zonemaster/docs/public/specifications/test-zones/DNSSEC-TP/dnssec01.md

# Specification of Test Scenarios for DNSSEC01


## Table of contents

* [Background](#background)
* [Test Case](#test-case)
* [Test scenarios](#test-scenarios)
* [Test zone names](#test-zone-names)
* [All message tags](#all-message-tags)
* [Test scenarios and message tags](#test-scenarios-and-message-tags)
* [Test scenarios and setup of test zones]


## Background

See the [test scenario README file].


## Test Case

This document specifies defined test scenarios for test case [DNSSEC01].


## Test scenarios

The purpose of the test scenarios is to cover all reasonable contexts where
different message tags are outputted when [DNSSEC01] is run on a test zone. The
message tags are defined in the test case ([DNSSEC01]) and the scenarios are
defined below.

The test scenarios are structured as stated in the [test scenario README file].


## Test zone names

The test zone or zones for each test scenario in this document is a subdomain
(or lower zone) delegated from the base name (`dnssec01.xa`) and that subdomain
having the same name as the scenario. The names of those zones are given in
section "[Test scenarios and setup of test zones]" below.


## All message tags

The test case can output any of these message tags, but not necessarily in any
combination. See [DNSSEC01] for the specification of the tags.

* DS01_DS_ALGO_2_MISSING
* DS01_DS_ALGO_DEPRECATED
* DS01_DS_ALGO_NOT_DS
* DS01_DS_ALGO_OK
* DS01_DS_ALGO_PRIVATE
* DS01_DS_ALGO_RESERVED
* DS01_DS_ALGO_UNASSIGNED
* DS01_NO_RESPONSE
* DS01_PARENT_SERVER_NO_DS
* DS01_PARENT_ZONE_NO_DS
* DS01_ROOT_N_NO_UNDEL_DS
* DS01_UNDEL_N_NO_UNDEL_DS


## Test scenarios and message tags

If a message tag is not listed for the scenario, its presence or non-presence is
irrelevant to the test scenario and must be ignored.

| Scenario name         | Mandatory tags                                                 | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-DEPRECATED-1     | DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_2_MISSING                | 2)             |
| ALGO-DEPRECATED-3     | DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_2_MISSING                | 2)             |
| ALGO-NOT-DS-0         | DS01_DS_ALGO_NOT_DS, DS01_DS_ALGO_2_MISSING                    | 2)             |
| ALGO-OK-2             | DS01_DS_ALGO_OK                                                | 2)             |
| ALGO-OK-4             | DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING                        | 2)             |
| ALGO-OK-5             | DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING                        | 2)             |
| ALGO-OK-6             | DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING                        | 2)             |
| ALGO-PRIVATE-253      | DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_2_MISSING                   | 2)             |
| ALGO-PRIVATE-254      | DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_2_MISSING                   | 2)             |
| ALGO-RESERVED-128     | DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING                  | 2)             |
| ALGO-RESERVED-188     | DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING                  | 2)             |
| ALGO-RESERVED-252     | DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING                  | 2)             |
| ALGO-UNASSIGNED-7     | DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING                | 2)             |
| ALGO-UNASSIGNED-67    | DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING                | 2)             |
| ALGO-UNASSIGNED-127   | DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING                | 2)             |
| MIXED-ALGO-1          | DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_OK | 2)             |
| SHARED-IP-1           | DS01_DS_ALGO_OK                                                | 2)             |
| SHARED-IP-2           | DS01_DS_ALGO_OK                                                | 2)             |
| NO-RESPONSE-1         | DS01_NO_RESPONSE                                               | 2)             |
| NO-VALID-RESPONSE-1   | DS01_NO_RESPONSE                                               | 2)             |
| PARENT-SERVER-NO-DS-1 | DS01_PARENT_SERVER_NO_DS, DS01_DS_ALGO_OK                      | 2)             |
| PARENT-ZONE-NO-DS-1   | DS01_PARENT_ZONE_NO_DS                                         | 2)             |
| UNDEL-NO-UNDEL-DS-1   | DS01_UNDEL_N_NO_UNDEL_DS                                       | 2)             |
| UNDEL-WITH-UNDEL-DS-1 | DS01_DS_ALGO_OK                                                | 2)             |
| ROOT-NO-UNDEL-DS-1    | DS01_ROOT_N_NO_UNDEL_DS                                        | 2)             |
| ROOT-WITH-UNDEL-DS-1  | DS01_DS_ALGO_OK                                                | 2)             |

