Donuts is a lint-like checking tool for analyzing DNS zone files. It reports any errors it finds, either as text output if run as a command line application or in a GUI window if a error browser interface is desired.
It is extremely flexible and local rule sets and configuration can tailor its output to define local policies.
donuts is discussed in A demonstration video about the DNSSEC-Tools components.
Running Donuts: using the command line
Using the command line is simple. There are, of course, a number of options to pick from as well but the default options will suit many people.
donuts db.example.com example.com
The above loads the db.example.com file and examines it. It must be told which zone is contained within the file, which is why there is an additional argument of example.com on the command line. Use the --level 9 flag and argument for maximum output.
Running donuts without the DNSSEC rules
If you are not using DNSSEC in your zone, then donuts will produce a lot of warnings specific to DNSSEC because you have an unsigned zone. To use donuts without the DNSSEC specific rules, use the -i flag with DNSSEC as the argument:
donuts -i DNSSEC db.example.com example.com
Running Donuts: using the GUI
The following images show the GUI option screens. If you run donuts without any arguments you'll get a series of screens walking you through the settings to run donuts.
Main Options Screen
Picking Zone Database Files
Assigning Zone Names
The errors resulting from running donuts can be shown in a graphical browsing window if you select the --show-gui flag or use the graphical option interface and check the "Display the results in a browsable window" checkbutton.