CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add full Zonemaster stack with Docker and Spanish UI

Browse Source 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-04-21 08:19:24 +02:00
commit 8d4eaa1489
1567 changed files with 204155 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone Normal file
View File

@@ -0,0 +1,22 @@
; Shared, $ORIGIN must implicit.
$TTL 3600
@ SOA ns1 admin. (
2025103000 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
@ TXT "Placeholder"
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
; EOF

13
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/README.md Normal file
View File

@@ -0,0 +1,13 @@
[This directory](.), i.e. the same directory as this README file, holds zone
files and configuration files to implement the test zones for the scenarios
defined in [DNSSEC01 test scenario specification].
For these test zones the following files are found in [This directory](.):
* Zone files for `dnssec01.xa` and other related zones.
* CoreDNS configuration file
* Zone file and hint file for local root zone.
* Output from `zonemaster-cli` on all test scenarios in
[test-zones-output.md](test-zones-output.md).
[DNSSEC01 test scenario specification]: ../../../docs/public/specifications/test-zones/DNSSEC-TP/dnssec01.md

369
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/dnssec01.cfg Normal file
View File

@@ -0,0 +1,369 @@
# | 127.15.1.0/24 | DNSSEC01 scenarios |
# | 127.15.1.21 | ns1.dnssec01.xa |
# | 127.15.1.22 | ns2.dnssec01.xa |
# | 127.15.1.31 | scenario specific parent (if any) |
# | 127.15.1.32 | scenario specific parent (if any) |
# | 127.15.1.41 | ns1 for scenario child |
# | 127.15.1.42 | ns2 for chenario child |
## root
.:53 {
bind 127.15.1.27 # ns1
bind fda1:b2:c3:0:127:15:1:27 # ns1
bind 127.15.1.28 # ns2
bind fda1:b2:c3:0:127:15:1:28 # ns2
log
file DNSSEC-TP/dnssec01/root-zone.zone .
}
# Resolver using test case local root
. {
bind 127.15.1.53
unbound {
option root-hints DNSSEC-TP/dnssec01/hintfile.zone
}
log
}
dnssec01.xa:53 { #
bind 127.15.1.21 # ns1
bind fda1:b2:c3:0:127:15:1:21 # ns1
bind 127.15.1.22 # ns2
bind fda1:b2:c3:0:127:15:1:22 # ns2
log
file DNSSEC-TP/dnssec01/dnssec01.xa.zone dnssec01.xa
}
# ALGO-DEPRECATED-1
algo-deprecated-1.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-deprecated-1.dnssec01.xa
}
# ALGO-DEPRECATED-3
algo-deprecated-3.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-deprecated-3.dnssec01.xa
}
# ALGO-RESERVED-128
algo-reserved-128.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-128.dnssec01.xa
}
# ALGO-RESERVED-188
algo-reserved-188.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-188.dnssec01.xa
}
# ALGO-RESERVED-252
algo-reserved-252.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-252.dnssec01.xa
}
# ALGO-UNASSIGNED-7
algo-unassigned-7.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-7.dnssec01.xa
}
# ALGO-UNASSIGNED-67
algo-unassigned-67.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-67.dnssec01.xa
}
# ALGO-UNASSIGNED-127
algo-unassigned-127.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-127.dnssec01.xa
}
# ALGO-PRIVATE-253
algo-private-253.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-private-253.dnssec01.xa
}
# ALGO-PRIVATE-254
algo-private-254.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-private-254.dnssec01.xa
}
# ALGO-NOT-DS-0
algo-not-ds-0.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-not-ds-0.dnssec01.xa
}
# ALGO-OK-2
algo-ok-2.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-2.dnssec01.xa
}
# ALGO-OK-4
algo-ok-4.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-4.dnssec01.xa
}
# ALGO-OK-5
algo-ok-5.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-5.dnssec01.xa
}
# ALGO-OK-6
algo-ok-6.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-6.dnssec01.xa
}
## MIXED-ALGO-1
mixed-algo-1.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone mixed-algo-1.dnssec01.xa
}
## SHARED-IP-1
shared-ip-1.dnssec01.xa:53 { #
bind 127.15.1.31 # ns1a and ns1b
bind fda1:b2:c3:0:127:15:1:31 # ns1a and ns1b
log
file DNSSEC-TP/dnssec01/shared-ip-1.dnssec01.xa.zone shared-ip-1.dnssec01.xa
}
child.shared-ip-1.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.shared-ip-1.dnssec01.xa
}
## SHARED-IP-2
shared-ip-2.dnssec01.xa:53 { #
bind 127.15.1.31 # ns1/dns1
bind fda1:b2:c3:0:127:15:1:31 # ns1/dns1
bind 127.15.1.32 # ns2/dns2
bind fda1:b2:c3:0:127:15:1:32 # ns2/dns2
log
file DNSSEC-TP/dnssec01/shared-ip-2.dnssec01.xa.zone shared-ip-2.dnssec01.xa
}
child.shared-ip-2.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.shared-ip-2.dnssec01.xa
}
# NO-RESPONSE-1
no-response-1.dnssec01.xa:53 { #
bind 127.15.1.31 # ns1
bind fda1:b2:c3:0:127:15:1:31 # ns1
bind 127.15.1.32 # ns2
bind fda1:b2:c3:0:127:15:1:32 # ns2
log
file DNSSEC-TP/dnssec01/no-response-1.dnssec01.xa.zone no-response-1.dnssec01.xa
acl child.no-response-1.dnssec01.xa { #
drop type DS
}
}
child.no-response-1.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.no-response-1.dnssec01.xa
}
# NO-VALID-RESPONSE-1
no-valid-response-1.dnssec01.xa:53 { #
bind 127.15.1.31 # ns1
bind fda1:b2:c3:0:127:15:1:31 # ns1
log
file DNSSEC-TP/dnssec01/no-valid-response-1.dnssec01.xa.zone no-valid-response-1.dnssec01.xa
template IN DS child.no-valid-response-1.dnssec01.xa. {
rcode SERVFAIL
}
}
no-valid-response-1.dnssec01.xa:53 { #
bind 127.15.1.32 # ns2
bind fda1:b2:c3:0:127:15:1:32 # ns2
log
file DNSSEC-TP/dnssec01/no-valid-response-1.dnssec01.xa.zone no-valid-response-1.dnssec01.xa
template IN DS child.no-valid-response-1.dnssec01.xa. {
rcode REFUSED
}
}
child.no-valid-response-1.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.no-valid-response-1.dnssec01.xa
}
# PARENT-SERVER-NO-DS-1
parent-server-no-ds-1.dnssec01.xa:53 { #
bind 127.15.1.31 # ns1
bind fda1:b2:c3:0:127:15:1:31 # ns1
log
file DNSSEC-TP/dnssec01/parent-server-no-ds-1.dnssec01.xa_ns1.zone parent-server-no-ds-1.dnssec01.xa
}
parent-server-no-ds-1.dnssec01.xa:53 { #
bind 127.15.1.32 # ns2
bind fda1:b2:c3:0:127:15:1:32 # ns2
log
file DNSSEC-TP/dnssec01/parent-server-no-ds-1.dnssec01.xa_ns2.zone parent-server-no-ds-1.dnssec01.xa
}
child.parent-server-no-ds-1.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.parent-server-no-ds-1.dnssec01.xa
}
# PARENT-ZONE-NO-DS-1
parent-zone-no-ds-1.dnssec01.xa:53 { #
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone parent-zone-no-ds-1.dnssec01.xa
}
# UNDEL-NO-UNDEL-DS-1
undel-no-undel-ds-1.dnssec01.xa:53 { # Not delegated
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone undel-no-undel-ds-1.dnssec01.xa
}
# UNDEL-WITH-UNDEL-DS-1
undel-with-undel-ds-1.dnssec01.xa:53 { # Not delegated, DS to be provided
bind 127.15.1.41 # ns1
bind fda1:b2:c3:0:127:15:1:41 # ns1
bind 127.15.1.42 # ns2
bind fda1:b2:c3:0:127:15:1:42 # ns2
log
file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone undel-with-undel-ds-1.dnssec01.xa
}
# ROOT-NO-UNDEL-DS-1
#
# Reuse the existing root zone defined above. No special configuration is required.
# ROOT-WITH-UNDEL-DS-1
#
# Reuse the existing root zone defined above. No special configuration is required.
# DS to be provided.

235
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/dnssec01.xa.zone Normal file
View File

@@ -0,0 +1,235 @@
$ORIGIN dnssec01.xa. ; Must end with "."
$TTL 3600
@ SOA ns1 admin. (
2025100800 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.1.21
ns1 AAAA fda1:b2:c3:0:127:15:1:21
ns2 A 127.15.1.22
ns2 AAAA fda1:b2:c3:0:127:15:1:22
$ORIGIN algo-deprecated-1.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 8 1 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 1
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-deprecated-3.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 3 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 3
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-reserved-128.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 128 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 128
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-reserved-188.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 188 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 188
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-reserved-252.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 252 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 252
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-unassigned-7.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 7 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 7
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-unassigned-67.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 67 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 67
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-unassigned-127.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 127 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 127
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-private-253.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 253 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 253
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-private-254.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 254 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 254
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-not-ds-0.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 0 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 0
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-ok-2.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 2
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-ok-4.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 4 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 4
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-ok-5.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 5 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 5
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN algo-ok-6.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 6 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 6
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN mixed-algo-1.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 1 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 1
@ DS 42581 13 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 2
@ DS 42581 13 253 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 253
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
$ORIGIN shared-ip-1.dnssec01.xa. ; Parent of test zone child.shared-ip-1.dnssec01.xa.
@ NS ns1a
@ NS ns1b
ns1a A 127.15.1.31
ns1a AAAA fda1:b2:c3:0:127:15:1:31
ns1b A 127.15.1.31
ns1b AAAA fda1:b2:c3:0:127:15:1:31
$ORIGIN shared-ip-2.dnssec01.xa. ; Parent of test zone child.shared-ip-2.dnssec01.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.1.31
ns1 AAAA fda1:b2:c3:0:127:15:1:31
ns2 A 127.15.1.32
ns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN no-response-1.dnssec01.xa. ; Parent of test zone child.no-response-1.dnssec01.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.1.31
ns1 AAAA fda1:b2:c3:0:127:15:1:31
ns2 A 127.15.1.32
ns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN no-valid-response-1.dnssec01.xa. ; Parent of test zone child.no-response-response-1.dnssec01.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.1.31
ns1 AAAA fda1:b2:c3:0:127:15:1:31
ns2 A 127.15.1.32
ns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN parent-server-no-ds-1.dnssec01.xa. ; Parent of test zone child.parent-server-no-ds-1.dnssec01.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.1.31
ns1 AAAA fda1:b2:c3:0:127:15:1:31
ns2 A 127.15.1.32
ns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN parent-zone-no-ds-1.dnssec01.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42

