netbsd: bind 4.9.3

1 files changed, 781 insertions, 0 deletions

diff --git a/usr.sbin/named/man/host.1 b/usr.sbin/named/man/host.1
new file mode 100644
index 00000000000..656ea50a355
--- /dev/null
+++ b/usr.sbin/named/man/host.1
@@ -0,0 +1,781 @@
+.\"
+.\"	@(#)host.1              e07@nikhef.nl (Eric Wassenaar) 951024
+.\"
+.TH host 1 "951024"
+.SH NAME
+host \- query nameserver about domain names and zones
+.SH SYNOPSIS 
+.na
+.nf
+\fBhost\fP [\fB\-v\fP] [\fB\-a\fP] [\fB\-t\fP \fIquerytype\fP] [\fIoptions\fP]  \fIname\fP  [\fIserver\fP] 
+.br
+\fBhost\fP [\fB\-v\fP] [\fB\-a\fP] [\fB\-t\fP \fIquerytype\fP] [\fIoptions\fP]  \fB\-l\fP \fIzone\fP  [\fIserver\fP] 
+.br
+\fBhost\fP [\fB\-v\fP] [\fIoptions\fP] \fB\-H\fP [\fB\-D\fP] [\fB\-E\fP] [\fB\-G\fP] \fIzone\fP
+.br
+\fBhost\fP [\fB\-v\fP] [\fIoptions\fP] \fB\-C\fP \fIzone\fP
+.br
+\fBhost\fP [\fB\-v\fP] [\fIoptions\fP] \fB\-A\fP \fIhost\fP
+.sp
+\fBhost\fP [\fIoptions\fP] \fB\-x\fP [\fIname\fP ...]
+.br
+\fBhost\fP [\fIoptions\fP] \fB\-X\fP \fIserver\fP [\fIname\fP ...]
+.SH DESCRIPTION 
+.I host
+looks for information about Internet hosts and domain names.
+It gets this information from a set of interconnected servers
+that are spread across the world. The information is stored
+in the form of "resource records" belonging to hierarchically
+organized "zones".
+.PP
+By default, the program simply converts between host names and Internet
+addresses. However, with the \fB\-t\fP, \fB\-a\fP and \fB\-v\fP
+options, it can be used to find all of the information about
+domain names that is maintained by the domain nameserver system.
+The information printed consists of various fields of the
+associated resource records that were retrieved.
+.PP
+The arguments can be either host names (domain names) or numeric
+Internet addresses.
+.PP
+A numeric Internet address consists of four decimal numbers
+separated by dots, e.g. \fB192.16.199.1\fP, representing the
+four bytes of the 32-bit address.
+.br
+The default action is to look up the associated host name.
+.PP
+A host name or domain name consists of component names (labels)
+separated by dots, e.g. \fBnikhefh.nikhef.nl\fP
+.br
+The default action is to look up all of its Internet addresses.
+.PP
+For single names without a trailing dot, the local domain is
+automatically tacked on the end.
+Thus a user in domain "nikhef.nl" can say "host nikhapo",
+and it will actually look up "nikhapo.nikhef.nl".
+In all other cases, the name is tried unchanged.
+Single names with trailing dot are considered top-level domain
+specifications, e.g. "nl."
+.PP
+Note that the usual lookup convention for any name that does not end
+with a trailing dot is to try first with the local domain appended,
+and possibly other search domains.
+This convention is not used by this program.
+.PP
+The actual suffix to tack on the end is usually the local domain
+as specified in the \fB/etc/resolv.conf\fP file, but this can be
+overridden.
+See below for a description of how to customize the host name lookup.
+.SH ARGUMENTS
+The first argument is normally the host name (domain name) for which
+you want to look up the requested information.
+If the first argument is an Internet address, a query is done on the
+special "reverse mapping" domain to look up its associated host name.
+.PP
+If the \fB\-l\fP option is given, the first argument is a domain zone
+name for which a complete listing is given. The program enters a
+special zone listing mode which has several variants (see below).