* (1) All tags except for those specified as "Forbidden tags" (no instances for these test scenarios)
* (2) All tags except for those specified as "Mandatory tags"

## Test scenarios and setup of test zones

### Default zone configuration
Unless otherwise specified in the specific scenario specification, the test zone
or zones for the scenario will follow the default setup as stated below. The
`child zone` is the zone to be tested for the scenario.

* The child zone is `SCENARIO.dnssec01.xa`.
  * It is delegated to two name servers, `ns1.SCENARIO.dnssec01.xa`
    and `ns2.SCENARIO.dnssec01.xa`.
    * The name server names have A and AAAA records to avoid non-relevant error
      messages.
    * The delegation of the child zone is to an OOB NS.
      * NS can be resolved through the `dnssec01.xa` zone.
  * There is a zone file for the child zone.
  * All child zone servers give the same response.
  * The only responses that can be assumed are queries for
    * NS
    * SOA
  * The parent zone will respond with one DS record per child zone.
* The parent zone is `dnssec01.xa`.
  * It is served by two in-bailiwick NS (ns1 and ns2).
  * ns1 and ns2 have the same zone content.
  * ns1 and ns2 have both IPv4 and IPv6 glue.
  * The records matching glue in the zone are complete.
* All responses will have the AA bit set.
* All responses will have the [RCODE Name] "NoError".
* The DS digest algorithm is 2 unless specified for the scenario.
  * The DS record can be technically invalid. Only the format is valid and
    only the digest algorithm value is checked.
* The zone is not signed.

### ALGO-DEPRECATED-1
The DS digest algorithm number is 1

* Zone: algo-deprecated-1.dnssec01.xa.
  * The algorithm of the DS digest in the response is 1.

### ALGO-DEPRECATED-3
The DS digest algorithm number is 3

* Zone: algo-deprecated-3.dnssec01.xa.
  * The algorithm of the DS digest in the response is 3.

### ALGO-RESERVED-128
The DS digest algorithm number is 128

* Zone: algo-reserved-128.dnssec01.xa.
  * The algorithm of the DS digest in the response is 128.

### ALGO-RESERVED-188
The DS digest algorithm number is 188

* Zone: algo-reserved-188.dnssec01.xa.
  * The algorithm of the DS digest in the response is 188.

### ALGO-RESERVED-252
The DS digest algorithm number is 252

* Zone: algo-reserved-252.dnssec01.xa.
  * The algorithm of the DS digest in the response is 252.

### ALGO-UNASSIGNED-7
The DS digest algorithm number is 7

* Zone: algo-unassigned-7.dnssec01.xa.
  * The algorithm of the DS digest in the response is 7.

### ALGO-UNASSIGNED-67
The DS digest algorithm number is 67

* Zone: algo-unassigned-67.dnssec01.xa.
  * The algorithm of the DS digest in the response is 67.

### ALGO-UNASSIGNED-127
The DS digest algorithm number is 127

* Zone: algo-unassigned-127.dnssec01.xa.
  * The algorithm of the DS digest in the response is 127.

### ALGO-PRIVATE-253
The DS digest algorithm number is 253

* Zone: algo-private-253.dnssec01.xa.
  * The algorithm of the DS digest in the response is 253.

### ALGO-PRIVATE-254
The DS digest algorithm number is 254

* Zone: algo-private-254.dnssec01.xa.
  * The algorithm of the DS digest in the response is 254.

### ALGO-NOT-DS-0
The DS digest algorithm number is 0

* Zone: algo-not-ds-0.dnssec01.xa.
  * The algorithm of the DS digest in the response is 0.

