Commit aa6eb5db authored by Vitezslav Kriz's avatar Vitezslav Kriz Committed by Jan Včelák

semcheck: doc

parent 215a2c76
MANPAGES_IN = man/knot.conf.5in man/knotc.8in man/knotd.8in man/kdig.1in man/khost.1in man/knsupdate.1in man/knot1to2.1in man/knsec3hash.1in man/keymgr.8in
MANPAGES_RST = reference.rst man_knotc.rst man_knotd.rst man_kdig.rst man_khost.rst man_knsupdate.rst man_knot1to2.rst man_knsec3hash.rst man_keymgr.rst
MANPAGES_IN = man/knot.conf.5in man/knotc.8in man/knotd.8in man/kdig.1in man/khost.1in man/knsupdate.1in man/knot1to2.1in man/knsec3hash.1in man/keymgr.8in man/kzonecheck.1in
MANPAGES_RST = reference.rst man_knotc.rst man_knotd.rst man_kdig.rst man_khost.rst man_knsupdate.rst man_knot1to2.rst man_knsec3hash.rst man_keymgr.rst man_kzonecheck.rst
EXTRA_DIST = \
conf.py \
......@@ -62,7 +62,7 @@ man_MANS += man/knot.conf.5 man/knotc.8 man/knotd.8
endif # HAVE_DAEMON
if HAVE_UTILS
man_MANS += man/kdig.1 man/khost.1 man/knsupdate.1 man/knot1to2.1 man/knsec3hash.1 man/keymgr.8
man_MANS += man/kdig.1 man/khost.1 man/knsupdate.1 man/knot1to2.1 man/knsec3hash.1 man/keymgr.8 man/kzonecheck.1
endif # HAVE_UTILS
man/knot.conf.5: man/knot.conf.5in
......@@ -74,6 +74,7 @@ man/knsupdate.1: man/knsupdate.1in
man/knot1to2.1: man/knot1to2.1in
man/knsec3hash.1: man/knsec3hash.1in
man/keymgr.8: man/keymgr.8in
man/kzonecheck.1: man/kzonecheck.1in
man_SUBST = $(AM_V_GEN)mkdir -p man; sed -e 's,[@]VERSION@,$(VERSION),' -e 's,[@]RELEASE_DATE@,$(RELEASE_DATE),' $< > $@
......
......@@ -228,6 +228,7 @@ man_pages = [
('man_knotd', 'knotd', 'Knot DNS server daemon', author, 8),
('man_knsec3hash', 'knsec3hash', "Simple utility to compute NSEC3 hash", author, 1),
('man_knsupdate', 'knsupdate', 'Dynamic DNS update utility', author, 1),
('man_kzonecheck', 'kzonecheck', 'Knot DNS zone check tool', author, 1),
]
# If true, show URL addresses after external links.
......
......@@ -623,12 +623,6 @@ Mandatory checks:
.IP \(bu 2
An extra record together with CNAME record (except for RRSIG and DS)
.IP \(bu 2
CNAME link chain length greater than 10 (including infinite cycles)
.IP \(bu 2
DNAME and CNAME records under the same owner (RFC 2672)
.IP \(bu 2
CNAME and DNAME wildcards pointing to themselves
.IP \(bu 2
SOA record missing in the zone (RFC 1034)
.IP \(bu 2
DNAME records having records under it (DNAME children) (RFC 2672)
......@@ -649,9 +643,6 @@ Multiple NSEC records at the same node
.IP \(bu 2
Missing NSEC records at authoritative nodes
.IP \(bu 2
Extra record types under the same name as NSEC3 record (this is RFC\-valid, but
Knot will not serve such a zone correctly)
.IP \(bu 2
NSEC3\-unsecured delegation that is not part of Opt\-out span
.IP \(bu 2
Wrong original TTL value in NSEC3 records
......@@ -662,8 +653,6 @@ Signer name in RRSIG RR not the same as in DNSKEY
.IP \(bu 2
Signed RRSIG
.IP \(bu 2
Not all RRs in the node are signed
.IP \(bu 2
Wrong key flags or wrong key in RRSIG record (not the same as ZSK)
.UNINDENT
.sp
......
.\" Man page generated from reStructuredText.
.
.TH "KZONECHECK" "1" "@RELEASE_DATE@" "@VERSION@" "Knot DNS"
.SH NAME
kzonecheck \- Knot DNS zone check tool
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.sp
\fBkzonecheck\fP [\fIoptions\fP] \fIzonefile\fP
.SH DESCRIPTION
.sp
This utility checks zone similar to knotc zonecheck, but without running server.
.SS Options
.INDENT 0.0
.TP
\fB\-o\fP, \fB\-\-origin\fP \fIorigin\fP
The zone origin. If not specified the name of file or name without .zone ending is assumed to be the origin.
.TP
\fB\-v\fP, \fB\-\-verbose\fP
Enable debug output.
.TP
\fB\-h\fP, \fB\-\-help\fP
Print the program help.
.TP
\fB\-V\fP, \fB\-\-version\fP
Print the program version.
.UNINDENT
.SH SEE ALSO
.sp
\fIknotc(8)\fP\&.
.SH AUTHOR
CZ.NIC Labs <http://www.knot-dns.cz>
.SH COPYRIGHT
Copyright 2010–2016, CZ.NIC, z.s.p.o.
.\" Generated by docutils manpage writer.
.
.. highlight:: console
kzonecheck – Knot DNS zone check tool
=====================================
Synopsis
--------
:program:`kzonecheck` [*options*] *zonefile*
Description
-----------
This utility checks zone similar to knotc zonecheck, but without running server.
Options
..........
**-o**, **--origin** *origin*
The zone origin. If not specified the name of file or name without .zone ending is assumed to be the origin.
**-v**, **--verbose**
Enable debug output.
**-h**, **--help**
Print the program help.
**-V**, **--version**
Print the program version.
See Also
--------
:manpage:`knotc(8)`.
......@@ -723,9 +723,6 @@ logged only.
Mandatory checks:
- An extra record together with CNAME record (except for RRSIG and DS)
- CNAME link chain length greater than 10 (including infinite cycles)
- DNAME and CNAME records under the same owner (RFC 2672)
- CNAME and DNAME wildcards pointing to themselves
- SOA record missing in the zone (RFC 1034)
- DNAME records having records under it (DNAME children) (RFC 2672)
......@@ -737,14 +734,11 @@ Extra checks:
- Wrong NSEC(3) type bitmap
- Multiple NSEC records at the same node
- Missing NSEC records at authoritative nodes
- Extra record types under the same name as NSEC3 record (this is RFC-valid, but
Knot will not serve such a zone correctly)
- NSEC3-unsecured delegation that is not part of Opt-out span
- Wrong original TTL value in NSEC3 records
- Wrong RDATA TTL value in RRSIG record
- Signer name in RRSIG RR not the same as in DNSKEY
- Signed RRSIG
- Not all RRs in the node are signed
- Wrong key flags or wrong key in RRSIG record (not the same as ZSK)
*Default:* off
......
......@@ -18,3 +18,4 @@ the server. This section collects manual pages for all provided binaries:
man_knotd
man_knsec3hash
man_knsupdate
man_kzonecheck
#
# This is a sample of a minimal configuration file for Knot DNS.
# For more details, see man 5 knot.conf or refer to the server documentation.
#
server:
rundir: .
log:
- target: log
any: warning
zone:
- domain: example.com
file: "example.com.zone"
storage: .
semantic-checks: true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment