CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add full Zonemaster stack with Docker and Spanish UI

Browse Source 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-04-21 08:19:24 +02:00
commit 8d4eaa1489
1567 changed files with 204155 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
zonemaster/docs/public/specifications/tests/Connectivity-TP/connectivity02.md Normal file
View File

@@ -0,0 +1,194 @@
# CONNECTIVITY02: TCP connectivity to name servers
## Test case identifier
**CONNECTIVITY02**
## Table of contents
* [Objective](#objective)
* [Scope](#scope)
* [Inputs](#inputs)
* [Summary](#summary)
* [Test procedure](#test-procedure)
* [Outcome(s)](#outcomes)
* [Special procedural requirements](#special-procedural-requirements)
* [Intercase dependencies](#intercase-dependencies)
* [Terminology](#terminology)
## Objective
TCP is a protocol to reach a general purpose name server hosting a zone, "All
general-purpose DNS implementations MUST support \[...] TCP transport"
([RFC 7766][RFC 7766#5], section 5).
This Test Case will verify if the name servers of *Child Zone* are reachable over
TCP. The name servers tested are both those in the delegation of *Child Zone* and
those in the NS records in the *Child Zone* itself.
This Test Case will mimic the tests done by [Connectivity01], but over TCP
instead:
* Name Server responding to a query.
* Name Server including SOA record of *Child Zone* in the answer section in the
response on a SOA query for *Child Zone*.
* Name Server including NS record of *Child Zone* in the answer section in the
response on an NS query for *Child Zone*.
* Name Server setting the AA flag in a response with SOA or NS in answer section.
* Name Server responding with expected [RCODE Name] ("NoError") on query for SOA
or NS for *Child Zone*.
## Scope
The only TCP port defined for DNS is port 53 ([RFC 1035][RFC 1035#4.2.1], section
4.2.1), and that is the only port used by this and other Test Cases for DNS
queries to the name servers.
UDP connectivity is tested by Test Case [Connectivity01].
## Inputs
* "Child Zone" - The domain name to be tested.
## Summary
Message Tag |Level |Arguments | Message ID for message tag
:-----------------------------------|:------|:----------|:---------------------------------------------------------------------------------------
CN02_MISSING_NS_RECORD_TCP |WARNING| ns | Nameserver {ns} responds to a NS query with no NS records in the answer section over TCP.
CN02_MISSING_SOA_RECORD_TCP |WARNING| ns | Nameserver {ns} responds to a SOA query with no SOA records in the answer section over TCP.
CN02_NO_RESPONSE_NS_QUERY_TCP |WARNING| ns | Nameserver {ns} does not respond to NS queries over TCP.
CN02_NO_RESPONSE_SOA_QUERY_TCP |WARNING| ns | Nameserver {ns} does not respond to SOA queries over TCP.
CN02_NO_RESPONSE_TCP |WARNING| ns | Nameserver {ns} does not respond to any queries over TCP.
CN02_NS_RECORD_NOT_AA_TCP |WARNING| ns | Nameserver {ns} does not give an authoritative response on an NS query over TCP.
CN02_SOA_RECORD_NOT_AA_TCP |WARNING| ns | Nameserver {ns} does not give an authoritative response on an SOA query over TCP.
CN02_UNEXPECTED_RCODE_NS_QUERY_TCP |WARNING| ns, rcode | Nameserver {ns} responds with an unexpected RCODE ({rcode}) on an NS query over TCP.
CN02_UNEXPECTED_RCODE_SOA_QUERY_TCP |WARNING| ns, rcode | Nameserver {ns} responds with an unexpected RCODE ({rcode}) on an SOA query over TCP.
CN02_WRONG_NS_RECORD_TCP |WARNING| ns, , domain_found, domain_expected | Nameserver {ns} responds with a wrong owner name ({domain_found} instead of {domain_expected}) on NS queries over TCP.
CN02_WRONG_SOA_RECORD_TCP |WARNING| ns, , domain_found, domain_expected | Nameserver {ns} responds with a wrong owner name ({domain_found} instead of {domain_expected}) on SOA queries over TCP.
The value in the Level column is the default severity level of the message. The
severity level can be changed in the [Zonemaster-Engine profile]. Also see the
[Severity Level Definitions] document.
The argument names in the Arguments column lists the arguments used in the
message. The argument names are defined in the [argument list].
## Test procedure
In this section and unless otherwise specified below, the term "[DNS Query]"
follows the specification for DNS queries as specified in
[DNS Query and Response Defaults]. The handling of the DNS responses on the DNS
queries follow, unless otherwise specified below, what is specified for
[DNS Response] in the same specification.
1. Create [DNS Queries][DNS Query]:
1. Query type SOA and query name *Child Zone* over TCP ("SOA Query TCP").
1. Query type NS and query name *Child Zone* over TCP ("NS Query TCP").
2. Obtain the set of name server IP addresses using [Method4] and [Method5]
("Name Server IP").
