packages icon



 host(1)                                                             host(1)
                                   991527



 NAME
      host - query nameserver about domain names and zones

 SYNOPSIS
      host [-v] [-a] [-t querytype] [options]  name  [server]
      host [-v] [-a] [-t querytype] [options]  -l zone  [server]
      host [-v] [options] -H [-D] [-E] [-G] zone
      host [-v] [options] -C zone
      host [-v] [options] -A host

      host [options] -x [name ...]
      host [options] -X server [name ...]

 OPTION SYNTAX
      Besides the traditional short options (one letter with single dash,
      and an optional value as separate argument), there are now also long
      options in the format --keyword[=value].  Many (but not all) short
      options have a long equivalent.  There are several long options
      without a short equivalent.  The long options are not yet documented
      in this manual page, but a summary of the existing long options, and
      the mapping to their short alternative, is available via the command
      host --help.

 DESCRIPTION
      host looks for information about Internet hosts and domain names.  It
      gets this information from a set of interconnected servers that are
      spread across the world. The information is stored in the form of
      "resource records" belonging to hierarchically organized "zones".

      By default, the program simply converts between host names and
      Internet addresses. However, with the -t, -a and -v options, it can be
      used to find all of the information about domain names that is
      maintained by the domain nameserver system.  The information printed
      consists of various fields of the associated resource records that
      were retrieved.

      The arguments can be either host names (domain names) or numeric
      Internet addresses.

      A numeric Internet address consists of four decimal numbers separated
      by dots, e.g. 192.16.199.1, representing the four bytes of the 32-bit
      address.
      The default action is to look up the associated host name.

      A host name or domain name consists of component names (labels)
      separated by dots, e.g. nikhefh.nikhef.nl
      The default action is to look up all of its Internet addresses.

      For single names without a trailing dot, the local domain is
      automatically tacked on the end.  Thus a user in domain "nikhef.nl"
      can say "host nikhapo", and it will actually look up



                                    - 1 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      "nikhapo.nikhef.nl".  In all other cases, the name is tried unchanged.
      Single names with trailing dot are considered top-level domain
      specifications, e.g. "nl."

      Note that the usual lookup convention for any name that does not end
      with a trailing dot is to try first with the local domain appended,
      and possibly other search domains.  (As of BIND 4.9, names that have
      embedded dots but no trailing dot are first tried ``as is'' before
      appending search domains) This convention is not used by this program.

      The actual suffix to tack on the end is usually the local domain as
      specified in the /etc/resolv.conf file, but this can be overridden.
      See below for a description of how to customize the host name lookup.

 ARGUMENTS
      The first argument is normally the host name (domain name) for which
      you want to look up the requested information.  If the first argument
      is an Internet address, a query is done on the special "reverse
      mapping" domain to look up its associated host name.

      If the -l option is given, the first argument is a domain zone name
      for which a complete listing is given. The program enters a special
      zone listing mode which has several variants (see below).

      The second argument is optional. It allows you to specify a particular
      server to query.  If you don't specify this argument, default servers
      are used, as defined by the /etc/resolv.conf file.

    EXTENDED SYNTAX
      If the -x option is given, it extends the syntax in the sense that
      multiple arguments are allowed on the command line. An optional
      explicit server must now be specified using the -X option as it cannot
      be given as an ordinary argument any more. The -X option implies -x.

      The extended syntax allows no arguments at all, in which case the
      arguments will be read from standard input. This can be a pipe,
      redirection from a file, or an interactive terminal. Note that these
      arguments are the names to be queried, and not command options.
      Everything that appears after a '#' or ';' on an input line will be
      skipped. Multiple arguments per line are allowed.

    OPTIONS
      There are a number of options that can be used before the specified
      arguments.  Some of these options are meaningful only to the people
      who maintain the domain database zones.  The first options are the
      regularly used ones.