### ALGO-OK-2
The DS digest algorithm number is 2

* Zone: algo-ok-2.dnssec01.xa.
  * The algorithm of the DS digest in the response is 2.

### ALGO-OK-4
The DS digest algorithm number is 4

* Zone: algo-ok-4.dnssec01.xa.
  * The algorithm of the DS digest in the response is 4.

### ALGO-OK-5
The DS digest algorithm number is 5

* Zone: algo-ok-5.dnssec01.xa.
  * The algorithm of the DS digest in the response is 5.

### ALGO-OK-6
The DS digest algorithm number is 6

* Zone: algo-ok-6.dnssec01.xa.
  * The algorithm of the DS digest in the response is 6.

### MIXED-ALGO-1
Three DS with different algorithms.

* Zone: mixed-algo-1.dnssec01.xa.
  * The response has three DS with different algorithms:
    * 1
    * 2
    * 253

### SHARED-IP-1
Two parent name servers resolv to the same IP address.

* Zone: child.shared-ip-1.dnssec01.xa.
  * The parent zone is "shared-ip-1.dnssec01.xa" and the grandparent zone is
    "dnssec01.xa".
  * The parent is delegated to IB ns1a and ns1b with the same IPv4 and IPv6
    addresses.

### SHARED-IP-2
Delegation of parent does not use the same name server name as parent zone.

* Zone: child.shared-ip-2.dnssec01.xa.
  * The parent zone is "shared-ip-2.dnssec01.xa" and the grandparent zone is
    "dnssec01.xa".
  * The parent is delegated to IB ns1 and ns2, but in the parent zone the names
    are dns1 and dns2.
    * ns1 and dns1 resolve to the same IP addresses.
    * ns2 and dns2 resolve to the same IP addresses.

### NO-RESPONSE-1
No response from any of the servers on the DS query.

* Zone: child.no-response-1.dnssec01.xa.
  * No response at all from parent ns1 and ns2.

### NO-VALID-RESPONSE-1
No valid response from any of the servers on the DS query.

* Zone: child.no-valid-response-1.dnssec01.xa.
  * Response from parent ns1 has RCODE SERVFAIL.
  * Response from parent ns2 has RCODE REFUSED.
  * Child zone does not exist

### PARENT-SERVER-NO-DS-1
No DS from parent ns1.

* Zone: child.parent-server-no-ds-1.dnssec01.xa.
  * Response from parent ns1 is NODATA (no DS).
  * Response from parent ns2 is normal.

### PARENT-ZONE-NO-DS-1
No DS from neither parent ns1 nor parent ns2.

* Zone: parent-zone-no-ds-1.dnssec01.xa.
  * Responses from parent ns1 and parent ns2 are NODATA (no DS).

### UNDEL-NO-UNDEL-DS-1
Zone is not delegated, but undelegated data is provided. No DS.

* Zone: undel-no-undel-ds-1.dnssec01.xa.
  * The zone is not delegated, but there is undelegated data.
  * ns1 and ns2 are OOB.
  * No undelegated DS is provided.

### UNDEL-WITH-UNDEL-DS-1
Zone is not delegated, but undelegated data is provided with DS.

* Zone: undel-with-undel-ds-1.dnssec01.xa.
  * The zone is not delegated, but there is undelegated data.
  * ns1 and ns2 are OOB.
  * Undelegated DS is provided.

### ROOT-NO-UNDEL-DS-1
Zone is the root zone, and no undelegated DS is provided.

* Zone: "."
  * ns1 and ns2 are IB.
  * The zone exists.

### ROOT-WITH-UNDEL-DS-1
Zone is the root zone, and undelegated DS is provided.

* Zone: "."
  * ns1 and ns2 are IB.
  * The zone exists.