8
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/hintfile.zone Normal file
View File

@@ -0,0 +1,8 @@
; Hint file for DNSSEC01 local root
. 3600 NS root-ns1.xa.
. 3600 NS root-ns2.xa.
root-ns1.xa. 3600 A 127.15.1.27
root-ns1.xa. 3600 AAAA fda1:b2:c3::127:15:1:27
root-ns2.xa. 3600 A 127.15.1.28
root-ns2.xa. 3600 AAAA fda1:b2:c3::127:15:1:28

29
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/no-response-1.dnssec01.xa.zone Normal file
View File

@@ -0,0 +1,29 @@
$ORIGIN no-response-1.dnssec01.xa.
$TTL 3600
@ SOA ns1 admin. (
2025090301 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.1.31
ns1 AAAA fda1:b2:c3:0:127:15:1:31
ns2 A 127.15.1.32
ns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN child.no-response-1.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 2
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
; EOF

29
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/no-valid-response-1.dnssec01.xa.zone Normal file
View File

@@ -0,0 +1,29 @@
$ORIGIN no-valid-response-1.dnssec01.xa.
$TTL 3600
@ SOA ns1 admin. (
2025090300 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.1.31
ns1 AAAA fda1:b2:c3:0:127:15:1:31
ns2 A 127.15.1.32
ns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN child.no-valid-response-1.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 2
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
; EOF

30
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/parent-server-no-ds-1.dnssec01.xa_ns1.zone Normal file
View File

@@ -0,0 +1,30 @@
$ORIGIN parent-server-no-ds-1.dnssec01.xa. ; ns1
$TTL 3600
@ SOA ns1 admin. (
2025090108 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
dns1 A 127.15.1.31
dns1 AAAA fda1:b2:c3:0:127:15:1:31
dns2 A 127.15.1.32
dns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN child.parent-server-no-ds-1.dnssec01.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
; EOF

31
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/parent-server-no-ds-1.dnssec01.xa_ns2.zone Normal file
View File

@@ -0,0 +1,31 @@
$ORIGIN parent-server-no-ds-1.dnssec01.xa. ; ns2
$TTL 3600
@ SOA ns1 admin. (
2025090106 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
dns1 A 127.15.1.31
dns1 AAAA fda1:b2:c3:0:127:15:1:31
dns2 A 127.15.1.32
dns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN child.parent-server-no-ds-1.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 2
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
; EOF

32
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/root-zone.zone Normal file
View File

@@ -0,0 +1,32 @@
$ORIGIN .
$TTL 3600
@ SOA ns1. admin.xa. (
2025082200 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS root-ns1.xa.
NS root-ns2.xa.
root-ns1.xa. A 127.15.1.27
root-ns1.xa. AAAA fda1:b2:c3::127:15:1:27
root-ns2.xa. A 127.15.1.28
root-ns2.xa. AAAA fda1:b2:c3::127:15:1:28
$ORIGIN dnssec01.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.1.21
ns1 AAAA fda1:b2:c3::127:15:1:21
ns2 A 127.15.1.22
ns1 AAAA fda1:b2:c3::127:15:1:22
;EOF

29
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/shared-ip-1.dnssec01.xa.zone Normal file
View File

@@ -0,0 +1,29 @@
$ORIGIN shared-ip-1.dnssec01.xa.
$TTL 3600
@ SOA ns1 admin. (
2025083100 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1a
@ NS ns1b
ns1a A 127.15.1.31
ns1a AAAA fda1:b2:c3:0:127:15:1:31
ns1b A 127.15.1.31
ns1b AAAA fda1:b2:c3:0:127:15:1:31
$ORIGIN child.shared-ip-1.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 2
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
; EOF

29
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/shared-ip-2.dnssec01.xa.zone Normal file
View File

@@ -0,0 +1,29 @@
$ORIGIN shared-ip-2.dnssec01.xa.
$TTL 3600
@ SOA ns1 admin. (
2025083101 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS dns1
@ NS dns2
dns1 A 127.15.1.31
dns1 AAAA fda1:b2:c3:0:127:15:1:31
dns2 A 127.15.1.32
dns2 AAAA fda1:b2:c3:0:127:15:1:32
$ORIGIN child.shared-ip-2.dnssec01.xa.
@ NS ns1
@ NS ns2
@ DS 42581 13 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 ; 2
ns1 A 127.15.1.41
ns1 AAAA fda1:b2:c3:0:127:15:1:41
ns2 A 127.15.1.42
ns2 AAAA fda1:b2:c3:0:127:15:1:42
; EOF

370
zonemaster/test-zone-data/DNSSEC-TP/dnssec01/test-zones-output.md Normal file
View File