      -v  causes printout to be in a "verbose" format.  All resource record
          fields are printed.  Without this option, the ttl and class fields
          are not shown.  Also the contents of the "additional information"
          and "authority information" sections in the answer from the



                                    - 2 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



          nameserver are printed, if present.  Normally these sections are
          not shown.  In addition, the verbose option prints extra
          information about the various actions that are taken by the
          program.  Note that -vv is "very verbose". This generates a lot of
          output.

      -t querytype
          allows you to specify a particular type of resource record
          information to be looked up.  Supported types are listed below.
          The wildcard may be written as either ANY or *.  Types may be
          given in upper or lower case.  The default is type A for regular
          lookups, and A, NS, and PTR for zone listings.

      -a  is equivalent to -t ANY.  Note that this gives you "anything
          available" (currently cached) and not "all defined data" if a
          non-authoritative server is queried.

    SPECIAL MODES
      The following options put the program in a special mode.

      -l zone
          generates the listing of an entire zone.

          E.g. the command
               host -l nikhef.nl
          will give a listing of all hosts in the "nikhef.nl" zone.  The -t
          option is used to filter what information is extracted, as you
          would expect. The default is address information from A records,
          supplemented with data from PTR and NS records.

          The command
               host -Z -a -l nikhef.nl
          will give a complete download of the zone data for "nikhef.nl", in
          the official master file format.

      -H  can be specified instead of the -l option. It will print the count
          of the unique hostnames (names with an A record) encountered
          within the zone.  It will not count pseudo names like "localhost",
          nor addresses associated with the zone name itself. Neither are
          counted the "glue records" that are necessary to define
          nameservers for the zone and its delegated zones.

          By default, this option will not print any resource records.

          Combined with the -S option, it will give a complete statistics
          survey of the zone.

          The host count may be affected by duplicate hosts (see below).  To
          compute the most realistic value, subtract the duplicate host
          count from the total host count.




                                    - 3 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      -G  implies -H, but lists the names of gateway hosts.  These are the
          hosts that have more than one address.  Gateway hosts are not
          checked for duplicate addresses.

      -E  implies -H, but lists the names of extrazone hosts.  An extrazone
          host in zone "foo.bar" is of the form "host.xxx.foo.bar" where
          "xxx.foo.bar" is not defined as a delegated zone with an NS
          record.  This may be intentional, but also may be an error.

      -D  implies -H, but lists the names of duplicate hosts.  These are
          hosts with only one address, which is known to have been defined
          also for another host with a different name, possibly even in a
          different zone.  This may be intentional, but also may be an
          error.

      -C  can be specified instead of the -l option. It causes the SOA
          records for the specified zone to be compared as found at each of
          the authoritative nameservers for the zone (as listed in the NS
          records).  Nameserver recursion is turned off, and it will be
          checked whether the answers are really authoritative. If a server
          cannot provide an authoritative SOA record, a lame delegation of
          the zone to that server is reported.  Discrepancies between the
          records are reported. Various sanity checks are performed.

      -A  enters a special address check mode.

          If the first argument is a host name, its addresses will be
          retrieved, and for each of the addresses it will be checked
          whether they map back to the given host.

          If the first argument is a dotted quad Internet address, its name
          will be retrieved, and it will be checked whether the given
          address is listed among the known addresses belonging to that
          host.

          If the -A flag is specified along with any zone listing option, a
          reverse lookup of the address in each encountered A record is
          performed, and it is checked whether it is registered and maps
          back to the name of the A record.  This applies to forward zones.
          For reverse in-addr.arpa zones, it is checked whether the target
          in PTR records maps to a canonical host name.

    LISTING OPTIONS
      The following options apply only to the special zone listing modes.

      -L level
          Recursively generate zone listings up to this level deep.  Level 1
          traverses the parent zone and all of its delegated zones.  Each
          additional level descends into another layer of delegated zones.





                                    - 4 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      -S  prints statistics about the various types of resource records
          found during zone listings, the number of various host
          classifications, the number of delegated zones, and some total
          statistics after recursive listings.

