donutsd(1) - Linux man page
Name
donutsd - Run the donuts syntax checker periodically and report the results to an administrator
Synopsis
donutsd [-z FREQ] [-t TMPDIR] [-f FROM] [-s SMTPSERVER] [-a DONUTSARGS]
[-x] [-v] [-i zonelistfile] [ZONEFILE ZONENAME ZONECONTACT]
Description
donutsd runs donuts on a set of zone files every so often (the frequency is specified by the -z flag which defaults to 24 hours) and watches for changes in the results. These changes may be due to the time-sensitive nature of DNSSEC-related records (e.g., RRSIG validity periods) or because parent/child relationships have changed. If any changes have occurred in the output since the last run of donuts on a particular zone file, the results are emailed to the specified zone administrator's email address.
Options
- -v
Turns on more verbose output.
-o
Run once and quit, as opposed to sleeping or re-running forever.
- -a ARGUMENTS
- Specifies command line arguments to be passed to donuts executions.
- -z TIME
- Sleeps TIME seconds between calls to donuts. The DNSSEC-Tools timetrans program can be used to convert from large time units (e.g., weeks and days) to seconds.
- -e ADDRESS
- Mail ADDRESS with a summary of the results from all the files. These are the last few lines of the donuts output for each zone that details the number of errors found.
- -s SMTPSERVER
- When sending mail, send it to the SMTPSERVER specified. The default is localhost.
- -f FROMADDR
- When sending mail, use FROMADDR for the From: address.
- -x
Send the diff output in the email message as well as the donuts output.
- -t TMPDIR
- Store temporary files in TMPDIR .
- -i INPUTZONES
- See the next section details.
Zone Arguments
The rest of the arguments to donutsd should be triplets of the following information:
- ZONEFILE
- The zone file to examine.
- ZONENAME
- The zonename that file is supposed to be defining.
- ZONECONTACT
- An email address of the zone administrator (or a comma-separated list of addresses.) The results will be sent to this email address.
- Additionally, instead of listing all the zones you wish to monitor on the command line, you can use the -i flag which specifies a file to be read
listing the TRIPLES instead. Each line in this file should contain one triple with white-space separating the arguments.
Example:
db.zonefile1.com zone1.com admin@zone1.com db.zonefile2.com zone2.com admin@zone2.com,admin2@zone2.com
For even more control, you can specify an XML file (whose name must end in .xml) that describes the same information. This also allows for per-zone customization of the donuts arguments. The XML::Smart Perl module must be installed in order to use this feature.<donutsd> <zones> <zone> <file>db.example.com</file> <name>example.com</name> <contact>admin@example.com</contact> <!-- this is not a signed zone therefore we'll add these args so we don't display DNSSEC errors --> <donutsargs>-i DNSSEC</donutsargs> </zone> </zones> </donutsd>The donutsd tree may also contain a configs section where command-line flags can be specified:<donutsd> <configs> <config><flag>a</flag><value>--features live --level 8</value></config> <config><flag>e</flag><value>wes@example.com</value></config> </configs> <zones> ... </zones> </donutsd>
Real command line flags will be used in preference to those specified in the .xml file, however.
Example
donutsd -a "--features live --level 8" -f root@example.com \ db.example.com example.com admin@example.com
Copyright
Copyright 2005-2012 SPARTA , Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
Author
Wes Hardaker <hardaker@users.sourceforge.net>
See Also
donuts(8)
timetrans(1)
http://dnssec-tools.sourceforge.net