+.PP
+The second argument is optional. It allows you to specify a particular
+server to query.  If you don't specify this argument, default servers
+are used, as defined by the \fB/etc/resolv.conf\fP file.
+.SH EXTENDED SYNTAX
+If the \fB\-x\fP option is given, it extends the syntax in the sense
+that multiple arguments are allowed on the command line. An optional
+explicit server must now be specified using the \fB\-X\fP option as it
+cannot be given as an ordinary argument any more. The \fB\-X\fP
+option implies \fB\-x\fP.
+.sp
+The extended syntax allows no arguments at all, in which case the
+arguments will be read from standard input. This can be a pipe,
+redirection from a file, or an interactive terminal. Note that
+these arguments are the names to be queried, and not command options.
+Everything that appears after a '#' or ';' on an input line will be
+skipped. Multiple arguments per line are allowed.
+.SH OPTIONS
+There are a number of options that can be used before the specified
+arguments.  Some of these options are meaningful only to the people
+who maintain the domain database zones.
+The first options are the regularly used ones.
+.TP 4
+.B \-v
+causes printout to be in a "verbose" format.
+All resource record fields are printed.
+Without this option, the ttl and class fields are not shown.
+Also the contents of the "additional information" and "authoritative
+nameservers" sections in the answer from the nameserver are printed,
+if present.  Normally these sections are not shown.
+In addition, the verbose option prints extra information about the
+various actions that are taken by the program.
+Note that \fB\-vv\fP is "very verbose". This generates a lot of output.
+.TP
+.BI \-t " querytype"
+allows you to specify a particular type of resource record information
+to be looked up.  Supported types are listed below.
+The wildcard may be written as either \fBANY\fP or \fB*\fP.
+Types may be given in upper or lower case.
+The default is type \fBA\fP for regular lookups,
+and \fBA\fP, \fBNS\fP, and \fBPTR\fP for zone listings.
+.TP
+.B \-a
+is equivalent to \fB\-t ANY\fP.
+Note that this gives you "anything available" (currently cached) and
+not "all defined data" if a non-authoritative server is queried.
+.SH SPECIAL MODES
+The following options put the program in a special mode.
+.TP 4
+.BI \-l " zone"
+generates the listing of an entire zone.
+.sp
+E.g. the command
+.br
+	\fBhost \-l nikhef.nl\fP
+.br
+will give a listing of all hosts in the "nikhef.nl" zone.
+The \fB\-t\fP option is used to filter what information is
+extracted, as you would expect. The default is address
+information from A records, supplemented with data from PTR
+and NS records.
+.sp
+The command
+.br
+	\fBhost \-Z \-a \-l nikhef.nl\fP
+.br
+will give a complete download of the zone data for "nikhef.nl",
+in the official master file format.
+.TP 4
+.B \-H
+can be specified instead of the \fB\-l\fP option. It will print
+the count of the unique hostnames (names with an A record)
+encountered within the zone.
+It will not count pseudo names like "localhost", nor addresses
+associated with the zone name itself. Neither are counted the
+"glue records" that are necessary to define nameservers for
+the zone and its delegated zones.
+.sp
+By default, this option will not print any resource records.
+.sp
+Combined with the \fB\-S\fP option, it will give a complete
+statistics survey of the zone.
+.sp
+The host count may be affected by duplicate hosts (see below).
+To compute the most realistic value, subtract the duplicate
+host count from the total host count.
+.TP
+.B \-G
+implies \fB\-H\fP, but lists the names of gateway hosts.
+These are the hosts that have more than one address.
+Gateway hosts are not checked for duplicate addresses.
+.TP
+.B \-E
+implies \fB\-H\fP, but lists the names of extrazone hosts.
+An extrazone host in zone "foo.bar" is of the form
+"host.xxx.foo.bar" where "xxx.foo.bar" is not defined as
+a delegated zone with an NS record.
+This may be intentional, but also may be an error.
+.TP
+.B \-D
+implies \fB\-H\fP, but lists the names of duplicate hosts.
