The relevant typing rules for configuration files vary based on which user is processing files. For instance, the values of your_domain depend on which permissions the user has been granted. You can always use domtool-admin regen to reload all config, executed as the appropriate users. However, reprocessing everything has a significant cost, so you might want to run single files as particular users. To do this, use this pattern:
DOMTOOL_USER=$SOMEONE domtool $FILENAME
You can also use other ways of setting the UNIX environment variable DOMTOOL_USER. Note that an invocation with DOMTOOL_USER set depends on the ability to read that user's private key from AFS, so you will need AFS admin permissions to do this in general.
1. Checking users' files
You can try type-checking, but not executing, a file as a user with:
DOMTOOL_USER=$SOMEONE domtool -tc $FILENAME
You can also do this assuming that the user has permissions for all domains and IP addresses, in case you want to check something before granting the appropriate permissions:
DOMTOOL_USER=$SOMEONE domtool -tc -fake $FILENAME