named.boot
(just like
named(8)).
- -B
-
Specify an alternate
nslint.boot
file. The default is
nslint.boot
in the last
directory
line processed in
named.boot
(or the current working directory).
This file is processed like a second
named.boot.
The most common use is to tell
nslint
about
A
records that match
PTR
records that point outside the domains listed in
named.boot.
- -d
-
Raise the debugging level. Debugging information is
displayed on
stdout.
ADVANCED CONFIGURATION
There are some cases where it is necessary to use the
advanced configuration features of
nslint.
Advanced configuration is done with the
nslint.boot
file.
The most common is when a site has a demilitarized zone (DMZ).
The problem here is that the DMZ network will have
PTR
records for hosts outside its domain. For example lets say
we have
128.0.rev
with:
-
1.1 604800 in ptr gateway.lbl.gov.
2.1 604800 in ptr gateway.es.net.
Obviously we will define an
A
record for
gateway.lbl.gov
pointing to
128.0.1.1
but we will get errors because there is no
A
record defined for
gateway.es.net.
The solution is to create a
nslint.boot
file (in the same directory as the other dns files)
with:
-
primary es.net nslint.es.net
And then create the file
nslint.es.net
with:
-
gateway 1 in a 128.0.1.2
Another problem occurs when a pseudo host is setup to allow two more
more actual hosts provide a service. For, let's say that
lbl.gov
contains:
-
server 604800 in a 128.0.6.6
server 604800 in a 128.0.6.94
;
tom 604800 in a 128.0.6.6
tom 604800 in mx 0 lbl.gov.
;
jerry 604800 in a 128.0.6.94
jerry 604800 in mx 0 lbl.gov.
In this case
nslint
would complain about missing
PTR
records and ip addresses in use by more than one host.
To suppress these warnings, add you would the lines:
-
primary lbl.gov nslint.lbl.gov
primary 0.128.in-addr.arpa nslint.128.0.rev
to
nslint.boot
and create
nslint.lbl.gov
with:
-
server 1 in allowdupa 128.0.6.6
server 1 in allowdupa 128.0.6.94
and create
nslint.128.0.rev
with:
-
6.6 604800 in ptr server.lbl.gov.
94.6 604800 in ptr server.lbl.gov.
In this example, the
allowdupa
keyword tells
nslint
that it's ok for
128.0.6.6
and
128.0.6.94
to be shared by
server.lbl.gov,
tom.lbl.gov,
and
jerry.lbl.gov.
FILES
/etc/named.boot - default named configuration file
nslint.boot - default nslint configuration file
SEE ALSO
named(8),
rfc1033,
rfc1034
BUGS
Not everyone is guaranteed to agree with all the checks done.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- ADVANCED CONFIGURATION
-
- FILES
-
- SEE ALSO
-
- BUGS
-
This document was created by
man2html,
using the manual pages.
Time: 22:09:45 GMT, June 11, 2022