      -p  causes only the primary nameserver of a zone to be contacted for
          zone transfers during zone listings. Normally, zone transfers are
          obtained from any one of the authoritative servers that responds.
          The primary nameserver is obtained from the SOA record of the
          zone.  If a specific server is given on the command line, this
          option will query that server for the desired nameservers of the
          zone. This can be used for testing purposes in case the zone has
          not been registered yet.

      -P prefserver
          gives priority for zone transfers to preferred servers residing in
          domains given by the comma-separated list prefserver. The more
          domain component labels match, the higher the priority.  If this
          option is not present, priority is given to servers within your
          own domain or parent domains.  The order in which NS records are
          issued may be unfavorable if they are subject to BIND 4.9 round-
          robin reshuffling.

      -N skipzone
          prohibits zone transfers for the zones given by the comma-
          separated list skipzone. This may be used during recursive zone
          listings when certain zones are known to contain bogus information
          which should be excluded from further processing.

    COMMON OPTIONS
      The following options can be used in both normal mode and domain
      listing mode.

      -d  turns on debugging.  Nameserver transactions are shown in detail.
          Note that -dd prints even more debugging output.

      -f filename
          writes the resource record output to the given logfile as well as
          to standard output.

      -F filename
          same as -f, but exchange the role of stdout and logfile.  All
          stdout output (including verbose and debug printout) goes to the
          logfile, and stdout gets only the extra resource record output (so
          that it can be used in pipes).

      -I chars
          suppresses warning messages about illegal domain names containing
          invalid characters, by specifying such characters in the string
          chars. The underscore is a good candidate.




                                    - 5 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      -i  constructs a query for the "reverse mapping" in-addr.arpa domain
          in case a numeric (dotted quad) address was specified.  Useful
          primarily for zone listing mode, since for numeric regular lookups
          such query is done anyway (but with -i you see the actual PTR
          resource record outcome).

      -n  constructs a query for the "reverse mapping" nsap.int domain in
          case an nsap address was specified.  This can be used to look up
          the names associated with nsap addresses, or to list reverse nsap
          zones.  An nsap address consists of an even number of hexadecimal
          digits, with a maximum of 40, optionally separated by interspersed
          dots.  An optional prefix "0x" is skipped.  If this option is
          used, all reverse nsap.int names are by default printed in forward
          notation, only to improve readability.  The -Z option forces the
          output to be in the official zone file format.

      -q  be quiet and suppress various warning messages (the ones preceded
          by " !!! ").  Serious error messages (preceded by " *** ") are
          never suppressed.

      -Q  selects quick mode, in which several potentially time consuming
          special checks are not carried out, and statistics gathering is
          skipped if not explicitly selected.

      -T  prints the time-to-live values during non-verbose output.  By
          default the ttl is shown only in verbose mode.

      -Z  prints the selected resource record output in full zone file
          format, including trailing dot in domain names, plus ttl value and
          class name.

    OTHER OPTIONS
      The following options are used only in special circumstances.

      -c class
          allows you to specify a particular resource record class.
          Supported are IN, INTERNET, CS, CSNET, CH, CHAOS, HS, HESIOD, and
          the wildcard ANY or *.  The default class is IN.

      -e  excludes information about names that are not residing within the
          given zone during zone listings, such as some glue records.  For
          regular queries, it suppresses the printing of the "additional
          information" and "authority information" sections in the answer
          from the nameserver.

      -m  is equivalent to -t MAILB, which filters any of types MB, MR, MG,
          or MINFO.  In addition, MR and MG records will be recursively
          expanded into MB records.

      -o  suppresses the resource record output to stdout. Can be used in
          combination with the -f option to separate the resource record



                                    - 6 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



          output from verbose and debug comments and error messages.

      -r  causes nameserver recursion to be turned off in the request.  This
          means that the contacted nameserver will return only data it has
          currently cached in its own database.  It will not ask other
          servers to retrieve the information.  Note that nameserver
          recursion is always turned off when checking SOA records using the
          -C option. Authoritative servers should have all relevant
          information available.