+These are hosts with only one address, which is known to
+have been defined also for another host with a different name,
+possibly even in a different zone.
+This may be intentional, but also may be an error.
+.TP
+.B \-C
+can be specified instead of the \fB\-l\fP option. It causes the SOA
+records for the specified zone to be compared as found at each of
+the authoritative nameservers for the zone (as listed in the NS records).
+Nameserver recursion is turned off, and it will be checked whether
+the answers are really authoritative. If a server cannot provide an
+authoritative SOA record, a lame delegation of the zone to that server
+is reported.
+Discrepancies between the records are reported. Various sanity checks
+are performed.
+.TP
+.B \-A
+enters a special address check mode.
+.sp
+If the first argument is a host name, its addresses will be retrieved,
+and for each of the addresses it will be checked whether they map back
+to the given host.
+.sp
+If the first argument is a dotted quad Internet address, its name will
+be retrieved, and it will be checked whether the given address is listed
+among the known addresses belonging to that host.
+.sp
+If the \fB\-A\fP flag is specified along with any zone listing option,
+a reverse lookup of the address in each encountered A record is performed,
+and it is checked whether it is registered and maps back to the name of
+the A record.
+.SH SPECIAL OPTIONS
+The following options apply only to the special zone listing modes.
+.TP 4
+.BI \-L " level"
+Recursively generate zone listings up to this level deep.
+Level 1 traverses the parent zone and all of its delegated zones.
+Each additional level descends into another layer of delegated zones.
+.TP
+.B \-S
+prints statistics about the various types of resource records found
+during zone listings, the number of various host classifications,
+the number of delegated zones, and some total statistics after
+recursive listings.
+.TP
+.B \-p
+causes only the primary nameserver of a zone to be contacted for zone
+transfers during zone listings. Normally, zone transfers are obtained
+from any one of the authoritative servers that responds.
+The primary nameserver is obtained from the SOA record of the zone.
+If a specific server is given on the command line, this option will
+query that server for the desired nameservers of the zone. This can be
+used for testing purposes in case the zone has not been registered yet.
+.TP
+.BI \-P " prefserver"
+gives priority for zone transfers to preferred servers residing in
+domains given by the comma-separated list \fIprefserver\fP. The more
+domain component labels match, the higher the priority.
+If this option is not present, priority is given to servers within
+your own domain or parent domains.
+The order in which NS records are issued may be unfavorable if they
+are subject to BIND 4.9 round-robin reshuffling.
+.TP
+.BI \-N " skipzone"
+prohibits zone transfers for the zones given by the comma-separated
+list \fIskipzone\fP. This may be used during recursive zone listings
+when certain zones are known to contain bogus information which
+should be excluded from further processing.
+.SH COMMON OPTIONS
+The following options can be used in both normal mode and domain
+listing mode.
+.TP 4
+.B \-d
+turns on debugging.  Nameserver transactions are shown in detail.
+Note that \fB\-dd\fP prints even more debugging output.
+.TP
+.BI \-f " filename"
+writes the resource record output to the given logfile as well as
+to standard output.
+.TP
+.BI \-F " filename"
+same as \fB\-f\fP, but exchange the role of stdout and logfile.
+All stdout output (including verbose and debug printout) goes to
+the logfile, and stdout gets only the extra resource record output
+(so that it can be used in pipes).
+.TP
+.BI \-I " chars"
+suppresses warning messages about illegal domain names containing
+invalid characters, by specifying such characters in the string
+\fIchars\fP. The underscore is a good candidate.
+.TP
+.B \-i
+constructs a query for the "reverse mapping" \fBin-addr.arpa\fP
+domain in case a numeric (dotted quad) address was specified.
+Useful primarily for zone listing mode, since for numeric regular
+lookups such query is done anyway (but with \-i you see the actual
+PTR resource record outcome).
+.TP
+.B \-n
+constructs a query for the "reverse mapping" \fBnsap.int\fP
+domain in case an nsap address was specified.
+This can be used to look up the names associated with nsap addresses,
+or to list reverse nsap zones.
