feat: add full Zonemaster stack with Docker and Spanish UI

- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00
commit 8d4eaa1489
1567 changed files with 204155 additions and 0 deletions
--- a/zonemaster/docs/public/specifications/tests/Consistency-TP/consistency02.md
+++ b/zonemaster/docs/public/specifications/tests/Consistency-TP/consistency02.md
@@ -0,0 +1,82 @@
+# CONSISTENCY02: SOA RNAME consistency
+
+## Test case identifier
+
+**CONSISTENCY02**
+
+## Objective
+
+All authoritative name servers must serve the same SOA record for the
+tested domain  (section 4.2.1 of [RFC 1034]). As per section 3.3.13 of [RFC 1035],
+the RNAME field in the SOA RDATA refers to the administrative contact. An inconsistency in
+the administrative contact for the domain might result in operational
+failures being reported to different persons.
+
+The objective of this test is to verify that the administrative contact is
+consistent between different authoritative name servers.
+
+## Scope
+
+It is assumed that *Child Zone* is also tested by [Connectivity01]. This test
+case will set DEBUG level on messages for non-responsive name servers.
+
+## Inputs
+
+* The domain name to be tested ("Child Zone")
+
+## Ordered description of steps to be taken to execute the test case
+
+ 1. Obtain the list of name server IPs for the *Child Zone* from [Method4] 
+    and [Method5].
+ 2. Create an SOA query for *Child Zone* apex and send it to all name 
+    server IPs.
+ 3. Retrieve the SOA RR from the responses from all name server IPs.
+ 4. If a name server does not respond, emit *[NO_RESPONSE]*.
+ 5. If a name server responds but does not include a SOA record 
+    in the response, emit *[NO_RESPONSE_SOA_QUERY]*.
+ 6. If at least one SOA record has been retrieved and RNAME is 
+    identical in all SOA records, emit *[ONE_SOA_RNAME]*.
+ 7. If RNAME is not identical in all SOA records, emit 
+    *[MULTIPLE_SOA_RNAMES]*.
+
+## Outcome(s)
+
+The outcome of this Test Case is "fail" if there is at least one message
+with the severity level *ERROR* or *CRITICAL*.
+
+The outcome of this Test Case is "warning" if there is at least one message
+with the severity level *WARNING*, but no message with severity level
+*ERROR* or *CRITICAL*.
+
+In other cases the outcome of this Test Case is "pass".
+
+Message                       | Default severity level (if message is emitted)
+:-----------------------------|:-----------------------------------
+NO_RESPONSE                   | DEBUG
+NO_RESPONSE_SOA_QUERY         | DEBUG
+ONE_SOA_RNAME                 | INFO
+MULTIPLE_SOA_RNAMES           | NOTICE
+
+
+## Special procedural requirements	
+
+If either IPv4 or IPv6 transport is disabled, ignore the evaluation of the
+result of any test using this transport protocol. Log a message reporting
+on the ignored result.
+
+## Intercase dependencies
+
+None
+
+
+[Connectivity01]:             ../Connectivity-TP/connectivity01.md
+[MULTIPLE_SOA_RNAMES]:        #outcomes
+[Method4]:                    ../Methods.md#method-4-obtain-glue-address-records-from-parent
+[Method5]:                    ../Methods.md#method-5-obtain-the-name-server-address-records-from-child
+[NO_RESPONSE]:                #outcomes
+[NO_RESPONSE_SOA_QUERY]:      #outcomes
+[ONE_SOA_RNAME]:              #outcomes
+[RFC 1034]:                   https://datatracker.ietf.org/doc/html/rfc1034
+[RFC 1035]:                   https://datatracker.ietf.org/doc/html/rfc1035
+[RFC 1982]:                   https://datatracker.ietf.org/doc/html/rfc1982
+