@@ -0,0 +1,370 @@
# DNSSEC01 Test scenario output
# Table of contents
* [Introduction](#introduction)
* [All message tags](#all-message-tags)
* [All scenarios](#all-scenarios)
* [zonemaster-cli commands and their output for each test scenario](#zonemaster-cli-commands-and-their-output-for-each-test-scenario)
## Introduction
In this file the output of running `zonemaster-cli` for every test zone is
found. This file is created during the development of the test zones and should
be updated as the implementation of the test case or the test scenarios or test
zones are updated or corrected.
During development and any update this document serves as tracking and log tool.
It also serves as a template for future development of test zones for
scenarios for other test cases.
## All message tags
* DS01_DS_ALGO_2_MISSING
* DS01_DS_ALGO_DEPRECATED
* DS01_DS_ALGO_NOT_DS
* DS01_DS_ALGO_OK
* DS01_DS_ALGO_PRIVATE
* DS01_DS_ALGO_RESERVED
* DS01_DS_ALGO_UNASSIGNED
* DS01_NO_RESPONSE
* DS01_PARENT_SERVER_NO_DS
* DS01_PARENT_ZONE_NO_DS
* DS01_ROOT_N_NO_UNDEL_DS
* DS01_UNDEL_N_NO_UNDEL_DS
## All scenarios
| Scenario name | Zone name |
|:----------------------|:-----------------------------------------|
| ALGO-DEPRECATED-1 | algo-deprecated-1.dnssec01.xa. |
| ALGO-DEPRECATED-3 | algo-deprecated-3.dnssec01.xa. |
| ALGO-RESERVED-128 | algo-reserved-128.dnssec01.xa. |
| ALGO-RESERVED-188 | algo-reserved-188.dnssec01.xa. |
| ALGO-RESERVED-252 | algo-reserved-252.dnssec01.xa. |
| ALGO-UNASSIGNED-7 | algo-unassigned-7.dnssec01.xa. |
| ALGO-UNASSIGNED-67 | algo-unassigned-67.dnssec01.xa. |
| ALGO-UNASSIGNED-127 | algo-unassigned-127.dnssec01.xa. |
| ALGO-PRIVATE-253 | algo-private-253.dnssec01.xa. |
| ALGO-PRIVATE-254 | algo-private-254.dnssec01.xa. |
| ALGO-NOT-DS-0 | algo-not-ds-0.dnssec01.xa. |
| ALGO-OK-2 | algo-ok-2.dnssec01.xa. |
| ALGO-OK-4 | algo-ok-4.dnssec01.xa. |
| ALGO-OK-5 | algo-ok-5.dnssec01.xa. |
| ALGO-OK-6 | algo-ok-6.dnssec01.xa. |
| MIXED-ALGO-1 | mixed-algo-1.dnssec01.xa. |
| SHARED-IP-1 | child.shared-ip-1.dnssec01.xa. |
| SHARED-IP-2 | child.shared-ip-2.dnssec01.xa. |
| NO-RESPONSE-1 | child.no-response-1.dnssec01.xa. |
| NO-VALID-RESPONSE-1 | child.no-valid-response-1.dnssec01.xa. |
| PARENT-SERVER-NO-DS-1 | child.parent-server-no-ds-1.dnssec01.xa. |
| PARENT-ZONE-NO-DS-1 | parent-zone-no-ds-1.dnssec01.xa. |
| UNDEL-NO-UNDEL-DS-1 | undel-no-undel-ds-1.dnssec01.xa. |
| UNDEL-WITH-UNDEL-DS-1 | undel-with-undel-ds-1.dnssec01.xa. |
| ROOT-NO-UNDEL-DS-1 | . |
| ROOT-WITH-UNDEL-DS-1 | . |
## zonemaster-cli commands and their output for each test scenario
All commands are run from the same directory as this file is in. To be meaningful
the `zonemaster-cli` command should be run with the following options:
```
--hints=hintfile.zone --test=dnssec01 --level=info
```
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-DEPRECATED-1 | DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-DEPRECATED-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_DEPRECATED ds_algo_descr=SHA-1; ds_algo_num=1; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-DEPRECATED-3 | DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-DEPRECATED-3.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_DEPRECATED ds_algo_descr=GOST R 34.11-94; ds_algo_num=3; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-NOT-DS-0 | DS01_DS_ALGO_NOT_DS, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-NOT-DS-0.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_NOT_DS ds_algo_descr=Reserved; ds_algo_num=0; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-OK-2 | DS01_DS_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-OK-2.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SHA-256; ds_algo_num=2; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-OK-4 | DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-OK-4.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SHA-384; ds_algo_num=4; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-OK-5 | DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-OK-5.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=GOST R 34.11-2012; ds_algo_num=5; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-OK-6 | DS01_DS_ALGO_OK, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-OK-6.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SM3; ds_algo_num=6; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-PRIVATE-253 | DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-PRIVATE-253.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_PRIVATE ds_algo_descr=Reserved for Private Use; ds_algo_num=253; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-PRIVATE-254 | DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-PRIVATE-254.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_PRIVATE ds_algo_descr=Reserved for Private Use; ds_algo_num=254; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-RESERVED-128 | DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-RESERVED-128.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_RESERVED ds_algo_descr=Reserved; ds_algo_num=128; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-RESERVED-188 | DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-RESERVED-188.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_RESERVED ds_algo_descr=Reserved; ds_algo_num=188; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-RESERVED-252 | DS01_DS_ALGO_RESERVED, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-RESERVED-252.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.04 ERROR DNSSEC01 DS01_DS_ALGO_RESERVED ds_algo_descr=Reserved; ds_algo_num=252; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.04 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-UNASSIGNED-7 | DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-UNASSIGNED-7.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_UNASSIGNED ds_algo_descr=Unassigned; ds_algo_num=7; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-UNASSIGNED-67 | DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-UNASSIGNED-67.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC01 DS01_DS_ALGO_UNASSIGNED ds_algo_descr=Unassigned; ds_algo_num=67; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.05 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ALGO-UNASSIGNED-127 | DS01_DS_ALGO_UNASSIGNED, DS01_DS_ALGO_2_MISSING | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw ALGO-UNASSIGNED-127.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.04 ERROR DNSSEC01 DS01_DS_ALGO_UNASSIGNED ds_algo_descr=Unassigned; ds_algo_num=127; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.04 NOTICE DNSSEC01 DS01_DS_ALGO_2_MISSING keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| MIXED-ALGO-1 | DS01_DS_ALGO_DEPRECATED, DS01_DS_ALGO_PRIVATE, DS01_DS_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw MIXED-ALGO-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.04 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SHA-256; ds_algo_num=2; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.04 ERROR DNSSEC01 DS01_DS_ALGO_DEPRECATED ds_algo_descr=SHA-1; ds_algo_num=1; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
0.04 ERROR DNSSEC01 DS01_DS_ALGO_PRIVATE ds_algo_descr=Reserved for Private Use; ds_algo_num=253; keytag=42581; ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| SHARED-IP-1 | DS01_DS_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw child.shared-ip-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.08 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SHA-256; ds_algo_num=2; keytag=42581; ns_list=ns1a.shared-ip-1.dnssec01.xa/127.15.1.31;ns1a.shared-ip-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:31;ns1b.shared-ip-1.dnssec01.xa/127.15.1.31;ns1b.shared-ip-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:31
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| SHARED-IP-2 | DS01_DS_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw child.shared-ip-2.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.08 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SHA-256; ds_algo_num=2; keytag=42581; ns_list=dns1.shared-ip-2.dnssec01.xa/127.15.1.31;dns1.shared-ip-2.dnssec01.xa/fda1:b2:c3:0:127:15:1:31;dns2.shared-ip-2.dnssec01.xa/127.15.1.32;dns2.shared-ip-2.dnssec01.xa/fda1:b2:c3:0:127:15:1:32;ns1.shared-ip-2.dnssec01.xa/127.15.1.31;ns1.shared-ip-2.dnssec01.xa/fda1:b2:c3:0:127:15:1:31;ns2.shared-ip-2.dnssec01.xa/127.15.1.32;ns2.shared-ip-2.dnssec01.xa/fda1:b2:c3:0:127:15:1:32
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| NO-RESPONSE-1 | DS01_NO_RESPONSE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw child.no-response-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
40.11 WARNING DNSSEC01 DS01_NO_RESPONSE ns_list=ns1.no-response-1.dnssec01.xa/127.15.1.31;ns1.no-response-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:31;ns2.no-response-1.dnssec01.xa/127.15.1.32;ns2.no-response-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:32
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| NO-VALID-RESPONSE-1 | DS01_NO_RESPONSE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw child.no-valid-response-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.08 WARNING DNSSEC01 DS01_NO_RESPONSE ns_list=ns1.no-valid-response-1.dnssec01.xa/127.15.1.31;ns1.no-valid-response-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:31;ns2.no-valid-response-1.dnssec01.xa/127.15.1.32;ns2.no-valid-response-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:32
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| PARENT-SERVER-NO-DS-1 | DS01_PARENT_SERVER_NO_DS, DS01_DS_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw child.parent-server-no-ds-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.08 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SHA-256; ds_algo_num=2; keytag=42581; ns_list=ns2.parent-server-no-ds-1.dnssec01.xa/127.15.1.32;ns2.parent-server-no-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:32
0.08 ERROR DNSSEC01 DS01_PARENT_SERVER_NO_DS ns_list=ns1.parent-server-no-ds-1.dnssec01.xa/127.15.1.31;ns1.parent-server-no-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:31
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| PARENT-ZONE-NO-DS-1 | DS01_PARENT_ZONE_NO_DS | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec01 --level=info --show-testcase --raw PARENT-ZONE-NO-DS-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 NOTICE DNSSEC01 DS01_PARENT_ZONE_NO_DS ns_list=ns1.dnssec01.xa/127.15.1.21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:21;ns1.dnssec01.xa/fda1:b2:c3:0:127:15:1:22;ns2.dnssec01.xa/127.15.1.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| UNDEL-NO-UNDEL-DS-1 | DS01_UNDEL_N_NO_UNDEL_DS | 2) |
* Undelegated data:
* ns1.undel-no-undel-ds-1.dnssec01.xa/127.15.1.41
* ns1.undel-no-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:41
* ns2.undel-no-undel-ds-1.dnssec01.xa/127.15.1.42
* ns2.undel-no-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:42