+An nsap address consists of an even number of hexadecimal digits,
+with a maximum of 40, optionally separated by interspersed dots.
+An optional prefix "0x" is skipped.
+If this option is used, all reverse nsap.int names are by default
+printed in forward notation, only to improve readability.
+The \fB\-Z\fP option forces the output to be in the official zone
+file format.
+.TP
+.B \-q
+be quiet and suppress various warning messages (the ones preceded
+by " !!! ").
+Serious error messages (preceded by " *** ") are never suppressed.
+.TP
+.B \-T
+prints the time-to-live values during non-verbose output.
+By default the ttl is shown only in verbose mode.
+.TP
+.B \-Z
+prints the selected resource record output in full zone file format,
+including trailing dot in domain names, plus ttl value and class name.
+.SH OTHER OPTIONS
+The following options are used only in special circumstances.
+.TP 4
+.BI \-c " class"
+allows you to specify a particular resource record class.
+Supported are
+\fBIN\fP, \fBINTERNET\fP, \fBCS\fP, \fBCSNET\fP, \fBCH\fP, \fBCHAOS\fP,
+\fBHS\fP, \fBHESIOD\fP, and the wildcard \fBANY\fP or \fB*\fP.
+The default class is \fBIN\fP.
+.TP
+.B \-e
+excludes information about names that are not residing within
+the given zone during zone listings, such as some glue records.
+For regular queries, it suppresses the printing of the "additional
+information" and "authoritative nameserver" sections in the answer
+from the nameserver.
+.TP
+.B \-m
+is equivalent to \fB\-t MAILB\fP, which filters
+any of types \fBMB\fP, \fBMR\fP, \fBMG\fP, or \fBMINFO\fP.
+In addition, \fBMR\fP and \fBMG\fP records will be recursively
+expanded into \fBMB\fP records.
+.TP
+.B \-o
+suppresses the resource record output to stdout. Can be used in
+combination with the \fB\-f\fP option to separate the resource
+record output from verbose and debug comments and error messages.
+.TP
+.B \-r
+causes nameserver recursion to be turned off in the request.
+This means that the contacted nameserver will return only data
+it has currently cached in its own database.
+It will not ask other servers to retrieve the information.
+Note that nameserver recursion is always turned off when checking
+SOA records using the \fB\-C\fP option. Authoritative servers
+should have all relevant information available.
+.TP
+.B \-R
+Normally querynames are assumed to be fully qualified and are
+tried as such, unless it is a single name, which is always tried
+(and only once) in the default domain.
+This option simulates the default BIND behavior by qualifying
+any specified name by repeatedly adding search domains, with
+the exception that the search terminates immediately if the name
+exists but does not have the desired querytype.
+The default search domains are constructed from the default domain
+by repeatedly peeling off the first component, until a final domain
+with only one dot remains.
+.TP
+.BI \-s " seconds"
+specifies a new nameserver timeout value. The program will wait
+for a nameserver reply in two attempts of this number of seconds.
+Normally it does 2 attempts of 5 seconds per nameserver address tried.
+The actual timeout algorithm is slightly more complicated, extending
+the timeout value dynamically depending on the number of tries and
+the number of nameserver addresses.
+.TP
+.B \-u
+forces the use of virtual circuits (TCP) instead of datagrams (UDP) when
+issuing nameserver queries. This is slower, but potentially more reliable.
+Note that a virtual circuit is automatically chosen in case a query
+exceeds the maximum datagram packet size. Also if a datagram answer
+turns out to be truncated, the query is retried using virtual circuit.
+A zone transfer is always done via a virtual circuit.
+.TP
+.B \-w
+causes the program to retry forever if the response to a regular query
+times out. Normally it will time out after some 10 seconds per
+nameserver address tried.
+.TP
+.B \-V
+prints just the version number of the \fBhost\fP program, and exits.
+.SH DEFAULT OPTIONS
+Default options and parameters can be preset in an environment
+variable \fBHOST_DEFAULTS\fP using the same syntax as on the command
+line. They will be evaluated before the command line arguments.
