donutsd - Run the donuts syntax checker periodically and report the results to an administrator
donutsd [-z FREQ] [-t TMPDIR] [-f FROM] [-s SMTPSERVER] [-a DONUTSARGS] [-x] [-v] [-i zonelistfile] [ZONEFILE ZONENAME ZONECONTACT]
donutsd runs donuts on a set of zone files every so often (the frequency is specified by the -z flag which defaults to 24 hours) and watches for changes in the results. These changes may be due to the time-sensitive nature of DNSSEC-related records (e.g., RRSIG validity periods) or because parent/child relationships have changed. If any changes have occurred in the output since the last run of donuts on a particular zone file, the results are emailed to the specified zone administrator's email address.
Turns on more verbose output.
Run once and quit, as opposed to sleeping or re-running forever.
Passes arguments to command line arguments of donuts runs.
Sleeps TIME seconds between calls to donuts.
Mail ADDRESS with a summary of the results from all the files. These are the last few lines of the donuts output for each zone that details the number of errors found.
When sending mail, send it to the SMTPSERVER specified. The default is localhost.
When sending mail, use FROMADDR for the From: address.
Send the diff output in the email message as well as the donuts output.
Store temporary files in TMPDIR.
See the next section details.
The rest of the arguments to donutsd should be triplets of the following information:
The zone file to examine.
The zonename that file is supposed to be defining.
An email address of the zone administrator (or a comma-separated list of addresses.) The results will be sent to this email address.
Additionally, instead of listing all the zones you wish to monitor on the command line, you can use the -i flag which specifies a file to be read listing the TRIPLES instead. Each line in this file should contain one triple with white-space separating the arguments.
Example:
db.zonefile1.com zone1.com admin@zone1.com db.zonefile2.com zone2.com admin@zone2.com,admin2@zone2.com
For even more control, you can specify an XML file (whose name must end in .xml) that describes the same information. This also allows for per-zone customization of the donuts arguments. The XML::Smart Perl module must be installed in order to use this feature.
<donutsd> <zones> <zone> <file>db.example.com</file> <name>example.com</name> <contact>admin@example.com</contact> <!-- this is not a signed zone therefore we'll add these args so we don't display DNSSEC errors --> <donutsargs>-i DNSSEC</donutsargs> </zone> </zones> </donutsd>
The donutsd tree may also contain a configs section where command-line flags can be specified:
<donutsd> <configs> <config><flag>a</flag><value>--live --level 8</value></config> <config><flag>e</flag><value>wes@example.com</value></config> </configs> <zones> ... </zones> </donutsd>
Real command line flags will be used in preference to those specified in the .xml file, however.
donutsd -a "--live --level 8" -f root@somewhere.com \ db.example.com example.com admin@example.com
Copyright 2005-2007 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
Wes Hardaker <hardaker@users.sourceforge.net>
donuts(8)