donutsd [-z FREQ] [-t TMPDIR] [-f FROM] [-s SMTPSERVER] [-a DONUTSARGS]
[-x] [-v] [-i zonelistfile] [ZONEFILE ZONENAME ZONECONTACT]
DESCRIPTIONdonutsd runs donuts on a set of zone files every so often (the frequency is specified by the -z flag which defaults to 24 hours) and watches for changes in the results. These changes may be due to the time-sensitive nature of DNSSEC-related records (e.g., RRSIG validity periods) or because parent/child relationships have changed. If any changes have occurred in the output since the last run of donuts on a particular zone file, the results are emailed to the specified zone administrator's email address.
- Turns on more verbose output.
- Run once and quit, as opposed to sleeping or re-running forever.
- -a ARGUMENTS
- Specifies command line arguments to be passed to donuts executions.
- -z TIME
- Sleeps TIME seconds between calls to donuts. The DNSSEC-Tools timetrans program can be used to convert from large time units (e.g., weeks and days) to seconds.
- -e ADDRESS
- Mail ADDRESS with a summary of the results from all the files. These are the last few lines of the donuts output for each zone that details the number of errors found.
- -s SMTPSERVER
- When sending mail, send it to the SMTPSERVER specified. The default is localhost.
- -f FROMADDR
- When sending mail, use FROMADDR for the From: address.
- Send the diff output in the email message as well as the donuts output.
- -t TMPDIR
- Store temporary files in TMPDIR.
- -i INPUTZONES
- See the next section details.
ZONE ARGUMENTSThe rest of the arguments to donutsd should be triplets of the following information:
- The zone file to examine.
- The zonename that file is supposed to be defining.
- An email address of the zone administrator (or a comma-separated list of addresses.) The results will be sent to this email address.
Additionally, instead of listing all the zones you wish to monitor on the command line, you can use the -i flag which specifies a file to be read listing the TRIPLES instead. Each line in this file should contain one triple with white-space separating the arguments.
db.zonefile1.com zone1.com [email protected] db.zonefile2.com zone2.com [email protected],[email protected]
For even more control, you can specify an XML file (whose name must end in .xml) that describes the same information. This also allows for per-zone customization of the donuts arguments. The XML::Smart Perl module must be installed in order to use this feature.
<donutsd> <zones> <zone> <file>db.example.com</file> <name>example.com</name> <contact>[email protected]</contact> <!-- this is not a signed zone therefore we'll add these args so we don't display DNSSEC errors --> <donutsargs>-i DNSSEC</donutsargs> </zone> </zones> </donutsd>
The donutsd tree may also contain a configs section where command-line flags can be specified:
<donutsd> <configs> <config><flag>a</flag><value>--features live --level 8</value></config> <config><flag>e</flag><value>[email protected]</value></config> </configs> <zones> ... </zones> </donutsd>
Real command line flags will be used in preference to those specified in the .xml file, however.
donutsd -a "--features live --level 8" -f [email protected] \ db.example.com example.com [email protected]