DNSSEC-Tools Component
This describes donutsd, which in the Authoritative Server Tools category within the DNSSEC-Tools Components framework of tools.
Tool Name: donutsd
Tool Type: Authoritative Server Tools
Donutsd is the daemonized version of donuts. It provides the same functionality, but will run in the background and notify (usually by email) an administrator whenever changes are detected in the zone file. This includes noticing when a zone is about to expire (i.e. when RRSIG records in the signed zone file are about to expire).

Getting started with donutsd

The zones to check can be configured on the command line, e.g.:

> donutsd -v /var/named/example.com.signed example.com admin@istrator.com

running donuts on /var/named/example.com.signed/example.com
  running: donuts   /var/named/example.com.signed example.com > /tmp/donutsd/example.com.new 2>&1
  comparing results from last run
  output changed; mailing admin@istrator.com about /var/named/example.com.signed
  running: tail -1 /tmp/donutsd/example.com.new >> /tmp/donutsd/donuts.summary.new
  /tmp/donutsd/example.com.new => /tmp/donutsd/example.com
  /tmp/donutsd/donuts.summary.new => /tmp/donutsd/donuts.summary
sleeping for 86400


An administrator will receive an email similar to the following(the zone file in this example has an RR type that donuts does not recognize).

From: default@example.com
Subject: donuts output for zone: example.com
To: admin@istrator.com
Date: Mon, 25 Feb 2008 16:43:35 -0800 (PST)

The donuts dns zone-file syntax checker was run on the "example.com"
and there were resulting errors or errors that have changed since the last run.
The results of this run of donuts can be found below:

You will not receive another message until the output from donuts has changed.


/var/named/example.com.signed:44 unrecognized type
WARNING: failed to read /var/named/example.com.signed for an unknown reason
unrecognized type, line 44

For single or several zones, the command line is an okay way to configure donutsd, but zone information can also be configured from a file. The simplest file is a text file that contains the same zone info as the command line but on separate lines:

> cat donutsd-zones.txt
db.zonefile1.com   zone1.com   admin@zone1.com
db.zonefile2.com   zone2.com   admin@zone2.com,admin2@zone2.com

and run by:

> donutsd -i /etc/named/donutsd-zones.txt &

For even greater control, an XML formatted file can be used. See the Manual page for more details.