+.SH QUERYTYPES
+The following querytypes (resource record types) are supported.
+Indicated within parentheses are the various kinds of data fields.
+.TP 10
+.B A
+Host address (dotted quad)
+.TP
+.B NS
+Authoritative nameserver (domain name)
+.TP
+.B MD
+Mail destination (domain name)
+.TP
+.B MF
+Mail forwarder (domain name)
+.TP
+.B CNAME
+Canonical name for an alias (domain name)
+.TP
+.B SOA
+Marks the start of a zone of authority
+(domain name of primary, domain name of hostmaster,
+serial, refresh, retry, expiration, default ttl)
+.TP
+.B MB
+Mailbox domain name (domain name)
+.TP
+.B MG
+Mail group member (domain name)
+.TP
+.B MR
+Mail rename domain name (domain name)
+.TP
+.B NULL
+Null resource record (no format or data)
+.TP
+.B WKS
+Well-known service description (dotted quad, protocol name, list of services)
+.TP
+.B PTR
+Domain name pointer (domain name)
+.TP
+.B HINFO
+Host information (CPU type string, OS type string)
+.TP
+.B MINFO
+Mailbox or mail list information (request domain name, error domain name)
+.TP
+.B MX
+Mail exchanger (preference value, domain name)
+.TP
+.B TXT
+Descriptive text (string)
+.TP
+.B UINFO
+User information (string)
+.TP
+.B UID
+User identification (number)
+.TP
+.B GID
+Group identification (number)
+.TP
+.B UNSPEC
+Unspecified binary data (data)
+.TP
+.B ANY
+Matches information of any type available.
+.TP
+.B MAILB
+Matches any of types \fBMB\fP, \fBMR\fP, \fBMG\fP, or \fBMINFO\fP.
+.TP
+.B MAILA
+Matches any of types \fBMD\fP, or \fBMF\fP.
+.PP
+The following types have been defined in RFC 1183, but
+are not yet in general use. They are recognized by this program.
+.TP 10
+.B RP
+Responsible person (domain name for MB, domain name for TXT)
+.TP
+.B AFSDB
+AFS database location (type, domain name)
+.TP
+.B X25
+X25 address (address string)
+.TP
+.B ISDN
+ISDN address (address string, optional subaddress string)
+.TP
+.B RT
+Route through host (preference value, domain name)
+.PP
+The following types have been defined in RFC 1348, but
+are not yet in general use. They are recognized by this program.
+RFC 1348 has already been obsoleted by RFC 1637, which defines
+a new experimental usage of NSAP records. This program has now
+hooks to manipulate them.
+.TP 10
+.B NSAP
+NSAP address (encoded address)
+.TP
+.B NSAP-PTR
+NSAP pointer (domain name)
+.PP
+The following are new types as per RFC 1664 and RFC 1712.
+Note that the GPOS type has been withdrawn already, and will be
+superseded by the LOC type.
+.TP 10
+.B PX
+X400 to RFC822 mapping (preference value, rfc822 domain, x400 domain)
+.TP
+.B GPOS
+Geographical position (longitude string, latitude string, altitude string)
+.PP
+The following types have already been reserved in RFC 1700, but are
+not yet implemented.
+.TP 10
+.B SIG
+Security signature
+.TP
+.B KEY
+Security key
+.TP
+.B AAAA
+IP v6 address
+.TP
+.B LOC
+Geographical location
+.SH FAILURE MESSAGES
+The following messages are printed to show the reason
+of failure for a particular query. The name of an explicit
+server, if specified, may be included. If a special class
+was requested, it is also shown.
+.TP 4
+Nameserver [\fIserver\fP] not running
+The contacted server host does not have a nameserver running.
+.TP
+Nameserver [\fIserver\fP] not responding
+The nameserver at the contacted server host did not give a reply
+within the specified time frame.
+.TP
+Nameserver [\fIserver\fP] not reachable
+The network route to the intended server host is blocked.
+.TP
+\fIname\fP does not exist [at \fIserver\fP] (Authoritative answer)
+The queryname does definitely not exist at all.
