Skip to content

Simple validation tool for tinydns-data zonefiles. Also able to filter file(s) from errors, not allowed zones and not allowed record types.

License

Notifications You must be signed in to change notification settings

initforthe/Valtz

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

valtz 0.7, ; (C) 2012 Kurt Nelson, http://github.com/kurtisnelson/valtz (C) 2003 Magnus Bodin, http://x42.com/software/ 
============================================================

Validation tool for tinydns-data zone files.

Usage:

  Simple validation:
    valtz [-qrRix] <zonefiles>

  Simple filtering:
    valtz -f[qrRiItTx] <zonefiles>

  Extensive filtering:
    valtz -F[qrRiItTx] <filterfiles>

General usage:
    valtz [-hfFqrRiItTx] <file(s)>

  -h shows this help.


  -f filter (don't just validate) file and output accepted lines to STDOUT.
     

  -F treat files as filter configuration files for more advanced filtering.
     These filterfiles one or several of the following filter directives:

     zonefile <zonefilepath>
     zonefile file:<path to textfile including zonefilepaths>
        Defines the file(s) to be filtered. Can be a globbed value, like
        /var/zones/external/*

     extralog <logfile>
        Defines an extra logfile that the STDERR output will be copied for
        this specific filterfile. Useful if you have a lot of filterfiles
        and want to separate the logs.

     deny <zonepattern>
     deny file:<path to <zonepatternfile>
        Defines a zonepattern to explicitly DENY after implicitly allowing all.
        (cannot be combined with allow)

     allow <zonepattern>
     allow file:<path to <zonepatternfile>
        Defines a zonepattern to explicitly ALLOW after implicitly denying all.

     allowtype <recordtype character(s)>
        Explicitly sets the allowed recordtypes. Note that even comments
        has to be allowed (but these will not result in errors unless -t)
        to be copied to the output.

     Multiple zonefile, allow- and deny-lines are allowed, but also the
     alternative file:-line that points to a textfile containing one
     value per line.
    
    
  -r allows fqdn to be empty thus denoting the root.
     This is also allowed per default when doing implict allow - see deny,
     or when specifying 'allow .', i.e. explictly allowing root as such.
     (cannot be combined with deny)

     
  -R relaxes the validation and allows empty mname and p-fields.xi
     This is probably not very useful.

     
  -i allows the ip-fields to be empty as well. These will then not generate any
     records.


  -I Include rejected lines as comments in output (valid when filtering).

 
  -q Do not echo valid lines to STDOUT.
    
  -s DO NOT ignore files ending with ,v ~ .bak .log .old .swp .tmp
     which is done per default.


  -t Give error even on #comment-lines when they are not allowed.
     (These errors are silently ignored per default)


  -T<types>
     A commandline way to explicitly set the allowed recordtypes.
     This is _concatenated_ to the allowtype-allowed recordtypes.

  -x Exit with non-null exit code on errors; i.e. make errors detectable by
     e.g. shell scripts; 1 = validation error, 2 = permission error,
     3 = combination of 1 and 2.



All errors in the zonefiles are sent to STDERR.

     Example; simple use:
       valtz zone-bodin-org

     Example; simple filter-use;
       valtz -f /etc/zones/zone-* 
                >/etc/tinydns/data.filtered 
                2>/var/log/tinydns/valtz.log

     Example; filterfile use;
       valtz -F /etc/zones/filter/zones-otto 
                >/etc/tinydns/data.otto 
                2>/var/log/tinydns/valtz.log

                
     Example filterfile for using as import from primary (as above):
       zonefile   /var/zones/external/otto/zone-*
       deny       bodin.org
       deny       x42.com
       extralog   /var/log/tinydns/external-otto.log    

     Example #2, strict filter for a certain user editing just A-records

       zonefile  /home/felix/zones/zone-fl3x-net
       allow     fl3x.net
       allowtype + 
       extralog  /var/log/tinydns/fl3x-net.log

     Example #3, export filter to secondary

       zonefile  /var/zones/primary/zone-*
       # just allow OUR zones to be exported, not to annoy secondary partner
       allow     file:/var/zones/primary-zones.txt
       # don't allow any other types than this; e.g. comments won't be exported
       allowtype Z + @ . C
       extralog  /var/log/tinydns/primary-export.log

     Example #4, /etc/zones/minimalistic-filterfile
       
       deny file:/etc/zones/primary-zones.txt
       allowtype Z + @ . C

       and on the commandline;

        ssh remote.example.org cat /etc/export-zones.txt | \
	    valtz -F /etc/zones/minimalistic-filterfile \
	    >/etc/tinydns/remote.example.org-data \
	    2>/var/log/remote.example.org-zones.log


Please mail comments and errors and general feedback to <[email protected]>.

About

Simple validation tool for tinydns-data zonefiles. Also able to filter file(s) from errors, not allowed zones and not allowed record types.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Perl 100.0%