OnWorks favicon

donutsp - Online in the Cloud

Run donutsp in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command donutsp that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator



donuts - analyze DNS zone files for errors and warnings


donuts [-v] [-l LEVEL] [-r RULEFILES] [-i IGNORELIST]
[-C] [-c configfile] [-h] [-H] ZONEFILE DOMAINNAME...


donuts is a DNS lint application that examines DNS zone files looking for particular
problems. This is especially important for zones making use of DNSSEC security records,
since many subtle problems can occur. The default mode of operation assumes you want to
check for DNSSEC-related issues; to turn off the invocation of the DNSSEC-related rules
run donuts with "-i DNSSEC".

If the Text::Wrap Perl module is installed, donuts will give better output formatting.

If the ZONEFILE may be a live name prefixed with "live:" and the records afterwards will
be queried and analyized as if it was in a zonefile. For example, running donuts as:

donuts -i NSEC live:badsign-a,good-a test.dnssec-tools.org

Will query the test.dnssec-tools.org zone for the badsign-a and good-a records, collect
the data and run them through the donuts analysis. Because other data is needed as well
for the analysis to be useful, donuts will also automatically collect the DNSKEYs, SOAs,
and NS records for the zone. Because NSEC records aren't loaded, it is advisable to add
that rule exclusion for rules to be run.

Other data types may be queried by appending a ':' and the type name to a record. For

donuts -i NSEC live:good-a,good-aaaa:aaaa test.dnssec-tools.org

If your host is allowed to query for afxr transfers of a particular zone, you may use the
afxr: filename token to indicate it should pull the zone data using a AFXR transfer.

donuts -i NSEC afxr: dnssec-tools.org


Rule Set Configuration:
Sets the level of errors to be displayed. The default is level 5. The maximum value
is level 9, which displays many debugging results. You probably want to run no higher
than level 8.

A comma-separated list of rule files to load. The strings will be passed to glob() so
* wildcards can be used to specify multiple files.

Defaults to /usr/local/share/dnssec-tools/donuts/rules/*.txt and

A comma-separated list of regex patterns which are checked against rule names to
determine if some should be ignored. Run with -v to figure out rule names if you're
not sure which rule is generating errors you don't wish to see.

The --features option specifies additional rule features that should be executed.
Some rules are turned off by default because they are more intensive or require a live
network connection, for instance. Use the --features flag to turn them on. The LIST
argument should be a comma-separated list. Example usage:

--features live,nsec_check

Features available in the default rule set distributed with donuts:

The live feature allows rules that need to perform live DNS queries to run. Most
of these live rules query parent and children of the current zone, when
appropriate, to see that the parent/child relationships have been built properly.
For example, if you have a DS record which authenticates the key used in a child
zone the live feature will let a rule run which checks to see if the child is
actually publishing the DNSKEY that corresponds to the test zone's DS record.

This checks all the NSEC or NSEC3 records (as appropriate for the zone) to ensure
the chain is complete and that no-overlaps exist. It is fairly memory- and cpu-
intensive in large zones.

Configuration File Options:
Parse a configuration file to change constraints specified by rules. This defaults to

Don't read user configuration files at all, such as those specified by the -c option
or the $HOME/.donuts.conf file.

Extra Live Query Options:
Live Queries are enabled through the use of the -f live arguments. These options are only
useful if that feature has been enabled.

Specifies that tcpdump should be started on INTERFACE (e.g., "eth0") just before
donuts begins its run of rules for each domain and will stop it just after it has
processed the rules. This is useful when you wish to capture the traffic generated by
the live feature, described above.

When tcpdump is run, this FILTER is passed to it for purposes of filtering traffic.
By default, this is set to port 53 || ip[6:2] & 0x1fff != 0, which limits the traffic
to traffic destined to port 53 (DNS) or fragmented packets.

Saves the tcpdump-captured packets to FILE. The following special fields can be used
to help generate unique file names:

%d This is replaced with the current domain name being analyzed (e.g.,

%t This is replaced with the current epoch time (i.e., the number of seconds since
Jan 1, 1970).

This field defaults to %d.%t.pcap.

