1Net::DNS::SEC::Tools::DUosneurtsC(o3n)tributed Perl DocuNmeetn:t:aDtNiSo:n:SEC::Tools::Donuts(3)
2
3
4

NAME

6         Net::DNS::SEC::Tools::Donuts - Execute DNS and DNSSEC lint-like tests on zone data
7

SYNOPSIS

9         # load a zone, rules and analyze everything
10         #   by default, this will print errors in 'wrapped text' format
11         #   to stdout.
12         my $donuts = new Net::DNS::SEC::Tools::Donuts();
13         $donuts->load_zone("/path/to/example.com.signed", "example.com");
14         $donuts->load_rule_files("/path/to/installed/rules/*.txt");
15         my ($rulecount, $errorcount) = $donuts->analyze();
16
17         # send the output in json format to /tmp/foo.json instead
18         $donuts->set_output_format('json');
19         $donuts->set_output_location('file:/tmp/foo.json');
20         $donuts->analyze();
21
22         # display the available features
23         print "features: ", join(", ", $donuts->available_features()), "\n";
24
25         # enable the 'live' and 'check_data' features in the rule sets
26         $donuts->set_feature_list('live', 'check_data);
27
28         # ignore some rules (regexp's to match against rule names)
29         $donuts->set_ignore_list('NSEC');
30
31         # retrieve the rules loaded into the zone
32         my @rules = $donuts->rules();
33
34         # retrieve the records from the loaded zone
35         #  (these will be Net::DNS::RR based records)
36         my @records = $donuts->zone_records();
37
38         # or just of a certain name:
39         #   (these will be a hash reference like { type => [records] })
40         my $records = $donuts->find_records_by_name('www.example.com');
41
42         # or of just a type for a name:
43         #   (these will be an array reference to the [records])
44         my $records =
45            $donuts->find_records_by_name_and_type('www.example.com', 'A');
46

DESCRIPTION

48       The Net::DNS::SEC::Tools::Donuts (aka Donuts) module is capable of
49       loading a zone file, rules to test against it and then analyzing the
50       rules and reporting the results.
51
52   Creating a Donuts instance
53       Creating an instance of a Donuts object is straightforward:
54
55         use Net::DNS::SEC::Tools::Donuts
56         my $donuts = new Net::DNS::SEC::Tools::Donuts();
57
58   Loading and Accessing Zone Data
59       load_zone(SPECIFIER, ZONENAME)
60
61       Zone data can be loaded into the Donuts module using the load_zone()
62       function.  This function takes a file path as an argument by default,
63       or one of the special specifiers listed below as well.
64
65       $donuts->load_zone("/path/to/file", "example.com");
66           Loads a file from a typicla (text based) zone data file.  It uses
67           the Net::DNS::Zonefile::Fast module for parsing the zone file into
68           Net::DNS::RR records.
69
70       $donuts->load_zone("axfr:example.com", "example.com");
71           If the host has the ability to perform an axfr transfer of a given
72           zone, this specifier can be used to dynamically transfer the zone
73           data from the online servers.
74
75       $donuts->load_zone("live:www,ftp:aaaa,ns", "example.com");
76           When the live: specifier prefix is used, the Donuts module will
77           attempt to perform single queries from the zone for the specified
78           list of domain name prefixes for the zone.  The default list (i.e.
79           just "live:") of zone records to query for is just "www".  Query
80           types may be specified by separating the label with a ':'
81           character, as in the example above which indicates a AAAA record
82           should be queried for the 'ftp' host.
83
84           In addition to the list specified within teh specifier itself, each
85           zone is always queried for the following entries as well:
86
87           - ZONENAME:DNSKEY
88           - ZONENAME:SOA
89           - ZONENAME:NS
90
91           Note that because the zone won't be entirely complete, careful
92           selection or exclusion of rules (see "Ignoring and Only Executing
93           Rules") will likely be required to filter out bad results during
94           any analysis that is performed.
95
96   Loading Donuts Rules
97   Analyzing Zones Using Rules
98   Features
99   Ignoring and Only Executing Rules
100   Configuration
102       Copyright 2013-2013 Parsons.  All rights reserved.  See the COPYING
103       file included with the DNSSEC-Tools package for details.
104

AUTHOR

106       Wes Hardaker <hardaker@users.sourceforge.net>
107

SEE ALSO

109       donuts(8)
110
111       Net::DNS, Net::DNS::RR, Net::DNS::SEC::Tools::Donuts::Rule
112
113       http://www.dnssec-tools.org/
114

POD ERRORS

116       Hey! The above document had some coding errors, which are explained
117       below:
118
119       Around line 972:
120           =back without =over
121
122
123
124perl v5.38.0                      2023-07-19   Net::DNS::SEC::Tools::Donuts(3)
Impressum