[DNSSEC01]:                                                       ../../tests/DNSSEC-TP/dnssec01.md
[RCODE Name]:                                                     https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6
[Test scenario README file]:                                      ../README.md
[Test scenarios and setup of test zones]:                         #test-scenarios-and-setup-of-test-zones
feat: add full Zonemaster stack with Docker and Spanish UI - Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-21 08:19:24 +02:00			`# Specification of Test Scenarios for DNSSEC01`


			`## Table of contents`

			`* [Background](#background)`
			`* [Test Case](#test-case)`
			`* [Test scenarios](#test-scenarios)`
			`* [Test zone names](#test-zone-names)`
			`* [All message tags](#all-message-tags)`
			`* [Test scenarios and message tags](#test-scenarios-and-message-tags)`
			`* [Test scenarios and setup of test zones]`


			`## Background`

			`See the [test scenario README file].`


			`## Test Case`

			`This document specifies defined test scenarios for test case [DNSSEC01].`


			`## Test scenarios`

			`The purpose of the test scenarios is to cover all reasonable contexts where`
			`different message tags are outputted when [DNSSEC01] is run on a test zone. The`
			`message tags are defined in the test case ([DNSSEC01]) and the scenarios are`
			`defined below.`

			`The test scenarios are structured as stated in the [test scenario README file].`


			`## Test zone names`

			`The test zone or zones for each test scenario in this document is a subdomain`
			(or lower zone) delegated from the base name (`dnssec01.xa`) and that subdomain
			`having the same name as the scenario. The names of those zones are given in`
			`section "[Test scenarios and setup of test zones]" below.`


			`## All message tags`

			`The test case can output any of these message tags, but not necessarily in any`
			`combination. See [DNSSEC01] for the specification of the tags.`

			`* DS01_DS_ALGO_2_MISSING`
			`* DS01_DS_ALGO_DEPRECATED`
			`* DS01_DS_ALGO_NOT_DS`
			`* DS01_DS_ALGO_OK`
			`* DS01_DS_ALGO_PRIVATE`
			`* DS01_DS_ALGO_RESERVED`
			`* DS01_DS_ALGO_UNASSIGNED`
			`* DS01_NO_RESPONSE`
			`* DS01_PARENT_SERVER_NO_DS`
			`* DS01_PARENT_ZONE_NO_DS`
			`* DS01_ROOT_N_NO_UNDEL_DS`
			`* DS01_UNDEL_N_NO_UNDEL_DS`


			`## Test scenarios and message tags`

			`If a message tag is not listed for the scenario, its presence or non-presence is`
			`irrelevant to the test scenario and must be ignored.`

			`\| Scenario name \| Mandatory tags \| Forbidden tags \|`
			`\|:----------------------\|:---------------------------------------------------------------\|:---------------\|`
			`\| ALGO-DEPRECATED-1 \| DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-DEPRECATED-3 \| DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-NOT-DS-0 \| DS01_DS_ALGO_NOT_DS, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-OK-2 \| DS01_DS_ALGO_OK \| 2) \|`
			`\| ALGO-OK-4 \| DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-OK-5 \| DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-OK-6 \| DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-PRIVATE-253 \| DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-PRIVATE-254 \| DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-RESERVED-128 \| DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-RESERVED-188 \| DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-RESERVED-252 \| DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-UNASSIGNED-7 \| DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-UNASSIGNED-67 \| DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| ALGO-UNASSIGNED-127 \| DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING \| 2) \|`
			`\| MIXED-ALGO-1 \| DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_OK \| 2) \|`
			`\| SHARED-IP-1 \| DS01_DS_ALGO_OK \| 2) \|`
			`\| SHARED-IP-2 \| DS01_DS_ALGO_OK \| 2) \|`
			`\| NO-RESPONSE-1 \| DS01_NO_RESPONSE \| 2) \|`
			`\| NO-VALID-RESPONSE-1 \| DS01_NO_RESPONSE \| 2) \|`
			`\| PARENT-SERVER-NO-DS-1 \| DS01_PARENT_SERVER_NO_DS, DS01_DS_ALGO_OK \| 2) \|`
			`\| PARENT-ZONE-NO-DS-1 \| DS01_PARENT_ZONE_NO_DS \| 2) \|`
			`\| UNDEL-NO-UNDEL-DS-1 \| DS01_UNDEL_N_NO_UNDEL_DS \| 2) \|`
			`\| UNDEL-WITH-UNDEL-DS-1 \| DS01_DS_ALGO_OK \| 2) \|`
			`\| ROOT-NO-UNDEL-DS-1 \| DS01_ROOT_N_NO_UNDEL_DS \| 2) \|`
			`\| ROOT-WITH-UNDEL-DS-1 \| DS01_DS_ALGO_OK \| 2) \|`