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec01 --hints hintfile.zone --raw --ns=ns1.undel-no-undel-ds-1.dnssec01.xa/127.15.1.41 --ns=ns1.undel-no-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:127.15.1.41 --ns=ns1.undel-no-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:41 --ns=ns2.undel-no-undel-ds-1.dnssec01.xa/127.15.1.42 --ns=ns2.undel-no-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:42 undel-no-undel-ds-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.01 INFO DNSSEC01 DS01_UNDEL_N_NO_UNDEL_DS
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| UNDEL-WITH-UNDEL-DS-1 | DS01_DS_ALGO_OK | 2) |
* Undelegated data:
* ns1.undel-with-undel-ds-1.dnssec01.xa/127.15.1.41
* ns1.undel-with-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:41
* ns2.undel-with-undel-ds-1.dnssec01.xa/127.15.1.42
* ns2.undel-with-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:42
* Undelegated DS:
* 42581,13,2,F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec01 --hints hintfile.zone --raw --ns=ns1.undel-with-undel-ds-1.dnssec01.xa/127.15.1.41 --ns=ns1.undel-with-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:41 --ns=ns2.undel-with-undel-ds-1.dnssec01.xa/127.15.1.42 --ns=ns2.undel-with-undel-ds-1.dnssec01.xa/fda1:b2:c3:0:127:15:1:42 --ds=42581,13,2,F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9 undel-with-undel-ds-1.dnssec01.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.01 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SHA-256; ds_algo_num=2; keytag=42581; ns_list=-
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ROOT-NO-UNDEL-DS-1 | DS01_ROOT_N_NO_UNDEL_DS | 2) |
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec01 --hints hintfile.zone --raw .
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.00 INFO DNSSEC01 DS01_ROOT_N_NO_UNDEL_DS
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------------|:---------------------------------------------------------------|:---------------|
| ROOT-WITH-UNDEL-DS-1 | DS01_DS_ALGO_OK | 2) |
* Undelegated DS:
* 42581,13,2,F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec01 --hints hintfile.zone --raw . --ds=42581,13,2,F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.00 INFO DNSSEC01 DS01_DS_ALGO_OK ds_algo_descr=SHA-256; ds_algo_num=2; keytag=42581; ns_list=-
```
--> OK

36
zonemaster/test-zone-data/DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE Normal file
View File

@@ -0,0 +1,36 @@
; Must be kept zone independent to work for any level of zone including TLD.
$TTL 3600
@ SOA ns1 admin. (
2022121300 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
DNSKEY 256 3 8 (
AwEAAakN9dPQcFI31NqnC2y9E5gCzNAeQdLvbEcNJ8bO
xqXwkNlKZ1bA7YLWpFpofYDvWQDKK2RMtvkL7ZWGokve
EA1edxVhtxSjJ+HrlJ3GGnXqeEzuEK6OkVdGvVmgjv6J
XAsOuKxnYnhUc39WvnA2UxNhqPaqKB2Hxlcqu2LwSAnt
) ; ZSK; alg = RSASHA256 ; key id = 53655
DNSKEY 257 3 8 (
AwEAAdjFhIuIbkugW2DTaHNGN0PVV79EBGxlUEmnim0K
QHfnzZt6Qr9L0BSQ5wRNV3MqEQnMHBxq3okabyT+S/zf
8PNaKWybyE3HGs7tF1OCbarxqQ0WlEY6MrefzB7gPL0m
uyaAYT4PUW8dsIRrRQAqTxQXiLDgAJAfynF6bCgT7urA
PqtCOOgzfj0XzfWCPbG7iFy506CQfX77MlgiDOLkB3sd
/Z8x4Ahp0UowQUdyrP9M8mMeD/d/UI/kDQ9KiT2VWpaG
bW2ZH2unz++7alWQG73nt+8gT//mjj8EaJU3Xmfm3Q/i
zu54ASzsQ/+76b225SC7URTfXUZiGHG3XvVOyUc=
) ; KSK; alg = RSASHA256 ; key id = 23401
NS ns1
NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32

202
zonemaster/test-zone-data/DNSSEC-TP/dnssec03/README.md Normal file
View File

@@ -0,0 +1,202 @@
# DNSSEC03
[This directory](.), i.e. the same directory as this README file, holds
zone files and `coredns` configuration files for scenarios for test case DNSSEC03:
* NO-DNSSEC-SUPPORT
* NO-NSEC3
* GOOD-VALUES
* ERR-MULT-NSEC3
* BAD-VALUES
* INCONSISTENT-VALUES
* NSEC3-OPT-OUT-ENABLED-TLD
* SERVER-NO-DNSSEC-SUPPORT
* SERVER-NO-NSEC3
* UNASSIGNED-FLAG-USED
## Limitation
These scenarios cannot be tested until pull request zonemaster/zonemaster#1189
has been implemented.
## zonemaster-cli commands and their output for each test scenario
The level (`--level`) must be set to the lowest level of the message tags. For
this test case `INFO` is the lowest level. It is only meaningful to test the
test zones with test case DNSSEC03.
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
NO-DNSSEC-SUPPORT | DS03_NO_DNSSEC_SUPPORT | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_DISABLED, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli no-dnssec-support.dnssec03.xa --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.12 NOTICE DS03_NO_DNSSEC_SUPPORT ns_list=ns1.no-dnssec-support.dnssec03.xa/127.15.3.31;ns1.no-dnssec-support.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.no-dnssec-support.dnssec03.xa/127.15.3.32;ns2.no-dnssec-support.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
NO-NSEC3 | DS03_NO_NSEC3 | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NO_DNSSEC_SUPPORT, DS03_NSEC3_OPT_OUT_DISABLED, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info no-nsec3.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.16 INFO DS03_NO_NSEC3 ns_list=ns1.no-nsec3.dnssec03.xa/127.15.3.31;ns1.no-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.no-nsec3.dnssec03.xa/127.15.3.32;ns2.no-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
GOOD-VALUES | DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NSEC3_OPT_OUT_DISABLED | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info good-values.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.11 INFO DS03_LEGAL_HASH_ALGO ns_list=ns1.good-values.dnssec03.xa/127.15.3.31;ns1.good-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.good-values.dnssec03.xa/127.15.3.32;ns2.good-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.11 INFO DS03_NSEC3_OPT_OUT_DISABLED ns_list=ns1.good-values.dnssec03.xa/127.15.3.31;ns1.good-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.good-values.dnssec03.xa/127.15.3.32;ns2.good-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.11 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns1.good-values.dnssec03.xa/127.15.3.31;ns1.good-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.good-values.dnssec03.xa/127.15.3.32;ns2.good-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.11 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns1.good-values.dnssec03.xa/127.15.3.31;ns1.good-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.good-values.dnssec03.xa/127.15.3.32;ns2.good-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
```
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
ERR-MULT-NSEC3 | DS03_ERR_MULT_NSEC3, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NSEC3_OPT_OUT_DISABLED | DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info err-mult-nsec3.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.18 ERROR DS03_ERR_MULT_NSEC3 ns_list=ns1.err-mult-nsec3.dnssec03.xa/127.15.3.31;ns1.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.err-mult-nsec3.dnssec03.xa/127.15.3.32;ns2.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.18 INFO DS03_LEGAL_HASH_ALGO ns_list=ns1.err-mult-nsec3.dnssec03.xa/127.15.3.31;ns1.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.err-mult-nsec3.dnssec03.xa/127.15.3.32;ns2.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.18 INFO DS03_NSEC3_OPT_OUT_DISABLED ns_list=ns1.err-mult-nsec3.dnssec03.xa/127.15.3.31;ns1.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.err-mult-nsec3.dnssec03.xa/127.15.3.32;ns2.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.18 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns1.err-mult-nsec3.dnssec03.xa/127.15.3.31;ns1.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.err-mult-nsec3.dnssec03.xa/127.15.3.32;ns2.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.18 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns1.err-mult-nsec3.dnssec03.xa/127.15.3.31;ns1.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.err-mult-nsec3.dnssec03.xa/127.15.3.32;ns2.err-mult-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
BAD-VALUES | DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD | DS03_ERR_MULT_NSEC3, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_DISABLED, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info bad-values.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.12 ERROR DS03_ILLEGAL_HASH_ALGO algo_num=2; ns_list=ns1.bad-values.dnssec03.xa/127.15.3.31;ns1.bad-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.bad-values.dnssec03.xa/127.15.3.32;ns2.bad-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.12 NOTICE DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD ns_list=ns1.bad-values.dnssec03.xa/127.15.3.31;ns1.bad-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.bad-values.dnssec03.xa/127.15.3.32;ns2.bad-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.12 ERROR DS03_ILLEGAL_ITERATION_VALUE int=1; ns_list=ns1.bad-values.dnssec03.xa/127.15.3.31;ns1.bad-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.bad-values.dnssec03.xa/127.15.3.32;ns2.bad-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.12 WARNING DS03_ILLEGAL_SALT_LENGTH int=4; ns_list=ns1.bad-values.dnssec03.xa/127.15.3.31;ns1.bad-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.bad-values.dnssec03.xa/127.15.3.32;ns2.bad-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
INCONSISTENT-VALUES | DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NSEC3_OPT_OUT_DISABLED, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD | DS03_ERR_MULT_NSEC3, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info inconsistent-values.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.16 ERROR DS03_INCONSISTENT_HASH_ALGO
0.17 ERROR DS03_ILLEGAL_HASH_ALGO algo_num=2; ns_list=ns2.inconsistent-values.dnssec03.xa/127.15.3.32;ns2.inconsistent-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.17 INFO DS03_LEGAL_HASH_ALGO ns_list=ns1.inconsistent-values.dnssec03.xa/127.15.3.31;ns1.inconsistent-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.17 ERROR DS03_INCONSISTENT_NSEC3_FLAGS
0.17 NOTICE DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD ns_list=ns2.inconsistent-values.dnssec03.xa/127.15.3.32;ns2.inconsistent-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.17 INFO DS03_NSEC3_OPT_OUT_DISABLED ns_list=ns1.inconsistent-values.dnssec03.xa/127.15.3.31;ns1.inconsistent-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.17 ERROR DS03_INCONSISTENT_ITERATION
0.17 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns1.inconsistent-values.dnssec03.xa/127.15.3.31;ns1.inconsistent-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.17 ERROR DS03_ILLEGAL_ITERATION_VALUE int=1; ns_list=ns2.inconsistent-values.dnssec03.xa/127.15.3.32;ns2.inconsistent-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.17 ERROR DS03_INCONSISTENT_SALT_LENGTH
0.17 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns1.inconsistent-values.dnssec03.xa/127.15.3.31;ns1.inconsistent-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.17 WARNING DS03_ILLEGAL_SALT_LENGTH int=4; ns_list=ns2.inconsistent-values.dnssec03.xa/127.15.3.32;ns2.inconsistent-values.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
NSEC3-OPT-OUT-ENABLED-TLD | DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_DISABLED, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info nsec3-opt-out-enabled-tld-dnssec03
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.07 INFO DS03_LEGAL_HASH_ALGO ns_list=ns1.nsec3-opt-out-enabled-tld-dnssec03/127.15.3.31;ns1.nsec3-opt-out-enabled-tld-dnssec03/fda1:b2:c3:0:127:15:3:31;ns2.nsec3-opt-out-enabled-tld-dnssec03/127.15.3.32;ns2.nsec3-opt-out-enabled-tld-dnssec03/fda1:b2:c3:0:127:15:3:32
