Template:Donuts ShortTorial

From DNSSEC-Tools
Jump to: navigation, search

Donuts: an error/warning checker

{{#if:1| {{#if:1| {{#if:1| {{#if:| {{#if:| {{#if:|
DNSSEC-Tools Component
This describes donuts, which in the Zone Administration Tools category within the DNSSEC-Tools Components framework of tools.
Tool Name: donuts
Tool Type: Zone Administration Tools
Manual: Manual


Example: Example


CLI: Help


Tutorial: Tutorial


How To: How To


Download: donuts


Donuts is used for error checking zone files. It checks for general DNS warnings and errors as well as DNSSEC specific issues.

Get started with donuts

To check the above 'zonefile.signed' file:

> donuts zonefile.signed example.com

  Error:       sub-domain dyn.example.com is not securely
               delegated.  It is missing a DS record.

  Error:       RRSIG on name: pictures.example.com type: CNAME 
               failed to verify: RSA Verification failed

2 errors found in zonefile.signed

Donuts will output the number of errors (0+) and list a brief description of the errors found in the signed zone file. It is similar to Bind's named-checkzone except that it checks for some additional operational warnings and errors and is highly extensible so you can write your own rules and check for site-specific policies and requirements.