[alpha code]

Displays a browsable GUI screen showing the results of the donuts tests.

The QWizard and Gtk2 Perl modules must be installed for this to work.

Help Options
-H Displays the personal configuration file rules and tokens that are acceptable in a
configuration file. The output will consist of a rule name, a token, and a
description of its meaning.

Your configuration file (e.g., $HOME/.donuts.conf) may have lines in it that look like

# change the default minimum number of legal NS records from 2 to 1
minnsrecords: 1

# change the level of the following rule from 8 to 5
level: 5

This allows you to override certain aspects of how rules are executed.

-R Displays a list of all known rules along with their description (if available).

-h Displays a help message.

Displays a help message more tailored to people who prefer long-style options.

-q Turns on a quieter output mode where only the errors and warnings are shown. IE, the
summary line of "N errors found ..." is not shown.

-q is ignored if a -v argument is present; the -v argument requests a longer output
summary and thus it doesn't make sense to use them both at the same time.

-v Turns on more verbose output. Multiple -v's will turn on increasing amounts of
output. The number of -v's will dictate output:

-s Sorts the resource records so that the order they're processed in is always
consistent. If the incoming zone is not always consistently ordered, the output can
vary unless the resource records are always in the same order. When sorted, however,
they're always evaluated in the same order even if the zone file (or similar) order
changes, and thus the output is consistent, making it easier for tools like diff to
detect where changes occur in the output. This comes at a higher CPU cost, as it
takes more time to sort the entries.

1. Describes which rules are being loaded and extra detail for rules that found
errors (rule Level and extra text detail)

2. Even more detail about rules that found errors: file name, file line number, rule

3. Shows extra detail on the record text being analyzed (the detail is not always
available, however).

4. Even more detail about rules that found errors: dumps the rule code itself.

5. Even more detail about rules that found errors: dumps the internal rule structure.

Obsolete Options
-L Obsolete command line option. Please use --features live instead.


Run donuts in its default mode on the example.com zone which is contained in the
db.example.com file:

% donuts db.example.com example.com

Run donuts with significantly more output, both in terms of verbosity and in terms of the
number of rules that are run to analyze the file:

% donuts -v -v --level 9 db.example.com example.com


Copyright 2004-2013 SPARTA, Inc. All rights reserved. See the COPYING file included with
the DNSSEC-Tools package for details.

Use donutsp online using onworks.net services

Free Servers & Workstations

Download Windows & Linux apps

  • 1
    itop - ITSM  CMDB OpenSource
    itop - ITSM CMDB OpenSource
    IT Operations Portal: a complete open
    source, ITIL, web based service
    management tool including a fully
    customizable CMDB, a helpdesk system and
    a document man...
    Download itop - ITSM CMDB OpenSource
  • 2
    Clementine is a multi-platform music
    player and library organizer inspired by
    Amarok 1.4. It has a fast and
    easy-to-use interface, and allows you to
    search and ...
    Download Clementine
  • 3
    ATTENTION: Cumulative update 2.4.3 has
    been released!! The update works for any
    previous 2.x.x version. If upgrading
    from version v1.x.x, please download and
    Download XISMuS
  • 4
    Modular headtracking program that
    supports multiple face-trackers, filters
    and game-protocols. Among the trackers
    are the SM FaceAPI, AIC Inertial Head
    Tracker ...
    Download facetracknoir
  • 5
    Weaviate in a nutshell: Weaviate is a
    vector search engine and vector
    database. Weaviate uses machine learning
    to vectorize and store data, and to find
    Download Weaviate
  • 6
    PHP QR Code
    PHP QR Code
    PHP QR Code is open source (LGPL)
    library for generating QR Code,
    2-dimensional barcode. Based on
    libqrencode C library, provides API for
    creating QR Code barc...
    Download PHP QR Code
  • 7
    Cuckoo Sandbox
    Cuckoo Sandbox
    Cuckoo Sandbox uses components to
    monitor the behavior of malware in a
    Sandbox environment; isolated from the
    rest of the system. It offers automated
    analysis o...
    Download Cuckoo Sandbox
  • More »

Linux commands