      -R  Normally querynames are assumed to be fully qualified and are
          tried as such, unless it is a single name, which is always tried
          (and only once) in the default domain.  This option simulates the
          default BIND behavior by qualifying any specified name by
          repeatedly adding search domains, with the exception that the
          search terminates immediately if the name exists but does not have
          the desired querytype.  The default search domains are constructed
          from the default domain by repeatedly peeling off the first
          component, until a final domain with only one dot remains.

      -s seconds
          specifies a new nameserver timeout value. The program will wait
          for a nameserver reply in two attempts of this number of seconds.
          Normally it does 2 attempts of 5 seconds per nameserver address
          tried.  The actual timeout algorithm is slightly more complicated,
          extending the timeout value dynamically depending on the number of
          tries and the number of nameserver addresses.

      -u  forces the use of virtual circuits (TCP) instead of datagrams
          (UDP) when issuing nameserver queries. This is slower, but
          potentially more reliable.  Note that a virtual circuit is
          automatically chosen in case a query exceeds the maximum datagram
          packet size. Also if a datagram answer turns out to be truncated,
          the query is retried using virtual circuit.  A zone transfer is
          always done via a virtual circuit.

      -w  causes the program to retry forever if the response to a regular
          query times out. Normally it will time out after some 10 seconds
          per nameserver address tried.

      -V  prints just the version number of the host program, and exits.

    SPECIAL OPTIONS
      The following options are used only in special circumstances.

      -O srcaddr
          Define an explicit source IP address for sending nameserver
          queries.  This may be necessary for multi-homed hosts with
          asymmetric routing policy.





                                    - 7 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      -j minport -J maxport
          Define a range of explicit port numbers to be assigned to the
          source IP address of the client socket for sending the nameserver
          queries and receiving the replies. Normally the kernel chooses a
          random free port number. This may be an inappropriate number if
          you are behind a firewall that filters random port numbers on
          incoming traffic.
          If only one of -j or -J is given, a single explicit port number is
          defined. This is ok for UDP queries, but may not be sufficient for
          TCP queries.

    DEFAULT OPTIONS
      Default options and parameters can be preset in an environment
      variable HOST_DEFAULTS using the same syntax as on the command line.
      They will be evaluated before the command line arguments.

 QUERYTYPES
      The following querytypes (resource record types) are supported.
      Indicated within parentheses are the various kinds of data fields.

      A         Host address (dotted quad)

      NS        Authoritative nameserver (domain name)

      MD        Mail destination (domain name)

      MF        Mail forwarder (domain name)

      CNAME     Canonical name for an alias (domain name)

      SOA       Marks the start of a zone of authority (domain name of
                primary, domain name of hostmaster, serial, refresh, retry,
                expiration, default ttl)

      MB        Mailbox domain name (domain name)

      MG        Mail group member (domain name)

      MR        Mail rename domain name (domain name)

      NULL      Null resource record (no format or data)

      WKS       Well-known service description (dotted quad, protocol name,
                list of services)

      PTR       Domain name pointer (domain name)

      HINFO     Host information (CPU type string, OS type string)

      MINFO     Mailbox or mail list information (request domain name, error
                domain name)



                                    - 8 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      MX        Mail exchanger (preference value, domain name)

      TXT       Descriptive text (one or more strings)

      UINFO     User information (string)

      UID       User identification (number)

      GID       Group identification (number)

      UNSPEC    Unspecified binary data (data)

      ANY       Matches information of any type available.

      MAILB     Matches any of types MB, MR, MG, or MINFO.

      MAILA     Matches any of types MD, or MF.

      The following types have been defined in RFC 1183, but are not yet in
      general use. They are recognized by this program.

      RP        Responsible person (domain name for MB, domain name for TXT)

      AFSDB     AFS database location (type, domain name)

      X25       X25 address (address string)

      ISDN      ISDN address (address string, optional subaddress string)

      RT        Route through host (preference value, domain name)

      The following types have been defined in RFC 1348, but are not yet in
      general use. They are recognized by this program.  RFC 1348 has
      already been obsoleted by RFC 1637 and RFC 1706, which defines a new
      experimental usage of NSAP records.  This program has now hooks to
      manipulate them.