+.TP
+\fIname\fP does not exist [at \fIserver\fP], try again
+The queryname does not exist, but the answer was not authoritative,
+so it is still undecided.
+.TP
+\fIname\fP has no \fItype\fP record [at \fIserver\fP] (Authoritative answer)
+The queryname is valid, but the specified type does not exist.
+This status is here returned only in case authoritative.
+.TP
+\fIname\fP \fItype\fP record currently not present [at \fIserver\fP]
+The specified type does not exist, but we don't know whether
+the queryname is valid or not. The answer was not authoritative.
+Perhaps recursion was off, and no data was cached locally.
+.TP
+\fIname\fP \fItype\fP record not found [at \fIserver\fP], try again
+Some intermediate failure, e.g. timeout reaching a nameserver.
+.TP
+\fIname\fP \fItype\fP record not found [at \fIserver\fP], server failure
+Some explicit nameserver failure to process the query, due to internal
+or forwarding errors. This may also be returned if the zone data has
+expired at a secondary server, of when the server is not authoritative
+for some class.
+.TP
+\fIname\fP \fItype\fP record not found [at \fIserver\fP], no recovery
+Some irrecoverable format error, or server refusal.
+.TP
+\fIname\fP \fItype\fP record query refused [by \fIserver\fP]
+The contacted nameserver explicitly refused to answer the query.
+Some nameservers are configured to refuse zone transfer requests
+that come from arbitrary clients.
+.TP
+\fIname\fP \fItype\fP record not found [at \fIserver\fP]
+The exact reason for failure could not be determined.
+(This should not happen).
+.TP
+\fIzone\fP has lame delegation to \fIserver\fP
+If we query a supposedly authoritative nameserver for the SOA record
+of a zone, the information should be available and the answer should
+be authoritative. If not, a lame delegation is flagged. This is also
+done if the server turns out not to exist at all. Ditto if we ask for
+a zone transfer and the server cannot provide it.
+.TP
+No nameservers for \fIzone\fP found
+It was not possible to retrieve the name of any nameserver
+for the desired zone, in order to do a zone transfer.
+.TP
+No addresses of nameservers for \fIzone\fP found
+We got some nameserver names, but it was not possible to retrieve
+addresses for any of them.
+.TP
+No nameservers for \fIzone\fP responded
+When trying all nameservers in succession to do a zone transfer,
+none of them were able or willing to provide it.
+.SH WARNING AND ERROR MESSAGES
+Miscellaneous warning messages may be generated.
+They are preceded by " !!! " and indicate some non-fatal condition,
+usually during the interpretation of the retrieved data.
+These messages can be suppressed with the \-q command line option.
+.sp
+Error messages are preceded by " *** " and indicate a serious problem,
+such as format errors in the answers to queries, but also major
+violations of the specifications.
+Those messages cannot be suppressed.
+.TP 4
+\fIzone\fP has only one nameserver \fIserver\fP
+When retrieving the nameservers for a zone, it appears that only one
+single nameserver exists.  This is against the recommendations.
+.TP
+\fIzone\fP nameserver \fIserver\fP is not canonical (\fIrealserver\fP)
+When retrieving the nameservers for a zone, the name of the specified
+server appears not to be canonical. This may cause serious operational
+problems. The canonical name is given between parentheses.
+.TP
+empty zone transfer for \fIzone\fP from \fIserver\fP
+The zone transfer from the specified server contained no data, perhaps
+only the SOA record. This could happen if we query the victim of a
+lame delegation which happens to have the SOA record in its cache.
+.TP
+extraneous NS record for \fIname\fP within \fIzone\fP from \fIserver\fP
+During a zone transfer, an NS record appears for a name which is not
+a delegated subzone of the current zone.
+.TP
+extraneous SOA record for \fIname\fP within \fIzone\fP from \fIserver\fP
+During a zone transfer, an SOA record appears for a name which is
+not the name of the current zone.