0.07 INFO DS03_NSEC3_OPT_OUT_ENABLED_TLD ns_list=ns1.nsec3-opt-out-enabled-tld-dnssec03/127.15.3.31;ns1.nsec3-opt-out-enabled-tld-dnssec03/fda1:b2:c3:0:127:15:3:31;ns2.nsec3-opt-out-enabled-tld-dnssec03/127.15.3.32;ns2.nsec3-opt-out-enabled-tld-dnssec03/fda1:b2:c3:0:127:15:3:32
0.07 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns1.nsec3-opt-out-enabled-tld-dnssec03/127.15.3.31;ns1.nsec3-opt-out-enabled-tld-dnssec03/fda1:b2:c3:0:127:15:3:31;ns2.nsec3-opt-out-enabled-tld-dnssec03/127.15.3.32;ns2.nsec3-opt-out-enabled-tld-dnssec03/fda1:b2:c3:0:127:15:3:32
0.07 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns1.nsec3-opt-out-enabled-tld-dnssec03/127.15.3.31;ns1.nsec3-opt-out-enabled-tld-dnssec03/fda1:b2:c3:0:127:15:3:31;ns2.nsec3-opt-out-enabled-tld-dnssec03/127.15.3.32;ns2.nsec3-opt-out-enabled-tld-dnssec03/fda1:b2:c3:0:127:15:3:32
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
SERVER-NO-DNSSEC-SUPPORT | DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NSEC3_OPT_OUT_DISABLED | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info server-no-dnssec-support.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.22 ERROR DS03_SERVER_NO_DNSSEC_SUPPORT ns_list=ns2.server-no-dnssec-support.dnssec03.xa/127.15.3.32;ns2.server-no-dnssec-support.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.22 INFO DS03_LEGAL_HASH_ALGO ns_list=ns1.server-no-dnssec-support.dnssec03.xa/127.15.3.31;ns1.server-no-dnssec-support.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.22 INFO DS03_NSEC3_OPT_OUT_DISABLED ns_list=ns1.server-no-dnssec-support.dnssec03.xa/127.15.3.31;ns1.server-no-dnssec-support.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.23 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns1.server-no-dnssec-support.dnssec03.xa/127.15.3.31;ns1.server-no-dnssec-support.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.23 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns1.server-no-dnssec-support.dnssec03.xa/127.15.3.31;ns1.server-no-dnssec-support.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
SERVER-NO-NSEC3 | DS03_SERVER_NO_NSEC3, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NSEC3_OPT_OUT_DISABLED | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info server-no-nsec3.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.14 ERROR DS03_SERVER_NO_NSEC3 ns_list=ns2.server-no-nsec3.dnssec03.xa/127.15.3.32;ns2.server-no-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.14 INFO DS03_LEGAL_HASH_ALGO ns_list=ns1.server-no-nsec3.dnssec03.xa/127.15.3.31;ns1.server-no-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.14 INFO DS03_NSEC3_OPT_OUT_DISABLED ns_list=ns1.server-no-nsec3.dnssec03.xa/127.15.3.31;ns1.server-no-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.14 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns1.server-no-nsec3.dnssec03.xa/127.15.3.31;ns1.server-no-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
0.14 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns1.server-no-nsec3.dnssec03.xa/127.15.3.31;ns1.server-no-nsec3.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
UNASSIGNED-FLAG-USED | DS03_UNASSIGNED_FLAG_USED, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NSEC3_OPT_OUT_DISABLED | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info unassigned-flag-used.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.14 INFO DS03_LEGAL_HASH_ALGO ns_list=ns1.unassigned-flag-used.dnssec03.xa/127.15.3.31;ns1.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.unassigned-flag-used.dnssec03.xa/127.15.3.32;ns2.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.14 INFO DS03_NSEC3_OPT_OUT_DISABLED ns_list=ns1.unassigned-flag-used.dnssec03.xa/127.15.3.31;ns1.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.unassigned-flag-used.dnssec03.xa/127.15.3.32;ns2.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.14 ERROR DS03_UNASSIGNED_FLAG_USED int=2; ns_list=ns1.unassigned-flag-used.dnssec03.xa/127.15.3.31;ns1.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.unassigned-flag-used.dnssec03.xa/127.15.3.32;ns2.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.14 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns1.unassigned-flag-used.dnssec03.xa/127.15.3.31;ns1.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.unassigned-flag-used.dnssec03.xa/127.15.3.32;ns2.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.14 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns1.unassigned-flag-used.dnssec03.xa/127.15.3.31;ns1.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:31;ns2.unassigned-flag-used.dnssec03.xa/127.15.3.32;ns2.unassigned-flag-used.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
ERROR-RESPONSE-NSEC-QUERY | DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NSEC3_OPT_OUT_DISABLED, DS03_ERROR_RESPONSE_NSEC_QUERY | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_NO_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info error-response-nsec-query.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
0.11 INFO DS03_LEGAL_HASH_ALGO ns_list=ns2.error-response-nsec-query.dnssec03.xa/127.15.3.32;ns2.error-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.11 INFO DS03_NSEC3_OPT_OUT_DISABLED ns_list=ns2.error-response-nsec-query.dnssec03.xa/127.15.3.32;ns2.error-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.11 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns2.error-response-nsec-query.dnssec03.xa/127.15.3.32;ns2.error-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.11 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns2.error-response-nsec-query.dnssec03.xa/127.15.3.32;ns2.error-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
0.11 ERROR DS03_ERROR_RESPONSE_NSEC_QUERY ns_list=ns1.error-response-nsec-query.dnssec03.xa/127.15.3.31;ns1.error-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
NO-RESPONSE-NSEC-QUERY | DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NSEC3_OPT_OUT_DISABLED, DS03_NO_RESPONSE_NSEC_QUERY | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED, DS03_ERROR_RESPONSE_NSEC_QUERY
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info no-response-nsec-query.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
20.15 INFO DS03_LEGAL_HASH_ALGO ns_list=ns1.no-response-nsec-query.dnssec03.xa/127.15.3.31;ns1.no-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
20.15 INFO DS03_NSEC3_OPT_OUT_DISABLED ns_list=ns1.no-response-nsec-query.dnssec03.xa/127.15.3.31;ns1.no-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
20.15 INFO DS03_LEGAL_ITERATION_VALUE ns_list=ns1.no-response-nsec-query.dnssec03.xa/127.15.3.31;ns1.no-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
20.15 INFO DS03_LEGAL_EMPTY_SALT ns_list=ns1.no-response-nsec-query.dnssec03.xa/127.15.3.31;ns1.no-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
20.15 ERROR DS03_NO_RESPONSE_NSEC_QUERY ns_list=ns2.no-response-nsec-query.dnssec03.xa/127.15.3.32;ns2.no-response-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
```
--> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
ERROR-NSEC-QUERY | DS03_ERROR_RESPONSE_NSEC_QUERY, DS03_NO_RESPONSE_NSEC_QUERY | DS03_ERR_MULT_NSEC3, DS03_ILLEGAL_HASH_ALGO, DS03_ILLEGAL_ITERATION_VALUE, DS03_ILLEGAL_SALT_LENGTH, DS03_INCONSISTENT_HASH_ALGO, DS03_INCONSISTENT_ITERATION, DS03_INCONSISTENT_NSEC3_FLAGS, DS03_INCONSISTENT_SALT_LENGTH, DS03_LEGAL_EMPTY_SALT, DS03_LEGAL_HASH_ALGO, DS03_LEGAL_ITERATION_VALUE, DS03_NO_DNSSEC_SUPPORT, DS03_NO_NSEC3, DS03_NSEC3_OPT_OUT_DISABLED, DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD, DS03_NSEC3_OPT_OUT_ENABLED_TLD, DS03_SERVER_NO_DNSSEC_SUPPORT, DS03_SERVER_NO_NSEC3, DS03_UNASSIGNED_FLAG_USED
```
$ zonemaster-cli --raw --test DNSSEC/dnssec03 --hints COMMON/hintfile --level info error-nsec-query.dnssec03.xa
0.00 INFO GLOBAL_VERSION version=v4.7.3
20.16 ERROR DS03_NO_RESPONSE_NSEC_QUERY ns_list=ns2.error-nsec-query.dnssec03.xa/127.15.3.32;ns2.error-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:32
20.16 ERROR DS03_ERROR_RESPONSE_NSEC_QUERY ns_list=ns1.error-nsec-query.dnssec03.xa/127.15.3.31;ns1.error-nsec-query.dnssec03.xa/fda1:b2:c3:0:127:15:3:31
```
--> OK

299
zonemaster/test-zone-data/DNSSEC-TP/dnssec03/dnssec03.cfg Normal file
View File

@@ -0,0 +1,299 @@
# ns1.dnssec03.xa
. {
bind 127.15.3.21
bind fda1:b2:c3:0:127:15:3:21
log
file DNSSEC-TP/dnssec03/dnssec03.xa dnssec03.xa
}
# ns2.dnssec03.xa
. {
bind 127.15.3.22
bind fda1:b2:c3:0:127:15:3:22
log
file DNSSEC-TP/dnssec03/dnssec03.xa dnssec03.xa
}
### ==== Scenarios DNSSEC03 ====
# no-dnssec-support.dnssec03.xa
no-dnssec-support.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/no-dnssec-support.dnssec03.xa no-dnssec-support.dnssec03.xa
}
# no-nsec3.dnssec03.xa.
no-nsec3.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE no-nsec3.dnssec03.xa.
template IN NSEC no-nsec3.dnssec03.xa. {
answer "no-nsec3.dnssec03.xa. 600 IN NSEC _dmarc.no-nsec3.dnssec03.xa. NS SOA RRSIG NSEC DNSKEY"
answer "no-nsec3.dnssec03.xa. 600 IN RRSIG NSEC 13 2 600 20231128063822 20231024050822 48933 no-nsec3.dnssec03.xa. rep5od58VBq5sScvx2il4vAh+dIle4WqcJ3r6TOZeN12OzTgEK5QVvGK 01mFOtfRyxHKe5ORe5uKmrVLwAmkMQ=="
}
}
# good-values.dnssec03.xa
good-values.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE good-values.dnssec03.xa.
template IN NSEC good-values.dnssec03.xa. {
authority "good-values.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.good-values.dnssec03.xa. 900 IN NSEC3 1 0 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.good-values.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 good-values.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "good-values.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 good-values.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# err-mult-nsec3.dnssec03.xa.
err-mult-nsec3.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE err-mult-nsec3.dnssec03.xa.
template IN NSEC err-mult-nsec3.dnssec03.xa. {
authority "err-mult-nsec3.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R4.err-mult-nsec3.dnssec03.xa. 900 IN NSEC3 1 0 0 - C91QE244ND0Q5QH3JLN35A809MIK8D38 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R4.err-mult-nsec3.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 err-mult-nsec3.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.err-mult-nsec3.dnssec03.xa. 900 IN NSEC3 1 0 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.err-mult-nsec3.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 err-mult-nsec3.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "err-mult-nsec3.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 err-mult-nsec3.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# bad-values.dnssec03.xa.
bad-values.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE bad-values.dnssec03.xa.
template IN NSEC bad-values.dnssec03.xa. {
authority "bad-values.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.bad-values.dnssec03.xa. 900 IN NSEC3 2 1 1 8104 C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.bad-values.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 bad-values.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "bad-values.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 bad-values.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# inconsistent-values.dnssec03.xa.
