donuts(1)

1DONUTS(1)             User Contributed Perl Documentation            DONUTS(1)
2
3
4

NAME

6       donuts - analyze DNS zone files for errors and warnings
7

SYNOPSIS

9         donuts [-h] [-H] [-v] [-l LEVEL] [-r RULEFILES] [-i IGNORELIST]
10                [-C] [-c configfile] ZONEFILE DOMAINNAME...
11

DESCRIPTION

13       donuts is a DNS Lint application that examines DNS zone files looking
14       for particular problems.  This is especially important for zones making
15       use of DNSSEC security records, since many subtle problems can occur.
16
17       If the Text::Wrap Perl module is installed, donuts will give better
18       output formatting.
19

OPTIONS

21       -h  Displays a help message.
22
23       -v  Turns on more verbose output.
24
25       -q  Turns on more quiet output.
26
27       -l LEVEL
28           Sets the level of errors to be displayed.  The default is level 5.
29           The maximum value is level 9, which displays many debugging
30           results.  You probably want to run no higher than level 8.
31
32       -r RULEFILES
33           A comma-separated list of rule files to load.  The strings will be
34           passed to glob() so * wildcards can be used to specify multiple
35           files.
36
37       -i IGNORELIST
38           A comma-separated list of regex patterns which are checked against
39           rule names to determine if some should be ignored.  Run with -v to
40           figure out rule names if you're not sure which rule is generating
41           errors you don't wish to see.
42
43       -L  Include rules that require live queries of data.  Generally, these
44           rules concentrate on pulling remote DNS data to test; for example,
45           parent/child zone relationships.
46
47       -c CONFIGFILE
48           Parse a configuration file to change constraints specified by
49           rules.  This defaults to $HOME/.donuts.conf.
50
51       -C  Don't read user configuration files at all, such as those specified
52           by the -c option or the $HOME/.donuts.conf file.
53
54       -t INTERFACE
55           Specifies that tcpdump should be started on INTERFACE (e.g.,
56           "eth0") just before donuts begins its run of rules for each domain
57           and will stop it just after it has processed the rules.  This is
58           useful when you wish to capture the traffic generated by the live
59           feature, described above.
60
61       -T FILTER
62           When tcpdump is run, this FILTER is passed to it for purposes of
63           filtering traffic.  By default, this is set to port 53 ⎪⎪ ip[6:2] &
64           0x1fff != 0, which limits the traffic to traffic destined to port
65           53 (DNS) or fragmented packets.
66
67       -o FILE
68           Saves the tcpdump captured packets to FILE.  The following special
69           fields can be used to help generate unique file names:
70
71           %d  This is replaced with the current domain name being analyzed
72               (e.g., "example.com").
73
74           %t  This is replaced with the current epoch time (i.e., the number
75               of seconds since Jan 1, 1970).
76
77           This field defaults to %d.%t.pcap.
78
79       -H  Displays the personal configuration file rules and tokens that are
80           acceptable in a configuration file.  The output will consist of a
81           rule name, a token, and a description of its meaning.
82
83           Your configuration file (e.g., $HOME/.donuts.conf) may have lines
84           in it that look like this:
85
86             # change the default minimum number of legal NS records from 2 to 1
87             name: DNS_MULTIPLE_NS
88             minnsrecords: 1
89
90             # change the level of the following rule from 8 to 5
91             name: DNS_REASONABLE_TTLS
92             level: 5
93
94           This allows you to override certain aspects of how rules are exe‐
95           cuted.
96
97       -R  Displays a list of all known rules along with their description (if
98           available).
99
100       -F LIST
101       --features=LIST
102           The --features option specifies additional rule features that
103           should be executed.  Some rules are turned off by default because
104           they are more intensive or require a live network connection, for
105           instance.  Use the --features flag to turn them on.  The LIST argu‐
106           ment should be a comma separated list.  Example usage:
107
108             --features live,data_check
109
110           Features available in the default rule set:
111
112           live
113               The live feature allows rules that need to perform live DNS
114               queries to run.  Most of these live rules query parent and
115               children of the current zone, when appropriate, to see that the
116               parent/child relationships have been built properly.  For exam‐
117               ple, if you have a DS record which authenticates the key used
118               in a child zone the live feature will let a rule run which
119               checks to see if the child is actually publishing the DNSKEY
120               that corresponds to the test zone's DS record.
121
122       --show-gui
123           [alpha code]
124
125           Displays a browsable GUI screen showing the results of the donuts
126           tests.
127
128           The QWizard and Gtk2 Perl modules must be installed for this to
129           work.
130
131       --live
132           Obsolete command line option.  Please use --features live instead.
133

COPYRIGHT

135       Copyright 2004-2007 SPARTA, Inc.  All rights reserved.  See the COPYING
136       file included with the DNSSEC-Tools package for details.
137

AUTHOR

139       Wes Hardaker <hardaker@users.sourceforge.net>
140

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

COPYRIGHT

AUTHOR

SEE ALSO