Scroll to navigation

NAMED-CHECKCONF(1) BIND 9 NAMED-CHECKCONF(1)

NAME

named-checkconf - named configuration file syntax checking tool

SYNOPSIS

named-checkconf [-achjklnvz] [-pe [-x ]] [-b] [-t directory] {filename}

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a named configuration file. The file, along with all files included by it, is parsed and checked for syntax errors. If no file is specified, /etc/bind/named.conf is read by default.

Note: files that named reads in separate parser contexts, such as rndc.conf or rndc.key, are not automatically read by named-checkconf. Configuration errors in these files may cause named to fail to run, even if named-checkconf was successful. However, named-checkconf can be run on these files explicitly.

OPTIONS

Don't check the dnssec-policy's DNSSEC key algorithms against those supported by the crypto provider. This is useful when checking a named.conf intended to be run on another machine with possibly a different set of supported DNSSEC key algorithms.

This option prints the built-in server confguration for named. See -e for more details.

Note that default settings may change between releases, so this information is only reliable if named-checkconf and named are from the same release.

When -b is in use, the other switches are ignored.


This option prints the effective server configuration that would result from named.conf and its included files, if no errors were detected, in canonical form.

The effective configuration is the result of loading a configuration file and applying it on top of the default settings for named. All configurable settings are included.

Note that default settings may change between releases, so the effective configuration generated by named-checkconf is only expected to be correct for the same version of named, built with the same compile-time options.

See also the -b, -x and -p options.


This option prints the usage summary and exits.

When loading a zonefile, this option instructs named to read the journal if it exists.

Check the dnssec-policy's DNSSEC keys against the key files in the key-directory. This is useful when checking a named.conf to ensure a DNSSEC policy matches the existing keys.

This option lists all the configured zones. Each line of output contains the zone name, class (e.g. IN), view, and type (e.g. primary or secondary).

This option specifies that only the "core" configuration should be checked. This suppresses the loading of plugin modules, and causes all parameters to plugin statements to be ignored.

This option ignores warnings on deprecated options.

Do not print errors when encountering options that are disabled in this build. This allows checking of configuration files for other builds, in which those options are enabled.

This option prints the contents of named.conf and all included files in canonical form, if no errors were detected. See also the -x and -e options.

This option instructs named to chroot to directory, so that include directives in the configuration file are processed as if run by a similarly chrooted named.

This option prints the version of the named-checkconf program and exits.

When printing the configuration files in canonical form, this option obscures shared secrets by replacing them with strings of question marks (?). This allows the contents of named.conf and related files to be shared - for example, when submitting bug reports - without compromising private data. This option cannot be used without -p.

This option performs a test load of all zones of type primary found in named.conf.

This indicates the name of the configuration file to be checked. If not specified, it defaults to /etc/bind/named.conf.

RETURN VALUES

named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.

SEE ALSO

named(8), named-checkzone(8), BIND 9 Administrator Reference Manual.

AUTHOR

Internet Systems Consortium

COPYRIGHT

2026, Internet Systems Consortium

2026-02-04 9.21.18