#
# replies from ns1
inconsistent-values.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE inconsistent-values.dnssec03.xa.
template IN NSEC inconsistent-values.dnssec03.xa. {
authority "inconsistent-values.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.inconsistent-values.dnssec03.xa. 900 IN NSEC3 1 0 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.inconsistent-values.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 inconsistent-values.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "inconsistent-values.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 inconsistent-values.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# replies from ns2
inconsistent-values.dnssec03.xa:53 {
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE inconsistent-values.dnssec03.xa.
template IN NSEC inconsistent-values.dnssec03.xa {
authority "inconsistent-values.dnssec03.xa 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.inconsistent-values.dnssec03.xa 900 IN NSEC3 2 1 1 8104 C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.inconsistent-values.dnssec03.xa 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 inconsistent-values.dnssec03.xa eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "inconsistent-values.dnssec03.xa 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 inconsistent-values.dnssec03.xa l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# nsec3-opt-out-enabled-tld-dnssec03. (TLD)
nsec3-opt-out-enabled-tld-dnssec03:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE nsec3-opt-out-enabled-tld-dnssec03.
template IN NSEC nsec3-opt-out-enabled-tld-dnssec03. {
authority "nsec3-opt-out-enabled-tld-dnssec03. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.nsec3-opt-out-enabled-tld-dnssec03. 900 IN NSEC3 1 1 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.nsec3-opt-out-enabled-tld-dnssec03. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 nsec3-opt-out-enabled-tld-dnssec03. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "nsec3-opt-out-enabled-tld-dnssec03. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 nsec3-opt-out-enabled-tld-dnssec03. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# server-no-dnssec-support.dnssec03.xa
#
# replies from ns1
server-no-dnssec-support.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE server-no-dnssec-support.dnssec03.xa.
template IN NSEC server-no-dnssec-support.dnssec03.xa. {
authority "server-no-dnssec-support.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.server-no-dnssec-support.dnssec03.xa. 900 IN NSEC3 1 0 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.server-no-dnssec-support.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 server-no-dnssec-support.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "server-no-dnssec-support.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 server-no-dnssec-support.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# replies from ns2
server-no-dnssec-support.dnssec03.xa:53 {
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/server-no-dnssec-support.dnssec03.xa server-no-dnssec-support.dnssec03.xa
}
# server-no-nsec3.dnssec03.xa
#
# Replies from ns1
server-no-nsec3.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE server-no-nsec3.dnssec03.xa.
template IN NSEC server-no-nsec3.dnssec03.xa. {
authority "server-no-nsec3.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.server-no-nsec3.dnssec03.xa. 900 IN NSEC3 1 0 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.server-no-nsec3.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 server-no-nsec3.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "server-no-nsec3.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 server-no-nsec3.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# Replies from ns2
server-no-nsec3.dnssec03.xa:53 {
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE server-no-nsec3.dnssec03.xa.
template IN NSEC server-no-nsec3.dnssec03.xa. {
answer "server-no-nsec3.dnssec03.xa. 600 IN NSEC _dmarc.server-no-nsec3.dnssec03.xa. NS SOA RRSIG NSEC DNSKEY"
answer "server-no-nsec3.dnssec03.xa. 600 IN RRSIG NSEC 13 2 600 20231128063822 20231024050822 48933 server-no-nsec3.dnssec03.xa. rep5od58VBq5sScvx2il4vAh+dIle4WqcJ3r6TOZeN12OzTgEK5QVvGK 01mFOtfRyxHKe5ORe5uKmrVLwAmkMQ=="
}
}
# unassigned-flag-used.dnssec03.xa
unassigned-flag-used.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE unassigned-flag-used.dnssec03.xa.
template IN NSEC unassigned-flag-used.dnssec03.xa. {
authority "unassigned-flag-used.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.unassigned-flag-used.dnssec03.xa. 900 IN NSEC3 1 2 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.unassigned-flag-used.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 unassigned-flag-used.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "unassigned-flag-used.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 unassigned-flag-used.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# error-response-nsec-query.dnssec03.xa
#
# Replies from ns1
error-response-nsec-query.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE error-response-nsec-query.dnssec03.xa.
template IN NSEC error-response-nsec-query.dnssec03.xa. {
rcode SERVFAIL
}
}
# Replies from ns2
error-response-nsec-query.dnssec03.xa:53 {
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE error-response-nsec-query.dnssec03.xa.
template IN NSEC error-response-nsec-query.dnssec03.xa. {
authority "error-response-nsec-query.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.error-response-nsec-query.dnssec03.xa. 900 IN NSEC3 1 0 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.error-response-nsec-query.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 error-response-nsec-query.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "error-response-nsec-query.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 error-response-nsec-query.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# no-response-nsec-query.dnssec03.xa
#
# Replies from ns1
no-response-nsec-query.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE no-response-nsec-query.dnssec03.xa.
template IN NSEC no-response-nsec-query.dnssec03.xa. {
authority "no-response-nsec-query.dnssec03.xa. 900 IN SOA ns4.scania.com. hostmaster.scania.com. 2008095524 10800 900 1209600 900"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.no-response-nsec-query.dnssec03.xa. 900 IN NSEC3 1 0 0 - C91QE244ND0Q5QH3JLN35A809MIK8D39 A NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM"
authority "BP7OICBR09FICEULBF46U8DMJ1J1V8R3.no-response-nsec-query.dnssec03.xa. 900 IN RRSIG NSEC3 8 3 900 20231117165358 20231018163325 53655 no-response-nsec-query.dnssec03.xa. eRmNGNfFv/cFpcp2l/5NoSyopWvMdiO52ZeecCg+Ej/Itkm6vAEAYQsJ H1JHltEn0NYtZRjY1KbwAeo7O6D91SOW67xEWgjujJzcH56b47Ju9MBe JTEwNS2RXDRb04I5Rupl2zD5nxQkUs2Ymr9Aln+nZCZNS8X/mWJ/TxE9 5mY="
authority "no-response-nsec-query.dnssec03.xa. 900 IN RRSIG SOA 8 2 10800 20231123093906 20231024083906 53655 no-response-nsec-query.dnssec03.xa. l5WZA9Zl/JCL+bqhu38oXz5dPx3w1lPV88PnL6OPPdBKRX3c+98/yr3U w4oXrob6GkY0ND/ioGCbA0UX0EV4AJNnh6OqavxfAYohWym058gp1nLm WUgx6HoE19jHHAn18DcQtHRS3ZyHcqKpMMhklUw43wyKcZZL3p2nrYTa Tb0="
}
}
# Replies from ns2
no-response-nsec-query.dnssec03.xa:53 {
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE no-response-nsec-query.dnssec03.xa.
acl no-response-nsec-query.dnssec03.xa {
drop type NSEC
}
}
# error-nsec-query.dnssec03.xa
#
# Replies from ns1
error-nsec-query.dnssec03.xa:53 {
bind 127.15.3.31
bind fda1:b2:c3:0:127:15:3:31
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE error-nsec-query.dnssec03.xa.
template IN NSEC error-nsec-query.dnssec03.xa. {
rcode SERVFAIL
}
}
# Replies from ns2
error-nsec-query.dnssec03.xa:53 {
bind 127.15.3.32
bind fda1:b2:c3:0:127:15:3:32
log
file DNSSEC-TP/dnssec03/DNSSEC03-SCENARIO-DEFAULT-ZONE error-nsec-query.dnssec03.xa.
acl error-nsec-query.dnssec03.xa {
drop type NSEC
}
}

116
zonemaster/test-zone-data/DNSSEC-TP/dnssec03/dnssec03.xa Normal file
View File

@@ -0,0 +1,116 @@
$ORIGIN dnssec03.xa. ; Must end with "."
$TTL 3600
@ SOA ns1 admin. (
2022121300 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS ns1
NS ns2
ns1 A 127.15.3.21
ns1 AAAA fda1:b2:c3:0:127:15:3:21
ns2 A 127.15.3.22
ns2 AAAA fda1:b2:c3:0:127:15:3:22
$ORIGIN no-dnssec-support.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN no-nsec3.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN good-values.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN err-mult-nsec3.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN bad-values.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN inconsistent-values.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
;;;; nsec3-opt-out-enabled-tld-dnssec03. (TLD) delegated from root zone
$ORIGIN server-no-dnssec-support.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN server-no-nsec3.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN unassigned-flag-used.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN error-response-nsec-query.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN no-response-nsec-query.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32
$ORIGIN error-nsec-query.dnssec03.xa. ; Must end with "."
@ NS ns1
@ NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec03/no-dnssec-support.dnssec03.xa Normal file
View File

@@ -0,0 +1,17 @@
$TTL 3600
@ SOA ns1 admin. (
2022121300 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS ns1
NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec03/server-no-dnssec-support.dnssec03.xa Normal file
View File

@@ -0,0 +1,19 @@
; For server-no-dnssec-support.dnssec03.xa, ns2 only
$TTL 3600
@ SOA ns1 admin. (
2022121300 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS ns1
NS ns2
ns1 A 127.15.3.31
ns1 AAAA fda1:b2:c3:0:127:15:3:31
ns2 A 127.15.3.32
ns2 AAAA fda1:b2:c3:0:127:15:3:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
; Shared, $ORIGIN must implicit.
$TTL 3600
@ SOA ns1.child.dnssec05.xa. admin. (
2025071603 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
@ TXT "Placeholder"
; EOF

13
zonemaster/test-zone-data/DNSSEC-TP/dnssec05/README.md Normal file
View File

@@ -0,0 +1,13 @@
[This directory](.), i.e. the same directory as this README file, holds zone
files and configuration files to implement the test zones for the scenarios
defined in [DNSSEC05 test scenario specification].
For these test zones the following files are found in [This directory](.):
* Zone files for `dnssec05.xa` and other related zones.
* CoreDNS configuration file
* Zone file and hint file for local root zone.
* Output from `zonemaster-cli` on all test scenarios in
[test-zones-output.md](test-zones-output.md).
[DNSSEC05 test scenario specification]: ../../../docs/public/specifications/test-zones/DNSSEC-TP/dnssec05.md

535
zonemaster/test-zone-data/DNSSEC-TP/dnssec05/dnssec05.cfg Normal file
View File

@@ -0,0 +1,535 @@
## root
.:53 {
bind 127.15.5.27 # ns1
bind fda1:b2:c3:0:127:15:5:27 # ns1
bind 127.15.5.28 # ns2
bind fda1:b2:c3:0:127:15:5:28 # ns2
log
file DNSSEC-TP/dnssec05/root-zone.zone .
