donutsd(1) Run the donuts syntax checker periodically and report the

SYNOPSIS


donutsd [-z FREQ] [-t TMPDIR] [-f FROM] [-s SMTPSERVER] [-a DONUTSARGS]
[-x] [-v] [-i zonelistfile] [ZONEFILE ZONENAME ZONECONTACT]

DESCRIPTION

donutsd runs donuts on a set of zone files every so often (the frequency is specified by the -z flag which defaults to 24 hours) and watches for changes in the results. These changes may be due to the time-sensitive nature of DNSSEC-related records (e.g., RRSIG validity periods) or because parent/child relationships have changed. If any changes have occurred in the output since the last run of donuts on a particular zone file, the results are emailed to the specified zone administrator's email address.

OPTIONS

-v
Turns on more verbose output.
-o
Run once and quit, as opposed to sleeping or re-running forever.
-a ARGUMENTS
Specifies command line arguments to be passed to donuts executions.
-z TIME
Sleeps TIME seconds between calls to donuts. The DNSSEC-Tools timetrans program can be used to convert from large time units (e.g., weeks and days) to seconds.
-e ADDRESS
Mail ADDRESS with a summary of the results from all the files. These are the last few lines of the donuts output for each zone that details the number of errors found.
-s SMTPSERVER
When sending mail, send it to the SMTPSERVER specified. The default is localhost.
-f FROMADDR
When sending mail, use FROMADDR for the From: address.
-x
Send the diff output in the email message as well as the donuts output.
-t TMPDIR
Store temporary files in TMPDIR.
-i INPUTZONES
See the next section details.

ZONE ARGUMENTS

The rest of the arguments to donutsd should be triplets of the following information:
ZONEFILE
The zone file to examine.
ZONENAME
The zonename that file is supposed to be defining.
ZONECONTACT
An email address of the zone administrator (or a comma-separated list of addresses.) The results will be sent to this email address.

Additionally, instead of listing all the zones you wish to monitor on the command line, you can use the -i flag which specifies a file to be read listing the TRIPLES instead. Each line in this file should contain one triple with white-space separating the arguments.

Example:

   db.zonefile1.com   zone1.com   [email protected]
   db.zonefile2.com   zone2.com   [email protected],[email protected]

For even more control, you can specify an XML file (whose name must end in .xml) that describes the same information. This also allows for per-zone customization of the donuts arguments. The XML::Smart Perl module must be installed in order to use this feature.

 <donutsd>
   <zones>
    <zone>
      <file>db.example.com</file>
      <name>example.com</name>
      <contact>[email protected]</contact>
      <!-- this is not a signed zone therefore we'll
           add these args so we don't display DNSSEC errors -->
      <donutsargs>-i DNSSEC</donutsargs>
    </zone>
   </zones>
 </donutsd>

The donutsd tree may also contain a configs section where command-line flags can be specified:

 <donutsd>
  <configs>
   <config><flag>a</flag><value>--features live --level 8</value></config>
   <config><flag>e</flag><value>[email protected]</value></config>
  </configs>
  <zones>
   ...
  </zones>
 </donutsd>

Real command line flags will be used in preference to those specified in the .xml file, however.

EXAMPLE

  donutsd -a "--features live --level 8" -f [email protected] \
     db.example.com example.com [email protected]

COPYRIGHT

Copyright 2005-2013 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.

AUTHOR

Wes Hardaker <[email protected]>