+.TP
+extraneous glue record for \fIname\fP within \fIzone\fP from \fIserver\fP
+During a zone transfer, a glue record is included for a name which
+is not part of the zone or its delegated subzones. This is done in some
+older versions of BIND. It is undesirable since unauthoritative, or even
+incorrect, information may be propagated.
+.TP
+incomplete \fItype\fP record for \fIname\fP
+When decoding the resource record data from the answer to a query,
+not all required data fields were present. This is frequently the case
+for HINFO records of which only one of the two data field is encoded.
+.TP
+\fIname\fP has both NS and A records within \fIzone\fP from \fIserver\fP
+An A record has been defined for the delegated zone \fIname\fP. This is
+signalled only during the transfer of the parent \fIzone\fP. It is not
+an error, but the overall hostcount may be wrong, since the A record
+is counted as a host in the parent zone. This A record is not included
+in the hostcount of the delegated zone.
+.TP
+\fIname\fP \fItype\fP records have different ttl within \fIzone\fP from \fIserver\fP
+Resource records of the same name/type/class should have the same ttl value
+in zone listings. This is sometimes not the case, due to the independent
+definition of glue records or other information in the parent zone, which
+is not kept in sync with the definition in the delegated zone.
+.TP
+\fIname\fP \fItype\fP record has illegal name
+The name of an A or MX record contains invalid characters.
+Only alphanumeric characters and hyphen '-' are valid in
+components (labels) between dots.
+.TP
+\fIname\fP \fItype\fP host \fIserver\fP has illegal name
+The name of an NS or MX target host contains invalid characters.
+Only alphanumeric characters and hyphen '-' are valid in
+components (labels) between dots.
+.TP
+\fIname\fP \fItype\fP host \fIserver\fP does not exist
+The NS or MX target host \fIserver\fP does not exist at all.
+In case of NS, a lame delegation of \fIname\fP to \fIserver\fP
+is flagged.
+.TP
+\fIname\fP \fItype\fP host \fIserver\fP has no A record
+The NS or MX target host \fIserver\fP has no address.
+In case of NS, a lame delegation of \fIname\fP to \fIserver\fP
+is flagged.
+.TP
+\fIname\fP \fItype\fP host \fIserver\fP is not canonical
+The NS or MX target host \fIserver\fP is not a canonical name.
+This may cause serious operational problems during domain data
+retrieval, or electronic mail delivery.
+.TP
+\fIname\fP address \fIA.B.C.D\fP is not registered
+The reverse lookup of the address of an A record failed in an
+authoritative fashion. It was not present in the corresponding
+in-addr.arpa zone.
+.TP
+\fIname\fP address \fIA.B.C.D\fP maps to \fIrealname\fP
+The reverse lookup of the address of an A record succeeded,
+but it did not map back to the name of the A record.
+There may be A records with different names for the same address.
+In the reverse in-addr.arpa zone there is usually only one PTR to
+the ``official'' host name.
+.TP
+\fIzone\fP SOA record at \fIserver\fP is not authoritative
+When checking the SOA for a zone at one of its supposedly
+authoritative nameservers, the SOA information turns out
+to be not authoritative.  This could be determined by making
+a query without nameserver recursion turned on.
+.TP
+\fIzone\fP SOA primary \fIserver\fP is not advertised via NS
+The primary nameserver is not among the list of nameservers
+retrieved via NS records for the zone.
+This is not an error per se, since only publicly accessible
+nameservers may be advertised, and others may be behind a
+firewall.
+.TP
+\fIzone\fP SOA primary \fIserver\fP has illegal name
+The name of the primary nameserver contains invalid characters.
+.TP
+\fIzone\fP SOA hostmaster \fImailbox\fP has illegal mailbox
+The name of the hostmaster mailbox contains invalid characters.
+A common mistake is to use an RFC822 email address with a ``@'',
+whereas the at-sign should have been replaced with a dot.
+.TP
+\fIzone\fP SOA serial has high bit set
+Although the serial number is an unsigned 32-bit value, overflow
+into the high bit can inadvertently occur by making inappropriate
+use of the dotted decimal notation in the zone file. This may lead
+to synchronization failures between primary and secondary servers.