3. For each name server in *Name Server IP* do:
1. Send *SOA Query TCP* and *NS Query TCP* to the name server and collect
the [DNS Responses][DNS Response].
2. If there is no DNS response on neither query, then:
1. Output *[CN02_NO_RESPONSE_TCP]* with name and IP address of the name
server.
2. Go to next name server.
3. Else:
1. Process the response on *SOA Query TCP*:
1. If there is no [DNS response], then output
*[CN02_NO_RESPONSE_SOA_QUERY_TCP]* with name and IP address of the
name server.
2. Else, if [RCODE Name] is not "NoError" then output
*[CN02_UNEXPECTED_RCODE_SOA_QUERY_TCP]* with [RCODE Name] and name
and IP address of the name server.
3. Else, if there is no SOA record in the answer section, then
output *[CN02_MISSING_SOA_RECORD_TCP]* with name and IP address of
the name server.
4. Else, if the SOA record has owner name other than *Child Zone*
then output *[CN02_WRONG_SOA_RECORD_TCP]* with name and IP address of
the name server, the SOA record owner name and *Child Zone*.
5. Else, if AA flag is unset, then output *[CN02_SOA_RECORD_NOT_AA_TCP]*
with name and IP address of the name server.
2. Process the response on *NS Query TCP*:
1. If there is no [DNS Response], then output
*[CN02_NO_RESPONSE_NS_QUERY_TCP]* with name and IP address of the
name server.
2. Else, if [RCODE Name] is not "NoError" then output
*[CN02_UNEXPECTED_RCODE_NS_QUERY_TCP]* with [RCODE Name] and name and
IP address of the name server.
3. Else, if there is no NS record in the answer section, then
output *[CN02_MISSING_NS_RECORD_TCP]* with name and IP address of the
name server.
4. Else, if the NS record has owner name other than *Child Zone*
then output *[CN02_WRONG_NS_RECORD_TCP]* with name and IP address of
the name server, the NS record owner name and *Child Zone*.
5. Else, if AA flag is unset, then output *[CN02_NS_RECORD_NOT_AA_TCP]*
with name and IP address of the name server.
## Outcome(s)
The outcome of this Test Case is "fail" if there is at least one message
with the severity level *[ERROR]* or *[CRITICAL]*.
The outcome of this Test Case is "warning" if there is at least one message
with the severity level *[WARNING]*, but no message with severity level
*ERROR* or *CRITICAL*.
In other cases, no message or only messages with severity level
*[INFO]* or *[NOTICE]*, the outcome of this Test Case is "pass".
## Special procedural requirements
If either IPv4 or IPv6 transport is disabled, skip sending queries over that
transport protocol.
## Intercase dependencies
None.
## Terminology
No special terminology for this Test Case.
[Argument list]: ../ArgumentsForTestCaseMessages.md
[CN02_MISSING_NS_RECORD_TCP]: #summary
[CN02_MISSING_SOA_RECORD_TCP]: #summary
[CN02_NO_RESPONSE_NS_QUERY_TCP]: #summary
[CN02_NO_RESPONSE_SOA_QUERY_TCP]: #summary
[CN02_NO_RESPONSE_TCP]: #summary
[CN02_NS_RECORD_NOT_AA_TCP]: #summary
[CN02_SOA_RECORD_NOT_AA_TCP]: #summary
[CN02_UNEXPECTED_RCODE_NS_QUERY_TCP]: #summary
[CN02_UNEXPECTED_RCODE_SOA_QUERY_TCP]: #summary
[CN02_WRONG_NS_RECORD_TCP]: #summary
[CN02_WRONG_SOA_RECORD_TCP]: #summary
[CRITICAL]: ../SeverityLevelDefinitions.md#critical
[Connectivity01]: connectivity01.md
[DEBUG]: ../SeverityLevelDefinitions.md#notice
[DNS Query and Response Defaults]: ../DNSQueryAndResponseDefaults.md
[DNS Query]: ../DNSQueryAndResponseDefaults.md#default-setting-in-dns-query
[DNS Response]: ../DNSQueryAndResponseDefaults.md#default-handling-of-a-dns-response
[ERROR]: ../SeverityLevelDefinitions.md#error
[INFO]: ../SeverityLevelDefinitions.md#info
[Method4]: ../Methods.md#method-4-obtain-glue-address-records-from-parent
[Method5]: ../Methods.md#method-5-obtain-the-name-server-address-records-from-child
[NOTICE]: ../SeverityLevelDefinitions.md#notice
[RCODE Name]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6
[RFC 1035#4.2.1]: https://www.rfc-editor.org/rfc/rfc1035#section-4.2.1
[RFC 7766#5]: https://www.rfc-editor.org/rfc/rfc7766#section-5
[Severity Level Definitions]: ../SeverityLevelDefinitions.md
[WARNING]: ../SeverityLevelDefinitions.md#warning
[Zonemaster-Engine profile]: ../../../configuration/profiles.md