CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add full Zonemaster stack with Docker and Spanish UI

Browse Source 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-04-21 08:19:24 +02:00
commit 8d4eaa1489
1567 changed files with 204155 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
zonemaster/docs/public/specifications/tests/Syntax-TP/README.md Normal file
View File

@@ -0,0 +1,25 @@
# Syntax Test Plan
These are tests of the syntax of different labels in DNS, such as domain
names and host names.
This document uses the terminology defined in the [Master Test Plan].
[Master Test Plan]: ../MasterTestPlan.md
[Test Case README]: ../README.md
<!-- Content until EOF generated by script updateTestPlanReadme.pl from Zonemaster/Zonemaster utils directory -->
## Test cases list
|Test Case |Test Case Description|
|:---------|:--------------------|
|[SYNTAX01](syntax01.md)|No illegal characters in the domain name|
|[SYNTAX02](syntax02.md)|No hyphen ('-') at the start or end of the domain name|
|[SYNTAX03](syntax03.md)|There must be no double hyphen ('--') in position 3 and 4 of the domain name|
|[SYNTAX04](syntax04.md)|The NS name must have a valid domain/hostname|
|[SYNTAX05](syntax05.md)|Misuse of '@' character in the SOA RNAME field|
|[SYNTAX06](syntax06.md)|No illegal characters in the SOA RNAME field|
|[SYNTAX07](syntax07.md)|No illegal characters in the SOA MNAME field|
|[SYNTAX08](syntax08.md)|MX name must have a valid hostname|

38
zonemaster/docs/public/specifications/tests/Syntax-TP/syntax01.md Normal file
View File

@@ -0,0 +1,38 @@
## SYNTAX01: No illegal characters in the domain name
### Test case identifier
**SYNTAX01** No illegal characters in the domain name
### Objective
There must be no illegal characters used in the domain name.
The domain name must follow the rules defined in section 2.3.1 of
[RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035),
section 2.1 of [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#section-2.1),
section 11 of
[RFC 2182](https://datatracker.ietf.org/doc/html/rfc2181#section-11) and section 2 of
[RFC 3696](https://datatracker.ietf.org/doc/html/rfc3696#section-2).
### Inputs
The domain name to be tested.
### Ordered description of steps to be taken to execute the test case
1. The domain name of the test object is used as the input for the
validation.
2. Check for characters that are not allowed in the domain name according
to the rules defined in section 2.3.1 of
[RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035).
### Outcome(s)
If there are any invalid characters in the domain name, this test case fails.
### Special procedural requirements
None.
### Intercase dependencies
None.

34
zonemaster/docs/public/specifications/tests/Syntax-TP/syntax02.md Normal file
View File

@@ -0,0 +1,34 @@
## SYNTAX02: No hyphen ('-') at the start or end of the domain name
### Test case identifier
**SYNTAX02** No hyphen ('-') at the start or end of the domain name
### Objective
There must be no hyphen ('-') at the start or end of the domain name.
The domain name must follow the rules defined in section 2.3.1 of [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035),
section 2.1 of [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#section-2.1), section 11 of
[RFC 2182](https://datatracker.ietf.org/doc/html/rfc2181#section-11) and section 2 of
[RFC 3696](https://datatracker.ietf.org/doc/html/rfc3696#section-2).
### Inputs
The domain name to be tested.
### Ordered description of steps to be taken to execute the test case
1. Each label of the domain name of the test object is used as the input for the validation.
2. If any label in the domain name start with a hyphen ('-') this test case fails.
3. If any label in the domain name ends with a hyphen ('-') this test case fails.
### Outcome(s)
If any label in the domain name start or ends with a hyphen ('-') this test case fails.
### Special procedural requirements
None.
### Intercase dependencies
None.

38
zonemaster/docs/public/specifications/tests/Syntax-TP/syntax03.md Normal file
View File

@@ -0,0 +1,38 @@
## SYNTAX03: There must be no double hyphen ('--') in position 3 and 4 of the domain name
### Test case identifier
**SYNTAX02** No double hyphen ('--') in position 3 and 4 of the domain name
### Objective
There must be no double hyphen ('--') in position 3 and 4 of the domain name,
unless the domain name has the prefix 'xn--' which is used for
internationalization.
See section 5 of [RFC 3696](https://datatracker.ietf.org/doc/html/rfc3696#section-5),
"Implications of internationalization".
### Inputs
The domain name to be tested.
### Ordered description of steps to be taken to execute the test case
1. Each label of the domain name of the test object is used as the input
for the validation.
2. If any label in the domain name contains hyphens ('-') in position 3 and 4,
go to next step.
3. Unless the prefix is 'xn', this test case fails.
### Outcome(s)
If any label in the domain name has a hyphen in position 3 and 4 of the label
and the prefix is not 'xn', this test case fails.
### Special procedural requirements
None.
### Intercase dependencies
None.

