CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d4eaa1489fb7026efebc842d0a1cec488fd31f7
zonemaster.es/zonemaster/docs/public/specifications/tests/Nameserver-TP/nameserver11.md

196 lines
9.8 KiB
Markdown
Raw Normal View History

feat: add full Zonemaster stack with Docker and Spanish UI - Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00
# NAMESERVER11: Test for unknown EDNS OPTION-CODE
## Test case identifier
**NAMESERVER11**
## Table of contents
* [Objective](#objective)
* [Scope](#scope)
* [Inputs](#inputs)
* [Summary](#summary)
* [Test procedure](#test-procedure)
* [Outcome(s)](#outcomes)
* [Special procedural requirements](#special-procedural-requirements)
* [Intercase dependencies](#intercase-dependencies)
* [Terminology](#terminology)
## Objective
EDNS is a mechanism to announce capabilities of a DNS implementation,
and is now basically required by any new functionality in DNS such as
DNSSEC ([RFC 6891]).
[RFC 6891][RFC 6891, section 6.1.2], section 6.1.2, states that any OPTION-CODE values
not understood by a responder or requestor MUST be ignored. Unknown OPTION-CODE values
must be processed as though the OPTION-CODE was not even there.
In this test case, we will query with an unknown EDNS OPTION-CODE and expect
that the OPTION-CODE is not present in the response for the query.
## Scope
It is assumed that *Child Zone* is also tested and reported by [Connectivity01]. This
test case will just ignore non-responsive name servers or name servers not
giving a correct DNS response for an authoritative name server.
It is assumed that *Child Zone* has been tested and reported by [Nameserver02].
Running this test case without running [Nameserver02] can give an incomplete
report status of *Child Zone*.
## Inputs
"Child Zone" - The domain name to be tested.
## Summary
Message Tag | Level | Arguments | Message ID for message tag
:---------------------------------|:--------|-------------------|---------------------------------------------
N11_NO_EDNS | WARNING | ns_ip_list | The DNS response, on query with unknown EDNS option-code, does not contain any EDNS from name servers "{ns_ip_list}".
N11_NO_RESPONSE | WARNING | ns_ip_list | There is no response on query with unknown EDNS option-code from name servers "{ns_ip_list}".
N11_RETURNS_UNKNOWN_OPTION_CODE | WARNING | ns_ip_list | The DNS response, on query with unknown EDNS option-code, contains an unknown EDNS option-code from name servers "{ns_ip_list}".
N11_UNEXPECTED_ANSWER_SECTION | WARNING | ns_ip_list | The DNS response, on query with unknown EDNS option-code, does not contain the expected SOA record in the answer section from name servers "{ns_ip_list}".
N11_UNEXPECTED_RCODE | WARNING | ns_ip_list, rcode | The DNS response, on query with unknown EDNS option-code, has unexpected RCODE name "{rcode}" from name servers "{ns_ip_list}".
N11_UNSET_AA | WARNING | ns_ip_list | The DNS response, on query with unknown EDNS option-code, is unexpectedly not authoritative from name servers "{ns_ip_list}".
The value in the Level column is the default severity level of the message. The
severity level can be changed in the [Zonemaster-Engine profile]. Also see the
[Severity Level Definitions] document.
The argument names in the Arguments column lists the arguments used in the
message. The argument names are defined in the [argument list].
## Test procedure
In this section and unless otherwise specified below, the term "[EDNS Query]"
follows the specification for DNS queries as specified in [DNS Query and Response Defaults].
The handling of the DNS responses on the DNS queries follow, unless otherwise specified below,
what is specified for [EDNS Response] in the same specification.
1. Create the following empty sets:
1. Name server IP address ("No Response on Unknown Option Code")
2. Name server IP address and [RCODE Name] ("Unexpected RCODE on Unknown Option Code")
3. Name server IP address ("No EDNS on Unknown Option Code")
4. Name server IP address ("Unexpected Answer Section on Unknown Option Code")
5. Name server IP address ("Unset AA on Unknown Option Code")
6. Name server IP address ("Returns Unknown Option Code")
2. Create a [EDNS Query] with query type SOA, *Child Zone* as query name and with
no EDNS options or flags ("SOA Query").
3. Create a [EDNS Query] with query type SOA, *Child Zone* as query name and with
EDNS OPTION-CODE set to anything other than what is already assigned in
the [IANA-DNSSYSTEM-PARAMETERS] and no other EDNS options or flags
("SOA Query with EDNS Option").
4. Obtain the set of name server IP addresses using [Method4] and [Method5]
("Name Server IP").
5. For each name server in *Name Server IP* do:
1. Send *SOA Query* to the name server and collect the response.
2. Go to next name server if at least one of the following criteria is met:
1. There is no DNS response from the server.
2. EDNS is unset in the response.
3. The [RCODE Name] in the response is not "NoError".
4. The AA flag is unset in the response.
5. The answer section has no SOA record with *Child Zone* as owner name.
3. Send *SOA Query with EDNS Option* to the name server and collect the
response.
