Donuts: an error/warning checker
Donuts is used for error checking zone files. It checks for general DNS warnings and errors as well as DNSSEC specific issues.
Get started with donuts
To check the above 'zonefile.signed' file:
> donuts zonefile.signed example.com dyn.example.com: Error: sub-domain dyn.example.com is not securely delegated. It is missing a DS record. pictures.example.com: Error: RRSIG on name: pictures.example.com type: CNAME failed to verify: RSA Verification failed 2 errors found in zonefile.signed >
Donuts will output the number of errors (0+) and list a brief description of the errors found in the signed zone file. It is similar to Bind's named-checkzone except that it checks for some additional operational warnings and errors and is highly extensible so you can write your own rules and check for site-specific policies and requirements.