packages icon

 nslint(8)                                                         nslint(8)
                                 2 May 2002

      nslint - perform consistency checks on dns files

      nslint [ -d ] [ -c named.conf ] [ -C nslint.conf ]
      nslint [ -d ] [ -b named.boot ] [ -B nslint.boot ]

      Nslint reads the nameserver configuration files and performs a number
      of consistency checks on the dns records. If any problems are
      discovered, error messages are displayed on stderr and nslint exits
      with a non-zero status.  Here is a partial list of errors nslint

           Records that are malformed.

           Names that contain dots but are missing a trailing dot.

           PTR records with names that are missing a trailing dot.

           Names that contain illegal characters (rfc1034).

           A records without matching PTR records

           PTR records without matching A records

           Names with more than one address on the same subnet.

           Addresses in use by more than one name.

           Names with CNAME and other records (rfc1033).

           Unknown service and/or protocol keywords in WKS records.

           Missing semicolons and quotes.

      -b   Specify an alternate named.boot file. The default is

      -c   Specify an alternate named.conf file. The default is

      -B   Specify an alternate nslint.boot file. The default is nslint.boot
           in the last directory line processed in named.boot (or the
           current working directory).  This file is processed like a second
           named.boot.  The most common use is to tell nslint about A
           records that match PTR records that point outside the domains
           listed in named.boot.

                                    - 1 -     Formatted:  September 23, 2020

 nslint(8)                                                         nslint(8)
                                 2 May 2002

      -C   Specify an alternate nslint.conf file. The default is nslint.conf
           in the last directory line processed in named.conf (or the
           current working directory).  This file is processed like a second

      -d   Raise the debugging level. Debugging information is displayed on
           stdout.  Nslint knows how to read BIND 8 and 9's named.conf
           configuration file and also older BIND's named.boot file. If both
           files exist, nslint will prefer named.conf (on the theory that
           you forgot to delete named.boot when you upgraded BIND).

      There are some cases where it is necessary to use the advanced
      configuration features of nslint.  Advanced configuration is done with
      the nslint.conf file. (You can also use nslint.boot which has a syntax
      similar to named.boot but is not described here.) The most common is
      when a site has a demilitarized zone (DMZ).  The problem here is that
      the DMZ network will have PTR records for hosts outside its domain.
      For example lets say we have 128.0.rev with:

           1.1     604800  in      ptr
           2.1     604800  in      ptr
      Obviously we will define an A record for pointing to but we will get errors because there is no A record defined
      for  The solution is to create a nslint.conf file (in
      the same directory as the other dns files) with:

           zone "" {
                type master;
                file "";
      And then create the file with:

           gateway 1       in      a
      Another problem occurs when there is a CNAME that points to a host
      outside the local domains. Let's say we have pointing to

           info    604800  in      cname
      In this case we would need:

           zone "" {
                type master;
                file "";
      in nslint.boot and:

           larry   1       in      txt     "place holder"  One last problem when a pseudo host is setup to allow
      two more more actual hosts provide a service. For, let's say that contains:

                                    - 2 -     Formatted:  September 23, 2020

 nslint(8)                                                         nslint(8)
                                 2 May 2002

           server  604800  in      a
           server  604800  in      a
           tom     604800  in      a
           tom     604800  in      mx 0
           jerry   604800  in      a
           jerry   604800  in      mx 0

      In this case nslint would complain about missing PTR records and ip
      addresses in use by more than one host.  To suppress these warnings,
      add you would the lines:
           zone "" {
                type master;
                file "";
           zone "" {
                type master;
                file "nslint.128.0.rev";

      to nslint.conf and create with:
           server  1       in      allowdupa
           server  1       in      allowdupa

      and create nslint.128.0.rev with:
           6.6     604800  in      ptr
           94.6    604800  in      ptr

      In this example, the allowdupa keyword tells nslint that it's ok for and to be shared by,,
      and  Another nslint feature helps detect hosts that
      have mistakenly had two ip addresses assigned on the same subnet. This
      can happen when two different people request an ip address for the
      same hostname or when someone forgets an address has been assigned and
      requests a new number.  To detect such A records, add a nslint section
      to your nslint.conf containing something similar to:
           nslint {
                network "128.0.6/22";

           nslint {
                network "128.0.6";

      These two examples are are equivalent ways of saying the same thing;
      that subnet 128.0.6 has a 22 bit wide subnet mask.  Using information
      from the above network statement, nslint would would flag the
      following A records as being in error:
           server  1       in      a

                                    - 3 -     Formatted:  September 23, 2020

 nslint(8)                                                         nslint(8)
                                 2 May 2002

           server  1       in      a

      Note that if you specify any network lines in your nslint.conf file,
      nslint requires you to include lines for all networks; otherwise you
      might forget to add network lines for new networks.  Sometimes you
      have a zone that nslint just can't deal with. A good example is a
      dynamic dns zone. To handle this, you can add the following to
           nslint {
                ignorezone "";

      This will suppress "name referenced without other records" warnings.

      /etc/named.conf - default named configuration file
      /etc/named.boot - old style named configuration file
      nslint.conf - default nslint configuration file
      nslint.boot - old style nslint configuration file

      named(8), rfc1033, rfc1034

      Craig Leres of the Lawrence Berkeley National  Laboratory,  University
      of  California,  Berkeley,  CA.   The current version is available via
      anonymous ftp:

      Please  send  bug  reports  to   Not  everyone  is
      guaranteed to agree with all the checks done.

                                    - 4 -     Formatted:  September 23, 2020