46
zonemaster/docs/public/specifications/tests/Syntax-TP/syntax04.md Normal file
View File

@@ -0,0 +1,46 @@
## SYNTAX04: The NS name must have a valid domain/hostname
### Test case identifier
**SYNTAX04** The NS name must have a valid domain/hostname
### Objective
The Name Server name must be a valid hostname according to the rules defined
in [RFC 952](https://datatracker.ietf.org/doc/html/rfc952),
in section 2.1 in [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#section-2.1),
section 11 in [RFC 2182](https://datatracker.ietf.org/doc/html/rfc2181#section-11) and
section 2 and 5 in [RFC 3696](https://datatracker.ietf.org/doc/html/rfc3696#section-2).
Newer RFCs may override some rules defined in earlier documents.
### Inputs
The hostname to be tested. The hostnames comes from all the nameservers
used, from both the parent and the zone itself.
### Ordered description of steps to be taken to execute the test case
1. Obtain the list of name server hostnames from [Method2](../Methods.md) and
[Method3](../Methods.md)
(This is all the name servers from the parent delegation, and all the
name servers in the apex of the zone itself.)
2. Each label of the hostname of the test object is used as the input
for the validation.
3. If any label in the hostname does not contain a-z or 0-9 this test case
fails.
4. If the rightmost label (the TLD) contains only digits, this test case
fails.
5. If there is a hyphen ('-') in position 3 and 4 of the label, and the prefix
is not xn (used for internationalization), this test case fails.
### Outcome(s)
If any of the steps 3 to 5 in the ordered description of this test case fails,
the whole test case fails.
### Special procedural requirements
None.
### Intercase dependencies
None.

41
zonemaster/docs/public/specifications/tests/Syntax-TP/syntax05.md Normal file
View File

@@ -0,0 +1,41 @@
## SYNTAX05: Misuse of '@' character in the SOA RNAME field
### Test case identifier
**SYNTAX05** There must be no misused '@' character in the SOA RNAME field
### Objective
The SOA RNAME field does not allow the '@' characters to be used for
describing a mailbox. The first dot ('.') is thus translated into the
'@' character. This is a common mistake. The rules are defined in
[RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035).
### Inputs
The domain name to be tested.
### Ordered description of steps to be taken to execute the test case
1. Obtain a set of name server IP addresses using [Method4] and [Method5].
2. Create a SOA query for the zone.
3. Send the SOA query over UDP to each name server IP address until a
response is received or until the set is exhausted.
4. Check if the RNAME field contains a '@' character.
### Outcome(s)
If there is any '@' character in any SOA/RNAME field, this test case fails.
### Special procedural requirements
None.
### Intercase dependencies
The de-escaped output from this test is used by [SYNTAX08](syntax08.md).
-------
[Method4]: ../Methods.md#method-4-obtain-glue-address-records-from-parent
[Method5]: ../Methods.md#method-5-obtain-the-name-server-address-records-from-child

163
zonemaster/docs/public/specifications/tests/Syntax-TP/syntax06.md Normal file
View File