      NSAP      NSAP address (encoded address)

      NSAP-PTR  NSAP pointer (domain name)

      The following are new types as per RFC 1664 and RFC 1712.  Note that
      the GPOS type has been withdrawn already, and has been superseded by
      the LOC type.

      PX        X400 to RFC822 mapping (preference value, rfc822 domain,
                x400 domain)

      GPOS      Geographical position (longitude string, latitude string,
                altitude string)




                                    - 9 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      The following types have been reserved in RFC 1700, and are defined in
      RFC 2065 and revised per RFC 2035.

      SIG       Security signature

      KEY       Security key

      NXT       Next valid record

      The IP v6 address architecture and DNS extensions are defined in RFC
      1884 and RFC 1886.

      AAAA      IP v6 address (address spec with colons)

      The following type is documented in RFC 1876.

      LOC       Geographical location (latitude, longitude, altitude,
                precision)

      The following types have been proposed, but are still in draft.

      EID       Endpoint identifier

      NIMLOC    Nimrod locator

      ATMA      ATM address

      The following type is defined per RFC 2168.

      NAPTR     Naming authority URN

      The following type is proposed in RFC 2052, updated by RFC 2782.

      SRV       Internet service information

      The following type is proposed in RFC 2230.

      KX        Key exchanger (preference value, domain name)

      The following type is defined in RFC 2538.

      CERT

      The following types have been proposed, but are still in draft.

      A6

      DNAME

      SINK




                                   - 10 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      The following type is defined in RFC 2671.

      OPT

 EXAMPLES
      A very good summary and validation of an entire zone can be obtained
      with the following command:

           host -G -S -C -A -L 1 zone


 DIAGNOSTICS
    FAILURE MESSAGES
      The following messages are printed to show the reason of failure for a
      particular query. The name of an explicit server, if specified, may be
      included. If a special class was requested, it is also shown.

      Nameserver [server] not running
          The contacted server host does not have a nameserver running.

      Nameserver [server] not responding
          The nameserver at the contacted server host did not give a reply
          within the specified time frame.

      Nameserver [server] not reachable
          The network route to the intended server host is blocked.

      name does not exist [at server] (Authoritative answer)
          The queryname does definitely not exist at all.

      name does not exist [at server], try again
          The queryname does not exist, but the answer was not
          authoritative, so it is still undecided.

      name has no type record [at server] (Authoritative answer)
          The queryname is valid, but the specified type does not exist.
          This status is here returned only in case authoritative.

      name type record currently not present [at server]
          The specified type does not exist, but we don't know whether the
          queryname is valid or not. The answer was not authoritative.
          Perhaps recursion was off, and no data was cached locally.

      name type record not found [at server], try again
          Some intermediate failure, e.g. timeout reaching a nameserver.

      name type record not found [at server], server failure
          Some explicit nameserver failure to process the query, due to
          internal or forwarding errors. This may also be returned if the
          zone data has expired at a secondary server, of when the server is
          not authoritative for some class.



                                   - 11 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      name type record not found [at server], no recovery
          Some irrecoverable format error, or server refusal.

      name type record query refused [by server]
          The contacted nameserver explicitly refused to answer the query.
          Some nameservers are configured to refuse zone transfer requests
          that come from arbitrary clients.

      name type record not found [at server]
          The exact reason for failure could not be determined.  (This
          should not happen).

      zone has lame delegation to server
          If we query a supposedly authoritative nameserver for the SOA
          record of a zone, the information should be available and the
          answer should be authoritative. If not, a lame delegation is
          flagged. This is also done if the server turns out not to exist at
          all. Ditto if we ask for a zone transfer and the server cannot
          provide it.

      No nameservers for zone found
          It was not possible to retrieve the name of any nameserver for the
          desired zone, in order to do a zone transfer.