+.TP
+\fIzone\fP SOA retry exceeds refresh
+A failing refresh would be retried after it is time for the
+next refresh.
+.TP
+\fIzone\fP SOA refresh+retry exceeds expire
+The retry after a failing refresh would be done after the data
+has already expired.
+.TP
+\fIserver1\fP and \fIserver2\fP have different primary for \fIzone\fP
+If the SOA record is different, the zone data is probably different
+as well. What you get depends on which server you happen to query.
+.TP
+\fIserver1\fP and \fIserver2\fP have different hostmaster for \fIzone\fP
+If the SOA record is different, the zone data is probably different
+as well. What you get depends on which server you happen to query.
+.TP
+\fIserver1\fP and \fIserver2\fP have different serial for \fIzone\fP
+This is usually not an error, but happens during the period after the
+primary server has updated its zone data, but before a secondary
+performed a refresh. Nevertheless there could be an error if a mistake
+has been made in properly adapting the serial number.
+.TP
+\fIserver1\fP and \fIserver2\fP have different refresh for \fIzone\fP
+If the SOA record is different, the zone data is probably different
+as well. What you get depends on which server you happen to query.
+.TP
+\fIserver1\fP and \fIserver2\fP have different retry for \fIzone\fP
+If the SOA record is different, the zone data is probably different
+as well. What you get depends on which server you happen to query.
+.TP
+\fIserver1\fP and \fIserver2\fP have different expire for \fIzone\fP
+If the SOA record is different, the zone data is probably different
+as well. What you get depends on which server you happen to query.
+.TP
+\fIserver1\fP and \fIserver2\fP have different defttl for \fIzone\fP
+If the SOA record is different, the zone data is probably different
+as well. What you get depends on which server you happen to query.
+.SH EXIT STATUS
+The program returns a zero exit status if the requested information
+could be retrieved successfully, or in case zone listings or SOA
+checks were performed without any serious error.
+Otherwise it returns a non-zero exit status.
+.SH CUSTOMIZING HOST NAME LOOKUP
+In general, if the name supplied by the user does not have any dots
+in it, a default domain is appended to the end. This domain is usually
+defined in the \fB/etc/resolv.conf\fP file. If not, it is derived by
+taking the local hostname and taking everything after its first dot.
+.PP
+The user can override this, and specify a different default domain,
+by defining it in the environment variable \fILOCALDOMAIN\fP.
+.PP
+In addition, the user can supply his own single-word abbreviations
+for host names. They should be in a file consisting of one line per
+abbreviation. Each line contains an abbreviation, white space, and
+then the fully qualified host name. The name of this file must be
+specified in the environment variable \fIHOSTALIASES\fP.
+.SH SPECIAL CONSIDERATIONS
+The complete set of resource record information for a domain name
+is available from an authoritative nameserver only. Therefore,
+if you query another server with the "-a" option, only a subset
+of the data may be presented, since this option asks for any data
+that the latter server currently knows about, not all data that
+may possibly exist.  Note that the "-v" option shows whether an
+answer is authoritative or not.
+.PP
+When listing a zone with the "-l" option, information will be fetched
+from authoritative nameservers for that zone. This is implemented by
+doing a complete zone transfer and then filtering out the information
+that you have asked for.
+Note that direct contact with such nameservers must be possible for
+this option to work.
+This option should be used with caution. Servers may be configured
+to refuse zone transfers if they are flooded with requests.
+.SH RELATED DOCUMENTATION
+rfc920, rfc952, rfc974, rfc1032, rfc1033, rfc1034, rfc1035,
+rfc1101, rfc1183, rfc1348, rfc1535, rfc1536, rfc1537, rfc1637,
+rfc1664, rfc1712
+.SH AUTHOR
+This program is originally from Rutgers University.
+.br
+Rewritten by Eric Wassenaar, Nikhef-H, <e07@nikhef.nl>
+.SH "SEE ALSO"
+named(8), resolv.conf(5), resolver(3)