feat: add full Zonemaster stack with Docker and Spanish UI

- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00
commit 8d4eaa1489
1567 changed files with 204155 additions and 0 deletions
--- a/zonemaster/docs/public/specifications/tests/Zone-TP/zone06.md
+++ b/zonemaster/docs/public/specifications/tests/Zone-TP/zone06.md
@@ -0,0 +1,59 @@
+## ZONE06: SOA 'minimum' maximum value
+
+### Test case identifier
+**ZONE06** SOA 'minimum' maximum value
+
+### Objective
+
+The SOA minimum field sets the default TTL for all records in a zone.
+The recommended value is to be "cache-friendly". However, for a zone
+that changes content often, there is a need to keep the TTL values
+shorter. The use of the SOA minimum value today is the negative cache
+(where a resolver find content is missing).
+
+The SOA minimum field is described in section 3.3.13 in
+[RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035), and clarified in
+section 2.2 of [RFC 1912](https://datatracker.ietf.org/doc/html/rfc1912).
+The description of the implementation of negative caching is in
+[RFC 2308](https://datatracker.ietf.org/doc/html/rfc2308) (although it has been
+updated by several DNSSEC related RFCs, it is still relevant for this
+purpose).
+
+The [RIPE-203](https://www.ripe.net/publications/docs/ripe-203) recommendation
+for the minimum value 2 days, but the negative caching is now the norm.
+DNSCheck has a recommended value of between 300 seconds (5 minutes) and
+86400 seconds (1 day).
+
+### Inputs
+
+The domain name to be tested.
+
+### Ordered description of steps to be taken to execute the test case
+
+1. Obtain a set of name server IP addresses using [Method4] and [Method5].
+2. Create a SOA query for the zone.
+3. Send the SOA query over UDP to each name server IP address until
+   a response is received or until the set is exhausted.
+4. If the answer from step 3 is not authoritative, iterate step 3 until there is an authoritative answer.
+5. Retrieve the SOA minimum value from the SOA record.
+6. If the minimum value is larger than 86400 seconds (1 day), this test
+   case fails.
+7. If the minimum value is lower than 300 seconds (5 minutes), this test case
+   fails.
+
+### Outcome(s)
+
+If the minimum value is larger than 86400 seconds or if the minimum value is
+lower than 300 seconds, this test case fails.
+
+### Special procedural requirements
+
+None.
+
+### Intercase dependencies
+
+None.
+
+-------
+[Method4]: ../Methods.md#method-4-obtain-glue-address-records-from-parent
+[Method5]: ../Methods.md#method-5-obtain-the-name-server-address-records-from-child