@@ -0,0 +1,163 @@
# SYNTAX06: No illegal characters in the SOA RNAME field
## Test case identifier
**SYNTAX06**
## Objective
The SOA RNAME field is a mailbox address. The SOA RNAME field is defined
in [RFC 1035][RFC 1035#3.3.13], section 3.3.13 and in
[RFC 1912][RFC 1912#2.2], section 2.2. The RNAME
field should follow the rules of an e-mail address also defined in
[RFC 5322][RFC 5322#3.4.1], section 3.4.1.
## Scope
It is assumed that *Child Zone* is also tested by [Connectivity01]. This test
case will set DEBUG level on messages for non-responsive name servers.
## Inputs
* "Child Zone" - The domain name to be tested.
## Ordered description of steps to be taken to execute the test case
1. Obtain the set of name server IP addresses using [Method4] and [Method5]
("NS IP").
2. Create a SOA query for the apex of the *Child Zone* with RD flag unset.
3. For each name server IP in *NS IP* do:
1. Send the SOA query over UDP to the name server IP.
2. If the name server does not respond with a DNS response, then:
1. Output *[NO_RESPONSE]*.
2. Go to next name server IP.
3. If the DNS response does not include an SOA record in the
answer section, then:
1. Output *[NO_RESPONSE_SOA_QUERY]*.
2. Go to next name server IP.
4. Extract the RNAME from the SOA record (from the first SOA record if
multiple) and convert it to an email address ("Email Address" below)
using the following steps:
1. Convert the first "." without backslash quoting to an "@" in
the RNAME.
2. Convert any backslash quoted "." to a single "." without quoting
(see [RFC 1035], section [5.1][RFC 1035#5.1], [5.3][RFC 1035#5.3] and
[8][RFC 1035#8] for the use of backslash).
7. If *Email Address* does not meet the
mail address specification in [RFC 5322][RFC 5322#3.4.1],
section 3.4.1, then
1. Output *[RNAME_RFC822_INVALID]*.
2. Go to next name server IP.
8. Extract the domain part (to the right of "@") from the *Mail
address* ("Domain Part" below).
9. Create an MX query for the *Domain Part* and do a
[DNS Lookup][terminology] of that query.
10. If the lookup of MX does not return a DNS response with RCODE
"NOERROR", then:
1. Output *[RNAME_MAIL_DOMAIN_INVALID]*.
2. Go to next name server IP.
11. When doing the MX lookup, CNAME or a chain of CNAMEs are followed, if
any. If an MX record or records are found via CNAME, then
set *Domain Part* to be equal to the owner name of that MX record
(instead of being equal to the domain part of *Email Address*).
12. If the MX lookup returned a NO DATA response (no MX record),
then:
1. Create address queries (A and AAAA) for the *Domain Part* and
do:
1. Do [DNS Lookups][terminology] of those queries.
2. If the answer section contains a CNAME record output
*[RNAME_MAIL_ILLEGAL_CNAME]*.
3. Else, extract any A and AAAA records from the answer
sections of the DNS responses with *Domain Part* as owner
name.
2. If any A or AAAA record points at 127.0.0.1 or ::1 (localhost),
respectively, then output *[RNAME_MAIL_DOMAIN_LOCALHOST]*.
3. If no A or AAAA are extracted or any records points at
127.0.0.1 or ::1, then output *[RNAME_MAIL_DOMAIN_INVALID]*.
13. If the MX lookup returns one or more MX records, then for each
MX record extract the domain name in RDATA ("Mail Exchange")
and do:
1. Create address queries (A and AAAA) of *Mail Exchange* and do:
1. Do [DNS Lookups][terminology] of those queries.
2. If the answer section contains a CNAME record output
*[RNAME_MAIL_ILLEGAL_CNAME]*.
3. Else, extract any A and AAAA records from the answer
sections of the DNS responses with *Mail Exchange* as owner
name.
2. If any A or AAAA record points at 127.0.0.1 or ::1 (localhost),
respectively, then output *[RNAME_MAIL_DOMAIN_LOCALHOST]*.
3. If no A or AAAA are extracted or any records points at
127.0.0.1 or ::1, then output *[RNAME_MAIL_DOMAIN_INVALID]*.
4. If at least one name server IP has neither outputted *[NO_RESPONSE]*
nor *[NO_RESPONSE_SOA_QUERY]* and *[RNAME_MAIL_DOMAIN_INVALID]* has not
been outputted for any name server IP, then output *[RNAME_RFC822_VALID]*.
## Outcome(s)
The outcome of this Test Case is "fail" if there is at least one message
with the severity level *ERROR* or *CRITICAL*.
The outcome of this Test Case is "warning" if there is at least one message
with the severity level *WARNING*, but no message with severity level
*ERROR* or *CRITICAL*.
In other cases the outcome of this Test Case is "pass".
Message | Default severity level
:-----------------------------|:-----------------------------------
NO_RESPONSE | DEBUG
NO_RESPONSE_SOA_QUERY | DEBUG
RNAME_RFC822_INVALID | WARNING
RNAME_MAIL_DOMAIN_INVALID | WARNING
RNAME_MAIL_DOMAIN_LOCALHOST | WARNING
RNAME_MAIL_ILLEGAL_CNAME | WARNING
RNAME_RFC822_VALID | INFO
## Special procedural requirements
If either IPv4 or IPv6 transport is disabled, ignore the evaluation of the
result of any test using this transport protocol. Log a message reporting
on the ignored result.
## Intercase dependencies
None.
## Terminology
* "Using Method" - When the term is used, names and IP addresses are fetched
using the defined [Methods].
* "Send" (to an IP address) - The term is used when a DNS query is sent to
a specific name server.
* "DNS Lookup" - The term is used when a recursive lookup is used, though
any changes to the DNS tree introduced by an [undelegated test] must be
respected.
[Connectivity01]: ../Connectivity-TP/connectivity01.md
[Method4]: ../Methods.md#method-4-obtain-glue-address-records-from-parent
[Method5]: ../Methods.md#method-5-obtain-the-name-server-address-records-from-child
[Methods]: ../Methods.md
[NO_RESPONSE]: #outcomes
[NO_RESPONSE_SOA_QUERY]: #outcomes
[RFC 1035#3.3.13]: https://datatracker.ietf.org/doc/html/rfc1035#section-3.3.13
[RFC 1035#5.1]: https://datatracker.ietf.org/doc/html/rfc1035#section-5.1
[RFC 1035#5.3]: https://datatracker.ietf.org/doc/html/rfc1035#section-5.3
[RFC 1035#8]: https://datatracker.ietf.org/doc/html/rfc1035#section-8
[RFC 1035]: https://datatracker.ietf.org/doc/html/rfc1035
[RFC 1912#2.2]: https://datatracker.ietf.org/doc/html/rfc1912#section-2.2
[RFC 5322#3.4.1]: https://datatracker.ietf.org/doc/html/rfc5322#section-3.4.1
[RNAME_MAIL_DOMAIN_INVALID]: #outcomes
[RNAME_MAIL_DOMAIN_LOCALHOST]:#outcomes
[RNAME_MAIL_ILLEGAL_CNAME]: #outcomes
[RNAME_RFC822_INVALID]: #outcomes
[RNAME_RFC822_VALID]: #outcomes
[terminology]: #terminology
[undelegated test]: ../../test-types/undelegated-test.md