}
# Resolver using test case local root
. {
bind 127.15.5.53
unbound {
option root-hints DNSSEC-TP/dnssec05/hintfile.zone
}
log
}
dnssec05.xa:53 { #
bind 127.15.5.21 # ns1
bind fda1:b2:c3:0:127:15:5:21 # ns1
bind 127.15.5.22 # ns2
bind fda1:b2:c3:0:127:15:5:22 # ns2
log
file DNSSEC-TP/dnssec05/dnssec05.xa.zone dnssec05.xa
}
# ALGO-DEPRECATED-1
algo-deprecated-1.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-deprecated-1.dnssec05.xa
template IN DNSKEY algo-deprecated-1.dnssec05.xa. {
answer "algo-deprecated-1.dnssec05.xa. 3600 IN DNSKEY 257 3 1 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
# ALGO-DEPRECATED-3
algo-deprecated-3.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-deprecated-3.dnssec05.xa
template IN DNSKEY algo-deprecated-3.dnssec05.xa. {
answer "algo-deprecated-3.dnssec05.xa. 3600 IN DNSKEY 257 3 3 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
# ALGO-DEPRECATED-5
algo-deprecated-5.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-deprecated-5.dnssec05.xa
template IN DNSKEY algo-deprecated-5.dnssec05.xa. {
answer "algo-deprecated-5.dnssec05.xa. 3600 IN DNSKEY 257 3 5 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
# ALGO-DEPRECATED-6
algo-deprecated-6.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-deprecated-6.dnssec05.xa
template IN DNSKEY algo-deprecated-6.dnssec05.xa. {
answer "algo-deprecated-6.dnssec05.xa. 3600 IN DNSKEY 257 3 6 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
# ALGO-DEPRECATED-7
algo-deprecated-7.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-deprecated-7.dnssec05.xa
template IN DNSKEY algo-deprecated-7.dnssec05.xa. {
answer "algo-deprecated-7.dnssec05.xa. 3600 IN DNSKEY 257 3 7 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
# ALGO-DEPRECATED-12
algo-deprecated-12.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-deprecated-12.dnssec05.xa
template IN DNSKEY algo-deprecated-12.dnssec05.xa. {
answer "algo-deprecated-12.dnssec05.xa. 3600 IN DNSKEY 257 3 12 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-RESERVED-4
algo-reserved-4.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-reserved-4.dnssec05.xa
template IN DNSKEY algo-reserved-4.dnssec05.xa. {
answer "algo-reserved-4.dnssec05.xa. 3600 IN DNSKEY 257 3 4 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-RESERVED-9
algo-reserved-9.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-reserved-9.dnssec05.xa
template IN DNSKEY algo-reserved-9.dnssec05.xa. {
answer "algo-reserved-9.dnssec05.xa. 3600 IN DNSKEY 257 3 9 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-RESERVED-11
algo-reserved-11.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-reserved-11.dnssec05.xa
template IN DNSKEY algo-reserved-11.dnssec05.xa. {
answer "algo-reserved-11.dnssec05.xa. 3600 IN DNSKEY 257 3 11 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-RESERVED-123
algo-reserved-123.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-reserved-123.dnssec05.xa
template IN DNSKEY algo-reserved-123.dnssec05.xa. {
answer "algo-reserved-123.dnssec05.xa. 3600 IN DNSKEY 257 3 123 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-RESERVED-251
algo-reserved-251.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-reserved-251.dnssec05.xa
template IN DNSKEY algo-reserved-251.dnssec05.xa. {
answer "algo-reserved-251.dnssec05.xa. 3600 IN DNSKEY 257 3 251 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-RESERVED-255
algo-reserved-255.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-reserved-255.dnssec05.xa
template IN DNSKEY algo-reserved-255.dnssec05.xa. {
answer "algo-reserved-255.dnssec05.xa. 3600 IN DNSKEY 257 3 255 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-UNASSIGNED-20
algo-unassigned-20.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-unassigned-20.dnssec05.xa
template IN DNSKEY algo-unassigned-20.dnssec05.xa. {
answer "algo-unassigned-20.dnssec05.xa. 3600 IN DNSKEY 257 3 20 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-UNASSIGNED-122
algo-unassigned-122.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-unassigned-122.dnssec05.xa
template IN DNSKEY algo-unassigned-122.dnssec05.xa. {
answer "algo-unassigned-122.dnssec05.xa. 3600 IN DNSKEY 257 3 122 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-PRIVATE-253
algo-private-253.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-private-253.dnssec05.xa
template IN DNSKEY algo-private-253.dnssec05.xa. {
answer "algo-private-253.dnssec05.xa. 3600 IN DNSKEY 257 3 253 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-PRIVATE-254
algo-private-254.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-private-254.dnssec05.xa
template IN DNSKEY algo-private-254.dnssec05.xa. {
answer "algo-private-254.dnssec05.xa. 3600 IN DNSKEY 257 3 254 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-NOT-ZONE-SIGN-0
algo-not-zone-sign-0.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-not-zone-sign-0.dnssec05.xa
template IN DNSKEY algo-not-zone-sign-0.dnssec05.xa. {
answer "algo-not-zone-sign-0.dnssec05.xa. 3600 IN DNSKEY 257 3 0 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-NOT-ZONE-SIGN-2
algo-not-zone-sign-2.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-not-zone-sign-2.dnssec05.xa
template IN DNSKEY algo-not-zone-sign-2.dnssec05.xa. {
answer "algo-not-zone-sign-2.dnssec05.xa. 3600 IN DNSKEY 257 3 2 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-NOT-ZONE-SIGN-252
algo-not-zone-sign-252.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-not-zone-sign-252.dnssec05.xa
template IN DNSKEY algo-not-zone-sign-252.dnssec05.xa. {
answer "algo-not-zone-sign-252.dnssec05.xa. 3600 IN DNSKEY 257 3 252 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-NOT-RECOMMENDED-10
algo-not-recommended-10.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-not-recommended-10.dnssec05.xa
template IN DNSKEY algo-not-recommended-10.dnssec05.xa. {
answer "algo-not-recommended-10.dnssec05.xa. 3600 IN DNSKEY 257 3 10 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-OK-8
algo-ok-8.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-ok-8.dnssec05.xa
template IN DNSKEY algo-ok-8.dnssec05.xa. {
answer "algo-ok-8.dnssec05.xa. 3600 IN DNSKEY 257 3 8 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-OK-13
algo-ok-13.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-ok-13.dnssec05.xa
template IN DNSKEY algo-ok-13.dnssec05.xa. {
answer "algo-ok-13.dnssec05.xa. 3600 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-OK-14
algo-ok-14.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-ok-14.dnssec05.xa
template IN DNSKEY algo-ok-14.dnssec05.xa. {
answer "algo-ok-14.dnssec05.xa. 3600 IN DNSKEY 257 3 14 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-OK-15
algo-ok-15.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-ok-15.dnssec05.xa
template IN DNSKEY algo-ok-15.dnssec05.xa. {
answer "algo-ok-15.dnssec05.xa. 3600 IN DNSKEY 257 3 15 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-OK-16
algo-ok-16.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-ok-16.dnssec05.xa
template IN DNSKEY algo-ok-16.dnssec05.xa. {
answer "algo-ok-16.dnssec05.xa. 3600 IN DNSKEY 257 3 16 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-OK-17
algo-ok-17.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-ok-17.dnssec05.xa
template IN DNSKEY algo-ok-17.dnssec05.xa. {
answer "algo-ok-17.dnssec05.xa. 3600 IN DNSKEY 257 3 17 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ALGO-OK-23
algo-ok-23.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone algo-ok-23.dnssec05.xa
template IN DNSKEY algo-ok-23.dnssec05.xa. {
answer "algo-ok-23.dnssec05.xa. 3600 IN DNSKEY 257 3 23 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
## MIXED-ALGO-1
mixed-algo-1.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone mixed-algo-1.dnssec05.xa
template IN DNSKEY mixed-algo-1.dnssec05.xa. {
answer "mixed-algo-1.dnssec05.xa. 3600 IN DNSKEY 257 3 7 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "mixed-algo-1.dnssec05.xa. 3600 IN DNSKEY 257 3 10 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "mixed-algo-1.dnssec05.xa. 3600 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### NO-RESPONSE-1
no-response-1.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone no-response-1.dnssec05.xa
acl no-response-1.dnssec05.xa { #
drop type DNSKEY
}
}
no-response-1.dnssec05.xa:53 { #
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone no-response-1.dnssec05.xa
header {
response clear aa
}
}
### NO-RESPONSE-2
no-response-2.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone no-response-2.dnssec05.xa
template IN DNSKEY no-response-2.dnssec05.xa. {
rcode SERVFAIL
}
}
no-response-2.dnssec05.xa:53 { #
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone no-response-2.dnssec05.xa
template IN DNSKEY no-response-2.dnssec05.xa. {
rcode REFUSED
}
}
### SERVER-NO-DNSSEC-1
server-no-dnssec-1.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone server-no-dnssec-1.dnssec05.xa
}
server-no-dnssec-1.dnssec05.xa:53 { #
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone server-no-dnssec-1.dnssec05.xa
template IN DNSKEY server-no-dnssec-1.dnssec05.xa. {
answer "server-no-dnssec-1.dnssec05.xa. 3600 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### SHARED-IP-1
shared-ip-1.dnssec05.xa:53 { #
bind 127.15.5.31 # ns1a and ns1b
log
file DNSSEC-TP/dnssec05/shared-ip-1.dnssec05.xa.zone shared-ip-1.dnssec05.xa
template IN DNSKEY shared-ip-1.dnssec05.xa. {
answer "shared-ip-1.dnssec05.xa. 3600 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
}
}
### ZONE-NO-DNSSEC-1
zone-no-dnssec-1.dnssec05.xa:53 { #
bind 127.15.5.23 # ns1.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:23 # ns1.child.dnssec05.xa
bind 127.15.5.24 # ns2.child.dnssec05.xa
bind fda1:b2:c3:0:127:15:5:24 # ns2.child.dnssec05.xa
log
file DNSSEC-TP/dnssec05/CHILD.dnssec05.xa.zone zone-no-dnssec-1.dnssec05.xa
}

159
zonemaster/test-zone-data/DNSSEC-TP/dnssec05/dnssec05.xa.zone Normal file
View File

@@ -0,0 +1,159 @@
$ORIGIN dnssec05.xa. ; Must end with "."
$TTL 3600
@ SOA ns1 admin. (
2025102900 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.5.21
ns1 AAAA fda1:b2:c3:0:127:15:5:21
ns2 A 127.15.5.22
ns2 AAAA fda1:b2:c3:0:127:15:5:22
; For hosting child zones
ns1.child A 127.15.5.23
ns1.child AAAA fda1:b2:c3:0:127:15:5:23
ns2.child A 127.15.5.24
ns2.child AAAA fda1:b2:c3:0:127:15:5:24
