nslint

Section: Maintenance Commands (8)
Updated: July 12, 1996
Index Return to Main Contents

NAME

nslint - perform consistency checks on dns files

SYNOPSIS

nslint [ -d ] [ -b named.boot ] [ -B nslint.boot ]

DESCRIPTION

Nslint reads the nameserver configuration files and performs a number of consistency checks on the dns records. If any problems are discovered, error messages are displayed on stderr and nslint exits with a non-zero status.

Here is a short list of errors nslint detects:

: Records that are malformed.
: Names that contain dots but are missing a trailing dot.
: PTR records with names that are missing a trailing dot.
: Names that contain illegal characters (rfc1034).
: A records without matching PTR records
: PTR records without matching A records
: Addresses in use by more than one name.
: Names with CNAME and other records (rfc1033).
: Unknown service and/or protocol keywords in WKS records.
: Missing quotes.

OPTIONS

-b: Specify an alternate named.boot file. The default is /etc/named.boot (just like named(8)).
-B: Specify an alternate nslint.boot file. The default is nslint.boot in the last directory line processed in named.boot (or the current working directory). This file is processed like a second named.boot. The most common use is to tell nslint about A records that match PTR records that point outside the domains listed in named.boot.
-d: Raise the debugging level. Debugging information is displayed on stdout.

ADVANCED CONFIGURATION

There are some cases where it is necessary to use the advanced configuration features of nslint. Advanced configuration is done with the nslint.boot file.

The most common is when a site has a demilitarized zone (DMZ). The problem here is that the DMZ network will have PTR records for hosts outside its domain. For example lets say we have 128.0.rev with:

1.1     604800  in      ptr     gateway.lbl.gov.
2.1     604800  in      ptr     gateway.es.net.

Obviously we will define an A record for gateway.lbl.gov pointing to 128.0.1.1 but we will get errors because there is no A record defined for gateway.es.net. The solution is to create a nslint.boot file (in the same directory as the other dns files) with:

primary es.net                  nslint.es.net

And then create the file nslint.es.net with:

gateway 1       in      a       128.0.1.2

Another problem occurs when a pseudo host is setup to allow two more more actual hosts provide a service. For, let's say that lbl.gov contains:

server  604800  in      a       128.0.6.6
server  604800  in      a       128.0.6.94
;
tom     604800  in      a       128.0.6.6
tom     604800  in      mx 0    lbl.gov.
;
jerry   604800  in      a       128.0.6.94
jerry   604800  in      mx 0    lbl.gov.

In this case nslint would complain about missing PTR records and ip addresses in use by more than one host. To suppress these warnings, add you would the lines:

primary lbl.gov                 nslint.lbl.gov
primary 0.128.in-addr.arpa      nslint.128.0.rev

to nslint.boot and create nslint.lbl.gov with:

server  1       in      allowdupa       128.0.6.6
server  1       in      allowdupa       128.0.6.94

and create nslint.128.0.rev with:

6.6     604800  in      ptr     server.lbl.gov.
94.6    604800  in      ptr     server.lbl.gov.

In this example, the allowdupa keyword tells nslint that it's ok for 128.0.6.6 and 128.0.6.94 to be shared by server.lbl.gov, tom.lbl.gov, and jerry.lbl.gov.

FILES

/etc/named.boot - default named configuration file
nslint.boot - default nslint configuration file

BUGS

Not everyone is guaranteed to agree with all the checks done.

This document was created by man2html, using the manual pages.
Time: 22:09:45 GMT, June 11, 2022