47
zonemaster/docs/public/specifications/tests/Syntax-TP/syntax07.md Normal file
View File

@@ -0,0 +1,47 @@
## SYNTAX07: No illegal characters in the SOA MNAME field
### Test case identifier
**SYNTAX07** There must be no illegal characters in the SOA MNAME field
### Objective
The SOA MNAME field is a hostname. Hostnames are valid according to the
rules defined in [RFC 952](https://datatracker.ietf.org/doc/html/rfc952),
in section 2.1 in [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#section-2.1),
section 11 in [RFC 2182](https://datatracker.ietf.org/doc/html/rfc2181#section-11) and
section 2 and 5 in [RFC 3696](https://datatracker.ietf.org/doc/html/rfc3696#section-2).
Newer RFCs may override some rules defined in earlier documents.
### Inputs
The domain name to be tested.
### Ordered description of steps to be taken to execute the test case
1. Retrieve the SOA record from the zone being tested.
2. Get the MNAME from the SOA record.
3. Each label of the hostname of the test object is used as the input
for the validation.
4. If any label in the hostname does not contain a-z or 0-9 this test case
fails.
5. If any label of the hostname is longer than 63 characters, this test case
fails.
6. If the hostname is longer than 255 characters including separators, this
test case fails.
7. If the rightmost label (the TLD) contains only digits, this test case
fails.
8. If there is a hyphen ('-') in position 3 and 4 of the label, and the prefix
is not xn (used for internationalization), this test case fails.
### Outcome(s)
If any of the steps 4 to 8 in the ordered description of this test case fails,
the whole test case fails.
### Special procedural requirements
None.
### Intercase dependencies
This test case uses the same host name validator as test case [SYNTAX04](syntax04.md).

49
zonemaster/docs/public/specifications/tests/Syntax-TP/syntax08.md Normal file
View File

@@ -0,0 +1,49 @@
## SYNTAX08: MX name must have a valid hostname
### Test case identifier
**SYNTAX08** The MX record name must be a valid hostname
### Objective
The MX record names used for delivering mail for a domain name address
must be valid hostnames according to the rules defined in
[RFC 952](https://datatracker.ietf.org/doc/html/rfc952),
in section 2.1 in [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#section-2.1),
section 11 in [RFC 2182](https://datatracker.ietf.org/doc/html/rfc2181#section-11) and
section 2 and 5 in [RFC 3696](https://datatracker.ietf.org/doc/html/rfc3696#section-2).
Newer RFCs may override some rules defined in earlier documents. The MX
records use of "Domain Names" is described in section 2.3.5 of
[RFC 5321](https://datatracker.ietf.org/doc/html/rfc5321#section-2.3.5).
### Inputs
The hostnames to be tested. The hostnames comes from looking up the MX record
for the domain being tested.
### Ordered description of steps to be taken to execute the test case
1. Query for the MX record of the domain name.
2. For each hostname of the MX records found:
3. If any label in the hostname does not contain a-z or 0-9 this test case
fails.
4. If any label of the hostname is longer than 63 characters, this test case
fails.
5. If the hostname is longer than 255 characters including separators, this
test case fails.
6. If the rightmost label (the TLD) contains only digits, this test case
fails.
7. If there is a hyphen ('-') in position 3 and 4 of the label, and the prefix
is not xn (used for internationalization), this test case fails.
### Outcome(s)
If any of the steps 3 to 7 in the ordered description of this test case fails,
the whole test case fails.
### Special procedural requirements
None.
### Intercase dependencies
None.