Net::DNS::SEC::Tools::Donuts

Net::DNS::SEC::Tools::UsertContributed Perl DocNet::DNS::SEC::Tools::Donuts(3)



NAME
         Net::DNS::SEC::Tools::Donuts - Execute DNS and DNSSEC lint-like tests on zone data

SYNOPSIS
         # load a zone, rules and analyze everything
         #   by default, this will print errors in 'wrapped text' format
         #   to stdout.
         my $donuts = new Net::DNS::SEC::Tools::Donuts();
         $donuts->load_zone("/path/to/example.com.signed", "example.com");
         $donuts->load_rule_files("/path/to/installed/rules/*.txt");
         my ($rulecount, $errorcount) = $donuts->analyze();

         # send the output in json format to /tmp/foo.json instead
         $donuts->set_output_format('json');
         $donuts->set_output_location('file:/tmp/foo.json');
         $donuts->analyze();

         # display the available features
         print "features: ", join(", ", $donuts->available_features()), "\n";

         # enable the 'live' and 'check_data' features in the rule sets
         $donuts->set_feature_list('live', 'check_data);

         # ignore some rules (regexp's to match against rule names)
         $donuts->set_ignore_list('NSEC');

         # retrieve the rules loaded into the zone
         my @rules = $donuts->rules();

         # retrieve the records from the loaded zone
         #  (these will be Net::DNS::RR based records)
         my @records = $donuts->zone_records();

         # or just of a certain name:
         #   (these will be a hash reference like { type => [records] })
         my $records = $donuts->find_records_by_name('www.example.com');

         # or of just a type for a name:
         #   (these will be an array reference to the [records])
         my $records =
            $donuts->find_records_by_name_and_type('www.example.com', 'A');

DESCRIPTION
       The Net::DNS::SEC::Tools::Donuts (aka Donuts) module is capable of
       loading a zone file, rules to test against it and then analyzing the
       rules and reporting the results.

   Creating a Donuts instance
       Creating an instance of a Donuts object is straightforward:

         use Net::DNS::SEC::Tools::Donuts
         my $donuts = new Net::DNS::SEC::Tools::Donuts();

   Loading and Accessing Zone Data
       load_zone(SPECIFIER, ZONENAME)

       Zone data can be loaded into the Donuts module using the load_zone()
       function.  This function takes a file path as an argument by default,
       or one of the special specifiers listed below as well.

       $donuts->load_zone("/path/to/file", "example.com");
           Loads a file from a typicla (text based) zone data file.  It uses
           the Net::DNS::Zonefile::Fast module for parsing the zone file into
           Net::DNS::RR records.

       $donuts->load_zone("axfr:example.com", "example.com");
           If the host has the ability to perform an axfr transfer of a given
           zone, this specifier can be used to dynamically transfer the zone
           data from the online servers.

       $donuts->load_zone("live:www,ftp:aaaa,ns", "example.com");
           When the live: specifier prefix is used, the Donuts module will
           attempt to perform single queries from the zone for the specified
           list of domain name prefixes for the zone.  The default list (i.e.
           just "live:") of zone records to query for is just "www".  Query
           types may be specified by separating the label with a ':'
           character, as in the example above which indicates a AAAA record
           should be queried for the 'ftp' host.

           In addition to the list specified within teh specifier itself, each
           zone is always queried for the following entries as well:

           - ZONENAME:DNSKEY
           - ZONENAME:SOA
           - ZONENAME:NS

           Note that because the zone won't be entirely complete, careful
           selection or exclusion of rules (see "Ignoring and Only Executing
           Rules") will likely be required to filter out bad results during
           any analysis that is performed.

   Loading Donuts Rules
   Analyzing Zones Using Rules
   Features
   Ignoring and Only Executing Rules
   Configuration
COPYRIGHT
       Copyright 2013-2013 Parsons.  All rights reserved.  See the COPYING
       file included with the DNSSEC-Tools package for details.

AUTHOR
       Wes Hardaker <hardaker@users.sourceforge.net>

SEE ALSO
       donuts(8)

       Net::DNS, Net::DNS::RR, Net::DNS::SEC::Tools::Donuts::Rule

       http://www.dnssec-tools.org/

POD ERRORS
       Hey! The above document had some coding errors, which are explained
       below:

       Around line 972:
           =back without =over



perl v5.28.1                      2018-08-29   Net::DNS::SEC::Tools::Donuts(3)