1. If there is no DNS response from the server then add the name server to
the *No Response on Unknown Option Code* set.
2. Else, if the [RCODE Name] in the response is not "NoError" then add the
name server and [RCODE Name] to the
*Unexpected RCODE on Unknown Option Code* set.
server.
3. Else, if EDNS is unset in the response then add the name server to
the *No EDNS on Unknown Option Code* set.
4. Else, if the answer section has no SOA record with *Child Zone* as owner
name then add the name server to the
*Unexpected Answer Section on Unknown Option Code* set.
5. Else, if the AA flag is unset in the response then add the name server
to the *Unset AA on Unknown Option Code* set.
6. Else, if the "OPTION-CODE" from the query is present in the response,
then add name server to the *Returns Unknown Option Code* set.
7. Else, no issues were found.
5. If the *No Response on Unknown Option Code* set is non-empty, then output
*[N11_NO_RESPONSE]* with the name servers IP addresses from the set.
6. If the *Unexpected RCODE on Unknown Option Code* set is non-empty, then for
each [RCODE NAME] in the set output *[N11_UNEXPECTED_RCODE]* with the
[RCODE Name] and the name servers IP addresses for that [RCODE NAME] in the
set.
7. If the *No EDNS on Unknown Option Code* set is non-empty, then output
*[N11_NO_EDNS]* with the name servers IP addresses from the set.
8. If the *Unexpected Answer Section on Unknown Option Code* set is non-empty,
then output *[N11_UNEXPECTED_ANSWER_SECTION]* with the name servers IP
addresses from the set.
9. If the *Unset AA on Unknown Option Code* set is non-empty, then output
*[N11_UNSET_AA]* with the name servers IP addresses from the set.
11. If the *Returns Unknown Option Code* set is non-empty, then output
*[N11_RETURNS_UNKNOWN_OPTION_CODE]* with the name servers IP addresses from
the set.
## Outcome(s)
The outcome of this Test Case is "fail" if there is at least one message
with the severity level *[ERROR]* or *[CRITICAL]*.
The outcome of this Test Case is "warning" if there is at least one message
with the severity level *[WARNING]*, but no message with severity level
*ERROR* or *CRITICAL*.
In other cases, no message or only messages with severity level
*[INFO]* or *[NOTICE]*, the outcome of this Test Case is "pass".
## Special procedural requirements
If either IPv4 or IPv6 transport is disabled, skip sending queries over that
transport protocol. A message will be outputted reporting that the transport
protocol has been skipped.
## Intercase dependencies
None.
## Terminology
No special terminology for this test case.
[Argument list]: ../ArgumentsForTestCaseMessages.md
[Connectivity01]: ../Connectivity-TP/connectivity01.md
[CRITICAL]: ../SeverityLevelDefinitions.md#critical
[DNS Query and Response Defaults]: ../DNSQueryAndResponseDefaults.md
[EDNS Query]: ../DNSQueryAndResponseDefaults.md#default-setting-in-edns-query
[EDNS Response]: ../DNSQueryAndResponseDefaults.md#default-handling-of-an-edns-response
[ERROR]: ../SeverityLevelDefinitions.md#error
[IANA-DNSSYSTEM-PARAMETERS]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-11
[INFO]: ../SeverityLevelDefinitions.md#info
[Message Tag Specification]: MessageTagSpecification.md
[Method4]: ../Methods.md#method-4-obtain-glue-address-records-from-parent
[Method5]: ../Methods.md#method-5-obtain-the-name-server-address-records-from-child
[Methods]: ../Methods.md
[N11_NO_EDNS]: #summary
[N11_NO_RESPONSE]: #summary
[N11_RETURNS_UNKNOWN_OPTION_CODE]: #summary
[N11_UNEXPECTED_ANSWER_SECTION]: #summary
[N11_UNEXPECTED_RCODE]: #summary
[N11_UNSET_AA]: #summary
[NOTICE]: ../SeverityLevelDefinitions.md#notice
[Nameserver02]: ../Nameserver-TP/nameserver02.md
[RCODE Name]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6
[RFC 6891, section 6.1.2]: https://datatracker.ietf.org/doc/html/rfc6891#section-6.1.2
[RFC 6891]: https://datatracker.ietf.org/doc/html/rfc6891
[Severity Level Definitions]: ../SeverityLevelDefinitions.md
[Test Case Identifier Specification]: TestCaseIdentifierSpecification.md
[WARNING]: ../SeverityLevelDefinitions.md#warning
[Zonemaster-Engine profile]: ../../../configuration/profiles.md
Reference in New Issue Copy Permalink