README

   1 valtz 0.7, ; (C) 2003 Magnus Bodin, http://x42.com/software/
   2 ============================================================
   3
   4 Validation tool for tinydns-data zone files.
   5
   6 Usage:
   7
   8   Simple validation:
   9     valtz [-qrRix] <zonefiles>
  10
  11   Simple filtering:
  12     valtz -f[qrRiItTx] <zonefiles>
  13
  14   Extensive filtering:
  15     valtz -F[qrRiItTx] <filterfiles>
  16
  17 General usage:
  18     valtz [-hfFqrRiItTx] <file(s)>
  19
  20   -h shows this help.
  21
  22
  23   -f filter (don't just validate) file and output accepted lines to STDOUT.
  24
  25
  26   -F treat files as filter configuration files for more advanced filtering.
  27      These filterfiles one or several of the following filter directives:
  28
  29      zonefile <zonefilepath>
  30      zonefile file:<path to textfile including zonefilepaths>
  31         Defines the file(s) to be filtered. Can be a globbed value, like
  32         /var/zones/external/*
  33
  34      extralog <logfile>
  35         Defines an extra logfile that the STDERR output will be copied for
  36         this specific filterfile. Useful if you have a lot of filterfiles
  37         and want to separate the logs.
  38
  39      deny <zonepattern>
  40      deny file:<path to <zonepatternfile>
  41         Defines a zonepattern to explicitly DENY after implicitly allowing all.
  42         (cannot be combined with allow)
  43
  44      allow <zonepattern>
  45      allow file:<path to <zonepatternfile>
  46         Defines a zonepattern to explicitly ALLOW after implicitly denying all.
  47
  48      allowtype <recordtype character(s)>
  49         Explicitly sets the allowed recordtypes. Note that even comments
  50         has to be allowed (but these will not result in errors unless -t)
  51         to be copied to the output.
  52
  53      Multiple zonefile, allow- and deny-lines are allowed, but also the
  54      alternative file:-line that points to a textfile containing one
  55      value per line.
  56
  57
  58   -r allows fqdn to be empty thus denoting the root.
  59      This is also allowed per default when doing implict allow - see deny,
  60      or when specifying 'allow .', i.e. explictly allowing root as such.
  61      (cannot be combined with deny)
  62
  63
  64   -R relaxes the validation and allows empty mname and p-fields.xi
  65      This is probably not very useful.
  66
  67
  68   -i allows the ip-fields to be empty as well. These will then not generate any
  69      records.
  70
  71
  72   -I Include rejected lines as comments in output (valid when filtering).
  73
  74
  75   -q Do not echo valid lines to STDOUT.
  76
  77   -s DO NOT ignore files ending with ,v ~ .bak .log .old .swp .tmp
  78      which is done per default.
  79
  80
  81   -t Give error even on #comment-lines when they are not allowed.
  82      (These errors are silently ignored per default)
  83
  84
  85   -T<types>
  86      A commandline way to explicitly set the allowed recordtypes.
  87      This is _concatenated_ to the allowtype-allowed recordtypes.
  88
  89   -x Exit with non-null exit code on errors; i.e. make errors detectable by
  90      e.g. shell scripts; 1 = validation error, 2 = permission error,
  91      3 = combination of 1 and 2.
  92
  93
  94
  95 All errors in the zonefiles are sent to STDERR.
  96
  97      Example; simple use:
  98        valtz zone-bodin-org
  99
 100      Example; simple filter-use;
 101        valtz -f /etc/zones/zone-*
 102                 >/etc/tinydns/data.filtered
 103                 2>/var/log/tinydns/valtz.log
 104
 105      Example; filterfile use;
 106        valtz -F /etc/zones/filter/zones-otto
 107                 >/etc/tinydns/data.otto
 108                 2>/var/log/tinydns/valtz.log
 109
 110
 111      Example filterfile for using as import from primary (as above):
 112        zonefile   /var/zones/external/otto/zone-*
 113        deny       bodin.org
 114        deny       x42.com
 115        extralog   /var/log/tinydns/external-otto.log
 116
 117      Example #2, strict filter for a certain user editing just A-records
 118
 119        zonefile  /home/felix/zones/zone-fl3x-net
 120        allow     fl3x.net
 121        allowtype +
 122        extralog  /var/log/tinydns/fl3x-net.log
 123
 124      Example #3, export filter to secondary
 125
 126        zonefile  /var/zones/primary/zone-*
 127        # just allow OUR zones to be exported, not to annoy secondary partner
 128        allow     file:/var/zones/primary-zones.txt
 129        # don't allow any other types than this; e.g. comments won't be exported
 130        allowtype Z + @ . C
 131        extralog  /var/log/tinydns/primary-export.log
 132
 133      Example #4, /etc/zones/minimalistic-filterfile
 134
 135        deny file:/etc/zones/primary-zones.txt
 136        allowtype Z + @ . C
 137
 138        and on the commandline;
 139
 140         ssh remote.example.org cat /etc/export-zones.txt | \
 141             valtz -F /etc/zones/minimalistic-filterfile \
 142             >/etc/tinydns/remote.example.org-data \
 143             2>/var/log/remote.example.org-zones.log
 144
 145
 146 Please mail comments and errors and general feedback to <magnus@bodin.org>.
 147
 148
 149 Thanks to
 150   * Paul Jarc
 151   * Otto Dandenell
 152