NAMED-CHECKCONF(1) BIND 9 NAMED-CHECKCONF(1)
NAME
named-checkconf - named configuration file syntax checking tool
SYNOPSIS
named-checkconf [-achjklvz] [-p [-x ]] [-t directory] {filename}
DESCRIPTION
named-checkconf checks the syntax, but not the semantics, of a named <#
std-iscman-named> configuration file. The file, along with all files in-
cluded by it, is parsed and checked for syntax errors. If no file is
specified, /etc/bind/named.conf is read by default.
Note: files that named <#std-iscman-named> reads in separate parser con-
texts, such as rndc.conf or rndc.key, are not automatically read by
named-checkconf. Configuration errors in these files may cause named <#
std-iscman-named> to fail to run, even if named-checkconf was success-
ful. However, named-checkconf can be run on these files explicitly.
OPTIONS
-a Don't check the dnssec-policy's DNSSEC key algorithms against
those supported by the crypto provider. This is useful when
checking a named.conf intended to be run on another machine with
possibly a different set of supported DNSSEC key algorithms.
-h This option prints the usage summary and exits.
-j When loading a zonefile, this option instructs named <#
std-iscman-named> to read the journal if it exists.
-k Check the dnssec-policy's DNSSEC keys against the key files in
the key-directory. This is useful when checking a named.conf to
ensure a DNSSEC policy matches the existing keys.
-l This option lists all the configured zones. Each line of output
contains the zone name, class (e.g. IN), view, and type (e.g.
primary or secondary).
-c This option specifies that only the "core" configuration should
be checked. This suppresses the loading of plugin modules, and
causes all parameters to plugin statements to be ignored.
-i This option ignores warnings on deprecated options.
-p This option prints out the named.conf <#std-iscman-named.conf>
and included files in canonical form if no errors were detected.
See also the -x option.
-t directory
This option instructs named <#std-iscman-named> to chroot to di-
rectory, so that include directives in the configuration file are
processed as if run by a similarly chrooted named <#
std-iscman-named>.
-v This option prints the version of the named-checkconf program and
exits.
-x When printing the configuration files in canonical form, this op-
tion obscures shared secrets by replacing them with strings of
question marks (?). This allows the contents of named.conf <#
std-iscman-named.conf> and related files to be shared - for exam-
ple, when submitting bug reports - without compromising private
data. This option cannot be used without -p.
-z This option performs a test load of all zones of type primary
found in named.conf <#std-iscman-named.conf>.
filename
This indicates the name of the configuration file to be checked.
If not specified, it defaults to /etc/bind/named.conf.
RETURN VALUES
named-checkconf returns an exit status of 1 if errors were detected and
0 otherwise.
SEE ALSO
named(8) <#std-iscman-named>, named-checkzone(8) <#
std-iscman-named-checkzone>, BIND 9 Administrator Reference Manual.
Author
Internet Systems Consortium
Copyright
2026, Internet Systems Consortium
9.20.21-1~deb13u1-Debian 2026-03-13 NAMED-CHECKCONF(1)
Generated by dwww version 1.16 on Mon Mar 30 01:12:18 CEST 2026.