      No addresses of nameservers for zone found
          We got some nameserver names, but it was not possible to retrieve
          addresses for any of them.

      No nameservers for zone responded
          When trying all nameservers in succession to do a zone transfer,
          none of them were able or willing to provide it.

    WARNING AND ERROR MESSAGES
      Miscellaneous warning messages may be generated.  They are preceded by
      " !!! " and indicate some non-fatal condition, usually during the
      interpretation of the retrieved data.  These messages can be
      suppressed with the -q command line option.

      Error messages are preceded by " *** " and indicate a serious problem,
      such as format errors in the answers to queries, but also major
      violations of the specifications.  Those messages cannot be
      suppressed.

      zone has only one nameserver server
          When retrieving the nameservers for a zone, it appears that only
          one single nameserver exists.  This is against the
          recommendations.

      zone nameserver server is not canonical (realserver)
          When retrieving the nameservers for a zone, the name of the
          specified server appears not to be canonical. This may cause



                                   - 12 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



          serious operational problems. The canonical name is given between
          parentheses.

      empty zone transfer for zone from server
          The zone transfer from the specified server contained no data,
          perhaps only the SOA record. This could happen if we query the
          victim of a lame delegation which happens to have the SOA record
          in its cache.

      extraneous NS record for name within zone from server
          During a zone transfer, an NS record appears for a name which is
          not a delegated subzone of the current zone.

      extraneous SOA record for name within zone from server
          During a zone transfer, an SOA record appears for a name which is
          not the name of the current zone.

      extraneous glue record for name within zone from server
          During a zone transfer, a glue record is included for a name which
          is not part of the zone or its delegated subzones. This is done in
          some older versions of BIND. It is undesirable since
          unauthoritative, or even incorrect, information may be propagated.

      incomplete type record for name
          When decoding the resource record data from the answer to a query,
          not all required data fields were present. This is frequently the
          case for HINFO records of which only one of the two data field is
          encoded.

      name has both NS and A records within zone from server
          An A record has been defined for the delegated zone name. This is
          signalled only during the transfer of the parent zone. It is not
          an error, but the overall hostcount may be wrong, since the A
          record is counted as a host in the parent zone. This A record is
          not included in the hostcount of the delegated zone.

      name type record has zero ttl
          Resource records with a zero ttl value are special. They are not
          cached after retrieval from an authoritative nameserver.

      name type records have different ttl within zone from server
          Resource records of the same name/type/class should have the same
          ttl value in zone listings. This is sometimes not the case, due to
          the independent definition of glue records or other information in
          the parent zone, which is not kept in sync with the definition in
          the delegated zone.

      name type record has illegal name
          The name of an A or MX record contains invalid characters.  Only
          alphanumeric characters and hyphen '-' are valid in components
          (labels) between dots.



                                   - 13 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      name type host server has illegal name
          The name of an NS or MX target host contains invalid characters.
          Only alphanumeric characters and hyphen '-' are valid in
          components (labels) between dots.

      name type host server does not exist
          The NS or MX target host server does not exist at all.  In case of
          NS, a lame delegation of name to server is flagged.  It also
          applies to the PTR target host in reverse zones.

      name type host server has no A record
          The NS or MX target host server has no address.  In case of NS, a
          lame delegation of name to server is flagged.  It also applies to
          the PTR target host in reverse zones.

      name type host server is not canonical
          The NS or MX target host server is not a canonical name.  This may
          cause serious operational problems during domain data retrieval,
          or electronic mail delivery.  It also applies to the PTR target
          host in reverse zones.

      name type target domain does not exist
          The CNAME target domain does not exist at all.

      name type target domain has no ANY record
          The CNAME target domain does not seem to have any associated
          resource record, although the name seems to exist.

      name address A.B.C.D is not registered
          The reverse lookup of the address of an A record failed in an
          authoritative fashion. It was not present in the corresponding
          in-addr.arpa zone.

