donutsd - Man Page

Run the donuts syntax checker periodically and report the results to an administrator

Synopsis

  donutsd [-z FREQ] [-t TMPDIR] [-f FROM] [-s SMTPSERVER] [-a DONUTSARGS]
          [-x] [-v] [-i zonelistfile] [ZONEFILE ZONENAME ZONECONTACT]

Description

donutsd runs donuts on a set of zone files every so often (the frequency is specified by the -z flag which defaults to 24 hours) and watches for changes in the results.  These changes may be due to the time-sensitive nature of DNSSEC-related records (e.g., RRSIG validity periods) or because parent/child relationships have changed.  If any changes have occurred in the output since the last run of donuts on a particular zone file, the results are emailed to the specified zone administrator's email address.

Options

-v

Turns on more verbose output.

-o

Run once and quit, as opposed to sleeping or re-running forever.

-a ARGUMENTS

Specifies command line arguments to be passed to donuts executions.

-z TIME

Sleeps TIME seconds between calls to donuts.  The DNSSEC-Tools timetrans program can be used to convert from large time units (e.g., weeks and days) to seconds.

-e ADDRESS

Mail ADDRESS with a summary of the results from all the files. These are the last few lines of the donuts output for each zone that details the number of errors found.

-s SMTPSERVER

When sending mail, send it to the SMTPSERVER specified.  The default is localhost.

-f FROMADDR

When sending mail, use FROMADDR for the From: address.

-x

Send the diff output in the email message as well as the donuts output.

-t TMPDIR

Store temporary files in TMPDIR.

-i INPUTZONES

See the next section details.

Zone Arguments

The rest of the arguments to donutsd should be triplets of the following information:

ZONEFILE

The zone file to examine.

ZONENAME

The zonename that file is supposed to be defining.

ZONECONTACT

An email address of the zone administrator (or a comma-separated list of addresses.)  The results will be sent to this email address.

Additionally, instead of listing all the zones you wish to monitor on the command line, you can use the -i flag which specifies a file to be read listing the TRIPLES instead.  Each line in this file should contain one triple with white-space separating the arguments.

Example:

   db.zonefile1.com   zone1.com   admin@zone1.com
   db.zonefile2.com   zone2.com   admin@zone2.com,admin2@zone2.com

For even more control, you can specify an XML file (whose name must end in .xml) that describes the same information.  This also allows for per-zone customization of the donuts arguments.  The XML::Smart Perl module must be installed in order to use this feature.

 <donutsd>
   <zones>
    <zone>
      <file>db.example.com</file>
      <name>example.com</name>
      <contact>admin@example.com</contact>
      <!-- this is not a signed zone therefore we'll
           add these args so we don't display DNSSEC errors -->
      <donutsargs>-i DNSSEC</donutsargs>
    </zone>
   </zones>
 </donutsd>

The donutsd tree may also contain a configs section where command-line flags can be specified:

 <donutsd>
  <configs>
   <config><flag>a</flag><value>--features live --level 8</value></config>
   <config><flag>e</flag><value>wes@example.com</value></config>
  </configs>
  <zones>
   ...
  </zones>
 </donutsd>

Real command line flags will be used in preference to those specified in the .xml file, however.

Example

  donutsd -a "--features live --level 8" -f root@example.com \
     db.example.com example.com admin@example.com

Author

Wes Hardaker <hardaker@users.sourceforge.net>

See Also

donuts(8)

timetrans(1)

http://dnssec-tools.sourceforge.net

Info

2024-11-05 perl v5.40.0 User Contributed Perl Documentation