1Net::DNS::SEC::Tools::DUosneurtsC(o3n)tributed Perl DocuNmeetn:t:aDtNiSo:n:SEC::Tools::Donuts(3)
2
3
4
6 Net::DNS::SEC::Tools::Donuts - Execute DNS and DNSSEC lint-like tests on zone data
7
9 # load a zone, rules and analyze everything
10 # by default, this will print errors in 'wrapped text' format
11 # to stdout.
12 my $donuts = new Net::DNS::SEC::Tools::Donuts();
13 $donuts->load_zone("/path/to/example.com.signed", "example.com");
14 $donuts->load_rule_files("/path/to/installed/rules/*.txt");
15 my ($rulecount, $errorcount) = $donuts->analyze();
16
17 # send the output in json format to /tmp/foo.json instead
18 $donuts->set_output_format('json');
19 $donuts->set_output_location('file:/tmp/foo.json');
20 $donuts->analyze();
21
22 # display the available features
23 print "features: ", join(", ", $donuts->available_features()), "\n";
24
25 # enable the 'live' and 'check_data' features in the rule sets
26 $donuts->set_feature_list('live', 'check_data);
27
28 # ignore some rules (regexp's to match against rule names)
29 $donuts->set_ignore_list('NSEC');
30
31 # retrieve the rules loaded into the zone
32 my @rules = $donuts->rules();
33
34 # retrieve the records from the loaded zone
35 # (these will be Net::DNS::RR based records)
36 my @records = $donuts->zone_records();
37
38 # or just of a certain name:
39 # (these will be a hash reference like { type => [records] })
40 my $records = $donuts->find_records_by_name('www.example.com');
41
42 # or of just a type for a name:
43 # (these will be an array reference to the [records])
44 my $records =
45 $donuts->find_records_by_name_and_type('www.example.com', 'A');
46
48 The Net::DNS::SEC::Tools::Donuts (aka Donuts) module is capable of
49 loading a zone file, rules to test against it and then analyzing the
50 rules and reporting the results.
51
52 Creating a Donuts instance
53 Creating an instance of a Donuts object is straightforward:
54
55 use Net::DNS::SEC::Tools::Donuts
56 my $donuts = new Net::DNS::SEC::Tools::Donuts();
57
58 Loading and Accessing Zone Data
59 load_zone(SPECIFIER, ZONENAME)
60
61 Zone data can be loaded into the Donuts module using the load_zone()
62 function. This function takes a file path as an argument by default,
63 or one of the special specifiers listed below as well.
64
65 $donuts->load_zone("/path/to/file", "example.com");
66 Loads a file from a typicla (text based) zone data file. It uses
67 the Net::DNS::Zonefile::Fast module for parsing the zone file into
68 Net::DNS::RR records.
69
70 $donuts->load_zone("axfr:example.com", "example.com");
71 If the host has the ability to perform an axfr transfer of a given
72 zone, this specifier can be used to dynamically transfer the zone
73 data from the online servers.
74
75 $donuts->load_zone("live:www,ftp:aaaa,ns", "example.com");
76 When the live: specifier prefix is used, the Donuts module will
77 attempt to perform single queries from the zone for the specified
78 list of domain name prefixes for the zone. The default list (i.e.
79 just "live:") of zone records to query for is just "www". Query
80 types may be specified by separating the label with a ':'
81 character, as in the example above which indicates a AAAA record
82 should be queried for the 'ftp' host.
83
84 In addition to the list specified within teh specifier itself, each
85 zone is always queried for the following entries as well:
86
87 - ZONENAME:DNSKEY
88 - ZONENAME:SOA
89 - ZONENAME:NS
90
91 Note that because the zone won't be entirely complete, careful
92 selection or exclusion of rules (see "Ignoring and Only Executing
93 Rules") will likely be required to filter out bad results during
94 any analysis that is performed.
95
96 Loading Donuts Rules
97 Analyzing Zones Using Rules
98 Features
99 Ignoring and Only Executing Rules
100 Configuration
102 Copyright 2013-2013 Parsons. All rights reserved. See the COPYING
103 file included with the DNSSEC-Tools package for details.
104
106 Wes Hardaker <hardaker@users.sourceforge.net>
107
109 donuts(8)
110
111 Net::DNS, Net::DNS::RR, Net::DNS::SEC::Tools::Donuts::Rule
112
113 http://www.dnssec-tools.org/
114
116 Hey! The above document had some coding errors, which are explained
117 below:
118
119 Around line 972:
120 =back without =over
121
122
123
124perl v5.38.0 2023-07-19 Net::DNS::SEC::Tools::Donuts(3)