      name address A.B.C.D maps to realname
          The reverse lookup of the address of an A record succeeded, but it
          did not map back to the name of the A record.  There may be A
          records with different names for the same address.  In the reverse
          in-addr.arpa zone there is usually only one PTR to the
          ``official'' host name.

      name address A.B.C.D maps to alias aliasname
          In case of multiple PTR records, the first one encountered points
          to the ``official'' host name. Subsequent ones are returned as
          alias names via gethostbyaddr() as of BIND 4.9. Note that PTR
          records are exempt from round-robin reshuffling.

      zone SOA record at server is not authoritative
          When checking the SOA for a zone at one of its supposedly
          authoritative nameservers, the SOA information turns out to be not
          authoritative.  This could be determined by making a query without
          nameserver recursion turned on.



                                   - 14 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      zone SOA primary server is not advertised via NS
          The primary nameserver is not among the list of nameservers
          retrieved via NS records for the zone.  This is not an error per
          se, since only publicly accessible nameservers may be advertised,
          and others may be behind a firewall.

      zone SOA primary server has illegal name
          The name of the primary nameserver contains invalid characters.

      zone SOA hostmaster mailbox has illegal mailbox
          The name of the hostmaster mailbox contains invalid characters.  A
          common mistake is to use an RFC822 email address with a ``@'',
          whereas the at-sign should have been replaced with a dot.

      zone SOA serial has high bit set
          Although the serial number is an unsigned 32-bit value, overflow
          into the high bit can inadvertently occur by making inappropriate
          use of the dotted decimal notation in the zone file. This may lead
          to synchronization failures between primary and secondary servers.

      zone SOA retry exceeds refresh
          A failing refresh would be retried after it is time for the next
          refresh.

      zone SOA refresh+retry exceeds expire
          The retry after a failing refresh would be done after the data has
          already expired.

      zone SOA expire is less than 1 week
          The authoritative data at secondary servers expires after only one
          week of failing refresh attempts. This is probably a little too
          early under normal circumstances.

      zone SOA expire is more than 6 months
          Secondary servers will retry failing refresh attempts for a period
          of more than 6 months before their authoritative data expires.  As
          BIND 8 concludes: war must have broken out.

      server1 and server2 have different primary for zone
          If the SOA record is different, the zone data is probably
          different as well. What you get depends on which server you happen
          to query.

      server1 and server2 have different hostmaster for zone
          If the SOA record is different, the zone data is probably
          different as well. What you get depends on which server you happen
          to query.

      server1 and server2 have different serial for zone
          This is usually not an error, but happens during the period after
          the primary server has updated its zone data, but before a



                                   - 15 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



          secondary performed a refresh. Nevertheless there could be an
          error if a mistake has been made in properly adapting the serial
          number.

      server1 and server2 have different refresh for zone
          If the SOA record is different, the zone data is probably
          different as well. What you get depends on which server you happen
          to query.

      server1 and server2 have different retry for zone
          If the SOA record is different, the zone data is probably
          different as well. What you get depends on which server you happen
          to query.

      server1 and server2 have different expire for zone
          If the SOA record is different, the zone data is probably
          different as well. What you get depends on which server you happen
          to query.

      server1 and server2 have different defttl for zone
          If the SOA record is different, the zone data is probably
          different as well. What you get depends on which server you happen
          to query.

 EXIT STATUS
      The program returns a zero exit status if the requested information
      could be retrieved successfully, or in case zone listings or SOA
      checks were performed without any serious error.  Otherwise it returns
      a non-zero exit status.

 ENVIRONMENT
    CUSTOMIZING HOST NAME LOOKUP
      In general, if the name supplied by the user does not have any dots in
      it, a default domain is appended to the end. This domain is usually
      defined in the /etc/resolv.conf file. If not, it is derived by taking
      the local hostname and taking everything after its first dot.

      The user can override this, and specify a different default domain, by
      defining it in the environment variable LOCALDOMAIN.