			`* (1) All tags except for those specified as "Forbidden tags" (no instances for these test scenarios)`
			`* (2) All tags except for those specified as "Mandatory tags"`

			`## Test scenarios and setup of test zones`

			`### Default zone configuration`
			`Unless otherwise specified in the specific scenario specification, the test zone`
			`or zones for the scenario will follow the default setup as stated below. The`
			`child zone` is the zone to be tested for the scenario.

			* The child zone is `SCENARIO.dnssec01.xa`.
			* It is delegated to two name servers, `ns1.SCENARIO.dnssec01.xa`
			and `ns2.SCENARIO.dnssec01.xa`.
			`* The name server names have A and AAAA records to avoid non-relevant error`
			`messages.`
			`* The delegation of the child zone is to an OOB NS.`
			* NS can be resolved through the `dnssec01.xa` zone.
			`* There is a zone file for the child zone.`
			`* All child zone servers give the same response.`
			`* The only responses that can be assumed are queries for`
			`* NS`
			`* SOA`
			`* The parent zone will respond with one DS record per child zone.`
			* The parent zone is `dnssec01.xa`.
			`* It is served by two in-bailiwick NS (ns1 and ns2).`
			`* ns1 and ns2 have the same zone content.`
			`* ns1 and ns2 have both IPv4 and IPv6 glue.`
			`* The records matching glue in the zone are complete.`
			`* All responses will have the AA bit set.`
			`* All responses will have the [RCODE Name] "NoError".`
			`* The DS digest algorithm is 2 unless specified for the scenario.`
			`* The DS record can be technically invalid. Only the format is valid and`
			`only the digest algorithm value is checked.`
			`* The zone is not signed.`

			`### ALGO-DEPRECATED-1`
			`The DS digest algorithm number is 1`

			`* Zone: algo-deprecated-1.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 1.`

			`### ALGO-DEPRECATED-3`
			`The DS digest algorithm number is 3`

			`* Zone: algo-deprecated-3.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 3.`

			`### ALGO-RESERVED-128`
			`The DS digest algorithm number is 128`

			`* Zone: algo-reserved-128.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 128.`

			`### ALGO-RESERVED-188`
			`The DS digest algorithm number is 188`

			`* Zone: algo-reserved-188.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 188.`

			`### ALGO-RESERVED-252`
			`The DS digest algorithm number is 252`

			`* Zone: algo-reserved-252.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 252.`

			`### ALGO-UNASSIGNED-7`
			`The DS digest algorithm number is 7`

			`* Zone: algo-unassigned-7.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 7.`

			`### ALGO-UNASSIGNED-67`
			`The DS digest algorithm number is 67`

			`* Zone: algo-unassigned-67.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 67.`

			`### ALGO-UNASSIGNED-127`
			`The DS digest algorithm number is 127`

			`* Zone: algo-unassigned-127.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 127.`

			`### ALGO-PRIVATE-253`
			`The DS digest algorithm number is 253`

			`* Zone: algo-private-253.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 253.`

			`### ALGO-PRIVATE-254`
			`The DS digest algorithm number is 254`

			`* Zone: algo-private-254.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 254.`

			`### ALGO-NOT-DS-0`
			`The DS digest algorithm number is 0`

			`* Zone: algo-not-ds-0.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 0.`

			`### ALGO-OK-2`
			`The DS digest algorithm number is 2`

			`* Zone: algo-ok-2.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 2.`

			`### ALGO-OK-4`
			`The DS digest algorithm number is 4`

			`* Zone: algo-ok-4.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 4.`

			`### ALGO-OK-5`
			`The DS digest algorithm number is 5`

			`* Zone: algo-ok-5.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 5.`

			`### ALGO-OK-6`
			`The DS digest algorithm number is 6`

			`* Zone: algo-ok-6.dnssec01.xa.`
			`* The algorithm of the DS digest in the response is 6.`