      In addition, the user can supply his own single-word abbreviations for
      host names. They should be in a file consisting of one line per
      abbreviation. Each line contains an abbreviation, white space, and
      then the fully qualified host name. The name of this file must be
      specified in the environment variable HOSTALIASES.

 SPECIAL CONSIDERATIONS
      The complete set of resource record information for a domain name is
      available from an authoritative nameserver only. Therefore, if you
      query another server with the "-a" option, only a subset of the data
      may be presented, since this option asks for any data that the latter



                                   - 16 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      server currently knows about, not all data that may possibly exist.
      Note that the "-v" option shows whether an answer is authoritative or
      not.

      When listing a zone with the "-l" option, information will be fetched
      from authoritative nameservers for that zone. This is implemented by
      doing a complete zone transfer and then filtering out the information
      that you have asked for.  Note that direct contact with such
      nameservers must be possible for this option to work.  This option
      should be used with caution. Servers may be configured to refuse zone
      transfers if they are flooded with requests.

 RELATED DOCUMENTATION
      rfc819, Domain naming convention for internet applications
      rfc883, Domain names - implementation and specification
      rfc920, Domain requirements
      rfc952, DOD Internet host table specification
      rfc974, Mail routing and the domain system
      rfc1032, Domain administrators guide
      rfc1033, Domain administrators operations guide
      rfc1034, Domain names - concepts and facilities
      rfc1035, Domain names - implementation and specification
      rfc1101, DNS encoding of network names and other types
      rfc1122, Requirements for Internet hosts - comm. layers
      rfc1123, Requirements for Internet hosts - application
      rfc1183, New DNS RR definitions
      rfc1348, DNS NSAP RRs
      rfc1535, A security problem and proposed correction
      rfc1536, Common DNS implementation errors
      rfc1537, Common DNS data file configuration errors
      rfc1591, Domain Name System structure and delegation
      rfc1597, Address allocation for private internets
      rfc1627, Network 10 considered harmful
      rfc1637, DNS NSAP resource records
      rfc1664, Using DNS to distribute X.400 address mappings
      rfc1700, Assigned numbers
      rfc1706, DNS NSAP resource records
      rfc1712, DNS encoding of geographical location (GPOS)
      rfc1713, Tools for DNS debugging
      rfc1794, DNS support for load balancing
      rfc1876, Expressing location information in the DNS (LOC)
      rfc1884, IP v6 addressing architecture
      rfc1886, DNS extensions to support IP v6 (AAAA)
      rfc1912, Common DNS operational and configuration errors
      rfc1982, Serial number arithmetic
      rfc1995, Incremental zone transfer in DNS (IXFR)
      rfc1996, Prompt notification of zone changes
      rfc2010, Operational criteria for root nameservers
      rfc2052, Specification of location of services (SRV)
      rfc2065, DNS security extensions (KEY/SIG/NXT)
      rfc2136, Dynamic updates in the DNS



                                   - 17 -          Formatted:  June 30, 2022






 host(1)                                                             host(1)
                                   991527



      rfc2137, Secure DNS dynamic update
      rfc2163, Using DNS to distribute global address mapping (PX)
      rfc2168, Resolution of Uniform Resource Identifiers (NAPTR)
      rfc2181, Clarifications to the DNS specification
      rfc2230, Key exchange delegation record for the DNS (KX)
      rfc2308, Negative cacheing of DNS queries
      rfc2317, Classless in-addr.arpa delegation
      rfc2535, DNS security extensions (KEY/SIG/NXT)
      rfc2538, Storing certificates in the DNS (CERT)
      rfc2541, DNS security operational considerations
      rfc2671, Extension mechanisms for DNS (OPT)
      rfc2782, Specifying the location of services (SRV)

 AUTHOR
      This program is originally from Rutgers University.
      Rewritten by Eric Wassenaar, NIKHEF, <e07@nikhef.nl>

 SEE ALSO
      named(8), resolv.conf(5), resolver(3)



































                                   - 18 -          Formatted:  June 30, 2022