			`### MIXED-ALGO-1`
			`Three DS with different algorithms.`

			`* Zone: mixed-algo-1.dnssec01.xa.`
			`* The response has three DS with different algorithms:`
			`* 1`
			`* 2`
			`* 253`

			`### SHARED-IP-1`
			`Two parent name servers resolv to the same IP address.`

			`* Zone: child.shared-ip-1.dnssec01.xa.`
			`* The parent zone is "shared-ip-1.dnssec01.xa" and the grandparent zone is`
			`"dnssec01.xa".`
			`* The parent is delegated to IB ns1a and ns1b with the same IPv4 and IPv6`
			`addresses.`

			`### SHARED-IP-2`
			`Delegation of parent does not use the same name server name as parent zone.`

			`* Zone: child.shared-ip-2.dnssec01.xa.`
			`* The parent zone is "shared-ip-2.dnssec01.xa" and the grandparent zone is`
			`"dnssec01.xa".`
			`* The parent is delegated to IB ns1 and ns2, but in the parent zone the names`
			`are dns1 and dns2.`
			`* ns1 and dns1 resolve to the same IP addresses.`
			`* ns2 and dns2 resolve to the same IP addresses.`

			`### NO-RESPONSE-1`
			`No response from any of the servers on the DS query.`

			`* Zone: child.no-response-1.dnssec01.xa.`
			`* No response at all from parent ns1 and ns2.`

			`### NO-VALID-RESPONSE-1`
			`No valid response from any of the servers on the DS query.`

			`* Zone: child.no-valid-response-1.dnssec01.xa.`
			`* Response from parent ns1 has RCODE SERVFAIL.`
			`* Response from parent ns2 has RCODE REFUSED.`
			`* Child zone does not exist`

			`### PARENT-SERVER-NO-DS-1`
			`No DS from parent ns1.`

			`* Zone: child.parent-server-no-ds-1.dnssec01.xa.`
			`* Response from parent ns1 is NODATA (no DS).`
			`* Response from parent ns2 is normal.`

			`### PARENT-ZONE-NO-DS-1`
			`No DS from neither parent ns1 nor parent ns2.`

			`* Zone: parent-zone-no-ds-1.dnssec01.xa.`
			`* Responses from parent ns1 and parent ns2 are NODATA (no DS).`

			`### UNDEL-NO-UNDEL-DS-1`
			`Zone is not delegated, but undelegated data is provided. No DS.`

			`* Zone: undel-no-undel-ds-1.dnssec01.xa.`
			`* The zone is not delegated, but there is undelegated data.`
			`* ns1 and ns2 are OOB.`
			`* No undelegated DS is provided.`

			`### UNDEL-WITH-UNDEL-DS-1`
			`Zone is not delegated, but undelegated data is provided with DS.`

			`* Zone: undel-with-undel-ds-1.dnssec01.xa.`
			`* The zone is not delegated, but there is undelegated data.`
			`* ns1 and ns2 are OOB.`
			`* Undelegated DS is provided.`

			`### ROOT-NO-UNDEL-DS-1`
			`Zone is the root zone, and no undelegated DS is provided.`

			`* Zone: "."`
			`* ns1 and ns2 are IB.`
			`* The zone exists.`

			`### ROOT-WITH-UNDEL-DS-1`
			`Zone is the root zone, and undelegated DS is provided.`

			`* Zone: "."`
			`* ns1 and ns2 are IB.`
			`* The zone exists.`


			`[DNSSEC01]: ../../tests/DNSSEC-TP/dnssec01.md`
			`[RCODE Name]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6`
			`[Test scenario README file]: ../README.md`
			`[Test scenarios and setup of test zones]: #test-scenarios-and-setup-of-test-zones`