$ORIGIN algo-deprecated-1.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-deprecated-3.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-deprecated-5.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-deprecated-6.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-deprecated-7.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-deprecated-12.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-reserved-4.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-reserved-9.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-reserved-11.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-reserved-123.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-reserved-251.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-reserved-255.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-unassigned-20.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-unassigned-122.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-private-253.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-private-254.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-not-zone-sign-0.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-not-zone-sign-2.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-not-zone-sign-252.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-not-recommended-10.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-ok-8.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-ok-13.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-ok-14.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-ok-15.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-ok-16.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-ok-17.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN algo-ok-23.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN mixed-algo-1.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN no-response-1.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN no-response-2.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN server-no-dnssec-1.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.
$ORIGIN shared-ip-1.dnssec05.xa.
@ NS ns1a
@ NS ns1b
ns1a A 127.15.5.31
ns1b A 127.15.5.31
$ORIGIN zone-no-dnssec-1.dnssec05.xa.
@ NS ns1.child.dnssec05.xa.
@ NS ns2.child.dnssec05.xa.

8
zonemaster/test-zone-data/DNSSEC-TP/dnssec05/hintfile.zone Normal file
View File

@@ -0,0 +1,8 @@
; Hint file for DNSSEC05 local root
. 3600 NS root-ns1.xa.
. 3600 NS root-ns2.xa.
root-ns1.xa. 3600 A 127.15.5.27
root-ns1.xa. 3600 AAAA fda1:b2:c3::127:15:5:27
root-ns2.xa. 3600 A 127.15.5.28
root-ns2.xa. 3600 AAAA fda1:b2:c3::127:15:5:28

32
zonemaster/test-zone-data/DNSSEC-TP/dnssec05/root-zone.zone Normal file
View File

@@ -0,0 +1,32 @@
$ORIGIN .
$TTL 3600
@ SOA ns1. admin.xa. (
2025071600 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS root-ns1.xa.
NS root-ns2.xa.
root-ns1.xa. A 127.15.5.27
root-ns1.xa. AAAA fda1:b2:c3::127:15:5:27
root-ns2.xa. A 127.15.5.28
root-ns2.xa. AAAA fda1:b2:c3::127:15:5:28
$ORIGIN dnssec05.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.5.21
ns1 AAAA fda1:b2:c3::127:15:5:21
ns2 A 127.15.5.22
ns1 AAAA fda1:b2:c3::127:15:5:22
;EOF

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec05/shared-ip-1.dnssec05.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN shared-ip-1.dnssec05.xa.
$TTL 3600
@ SOA ns1a admin. (
2025071801 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1a
@ NS ns1b
@ TXT "Placeholder"
ns1a A 127.15.5.31
ns1b A 127.15.5.31
; EOF

417
zonemaster/test-zone-data/DNSSEC-TP/dnssec05/test-zones-output.md Normal file
View File

@@ -0,0 +1,417 @@
# DNSSEC05 Test scenario output
# Table of contents
* [Introduction](#introduction)
* [All message tags](#all-message-tags)
* [All scenarios](#all-scenarios)
* [zonemaster-cli commands and their output for each test scenario](#zonemaster-cli-commands-and-their-output-for-each-test-scenario)
## Introduction
In this file the output of running `zonemaster-cli` for every test zone is
found. This file is created during the development of the test zones and should
be updated as the implementation of the test case or the test scenarios or test
zones are updated or corrected.
During development and any update this document serves as tracking and log tool.
It also serves as a template for future development of test zones for
scenarios for other test cases.
## All message tags
* DS05_ALGO_DEPRECATED
* DS05_ALGO_NOT_RECOMMENDED
* DS05_ALGO_NOT_ZONE_SIGN
* DS05_ALGO_OK
* DS05_ALGO_PRIVATE
* DS05_ALGO_RESERVED
* DS05_ALGO_UNASSIGNED
* DS05_NO_RESPONSE
* DS05_SERVER_NO_DNSSEC
* DS05_ZONE_NO_DNSSEC
## All scenarios
| Scenario name | Zone name |
|:------------------------|:-------------------------------------------------------|
| ALGO-DEPRECATED-1 | algo-deprecated-1.dnssec05.xa. |
| ALGO-DEPRECATED-3 | algo-deprecated-3.dnssec05.xa. |
| ALGO-DEPRECATED-5 | algo-deprecated-5.dnssec05.xa. |
| ALGO-DEPRECATED-6 | algo-deprecated-6.dnssec05.xa. |
| ALGO-DEPRECATED-7 | algo-deprecated-7.dnssec05.xa. |
| ALGO-DEPRECATED-12 | algo-deprecated-12.dnssec05.xa. |
| ALGO-RESERVED-4 | algo-reserved-4.dnssec05.xa. |
| ALGO-RESERVED-9 | algo-reserved-9.dnssec05.xa. |
| ALGO-RESERVED-11 | algo-reserved-11.dnssec05.xa. |
| ALGO-RESERVED-123 | algo-reserved-123.dnssec05.xa. |
| ALGO-RESERVED-251 | algo-reserved-251.dnssec05.xa. |
| ALGO-RESERVED-255 | algo-reserved-255.dnssec05.xa. |
| ALGO-UNASSIGNED-20 | algo-unassigned-17.dnssec05.xa. |
| ALGO-UNASSIGNED-122 | algo-unassigned-122.dnssec05.xa. |
| ALGO-PRIVATE-253 | algo-private-253.dnssec05.xa. |
| ALGO-PRIVATE-254 | algo-private-254.dnssec05.xa. |
| ALGO-NOT-ZONE-SIGN-0 | algo-not-zone-sign-0.dnssec05.xa. |
| ALGO-NOT-ZONE-SIGN-2 | algo-not-zone-sign-2.dnssec05.xa. |
| ALGO-NOT-ZONE-SIGN-252 | algo-not-zone-sign-252.dnssec05.xa. |
| ALGO-NOT-RECOMMENDED-10 | algo-not-recommended-10.dnssec05.xa. |
| ALGO-OK-8 | algo-ok-8.dnssec05.xa. |
| ALGO-OK-13 | algo-ok-13.dnssec05.xa. |
| ALGO-OK-14 | algo-ok-14.dnssec05.xa. |
| ALGO-OK-15 | algo-ok-15.dnssec05.xa. |
| ALGO-OK-16 | algo-ok-16.dnssec05.xa. |
| ALGO-OK-17 | algorithm-ok-17.dnssec05.xa. |
| ALGO-OK-23 | algorithm-ok-23.dnssec05.xa."mixed-algo-1.dnssec05.xa. |
| NO-RESPONSE-1 | no-response-1.dnssec05.xa. |
| NO-RESPONSE-2 | no-response-2.dnssec05.xa. |
| SERVER-NO-DNSSEC-1 | server-no-dnssec-1.dnssec05.xa. |
| SHARED-IP-1 | shared-ip-1.dnssec05.xa. |
| ZONE-NO-DNSSEC-1 | zone-no-dnssec-1.dnssec05.xa. |
## zonemaster-cli commands and their output for each test scenario
All commands are run from the same directory as this file is in. To be meaningful
the `zonemaster-cli` command should be run with the following options:
```
--hints=hintfile.zone --test=dnssec05 --level=info
```
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-DEPRECATED-1 | DS05_ALGO_DEPRECATED | 2) |
* (2) All tags except for those specified as "Mandatory message tags"
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-DEPRECATED-1.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_DEPRECATED algo_descr=RSA/MD5; algo_mnemo=RSAMD5; algo_num=1; keytag=13008; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-DEPRECATED-3 | DS05_ALGO_DEPRECATED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-DEPRECATED-3.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_DEPRECATED algo_descr=DSA/SHA1; algo_mnemo=DSA; algo_num=3; keytag=51288; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-DEPRECATED-5 | DS05_ALGO_DEPRECATED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-DEPRECATED-5.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_DEPRECATED algo_descr=RSA/SHA1; algo_mnemo=RSASHA1; algo_num=5; keytag=51290; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-DEPRECATED-6 | DS05_ALGO_DEPRECATED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-DEPRECATED-6.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_DEPRECATED algo_descr=DSA-NSEC3-SHA1; algo_mnemo=DSA-NSEC3-SHA1; algo_num=6; keytag=51291; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-DEPRECATED-7 | DS05_ALGO_DEPRECATED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-DEPRECATED-7.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_DEPRECATED algo_descr=RSASHA1-NSEC3-SHA1; algo_mnemo=RSASHA1-NSEC3-SHA1; algo_num=7; keytag=51292; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-DEPRECATED-12 | DS05_ALGO_DEPRECATED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-DEPRECATED-12.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_DEPRECATED algo_descr=GOST R 34.10-2001; algo_mnemo=ECC-GOST; algo_num=12; keytag=51297; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-NOT-RECOMMENDED-10 | DS05_ALGO_NOT_RECOMMENDED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-NOT-RECOMMENDED-10.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 WARNING DNSSEC05 DS05_ALGO_NOT_RECOMMENDED algo_descr=RSA/SHA-512; algo_mnemo=RSASHA512; algo_num=10; keytag=51295; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-NOT-ZONE-SIGN-0 | DS05_ALGO_NOT_ZONE_SIGN | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-NOT-ZONE-SIGN-0.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_NOT_ZONE_SIGN algo_descr=Delete DS; algo_mnemo=DELETE; algo_num=0; keytag=51285; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-NOT-ZONE-SIGN-2 | DS05_ALGO_NOT_ZONE_SIGN | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-NOT-ZONE-SIGN-2.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_NOT_ZONE_SIGN algo_descr=Diffie-Hellman; algo_mnemo=DH; algo_num=2; keytag=51287; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-NOT-ZONE-SIGN-252 | DS05_ALGO_NOT_ZONE_SIGN | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-NOT-ZONE-SIGN-252.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_NOT_ZONE_SIGN algo_descr=Reserved for Indirect Keys; algo_mnemo=INDIRECT; algo_num=252; keytag=51537; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-OK-13 | DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-OK-13.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 INFO DNSSEC05 DS05_ALGO_OK algo_descr=ECDSA Curve P-256 with SHA-256; algo_mnemo=ECDSAP256SHA256; algo_num=13; keytag=51298; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-OK-14 | DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-OK-14.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC05 DS05_ALGO_OK algo_descr=ECDSA Curve P-384 with SHA-384; algo_mnemo=ECDSAP384SHA384; algo_num=14; keytag=51299; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-OK-15 | DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-OK-15.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC05 DS05_ALGO_OK algo_descr=Ed25519; algo_mnemo=ED25519; algo_num=15; keytag=51300; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-OK-16 | DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-OK-16.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC05 DS05_ALGO_OK algo_descr=Ed448; algo_mnemo=ED448; algo_num=16; keytag=51301; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> 80
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-OK-17 | DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-OK-17.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC05 DS05_ALGO_OK algo_descr=SM2 signing algo w SM3 hash algo; algo_mnemo=SM2SM3; algo_num=17; keytag=51302; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-OK-23 | DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-OK-23.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC05 DS05_ALGO_OK algo_descr=GOST R 34.10-2012; algo_mnemo=ECC-GOST12; algo_num=23; keytag=51308; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-OK-8 | DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-OK-8.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 INFO DNSSEC05 DS05_ALGO_OK algo_descr=RSA/SHA-256; algo_mnemo=RSASHA256; algo_num=8; keytag=51293; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-PRIVATE-253 | DS05_ALGO_PRIVATE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-PRIVATE-253.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_PRIVATE algo_descr=private algorithm; algo_mnemo=PRIVATEDNS; algo_num=253; keytag=51538; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-PRIVATE-254 | DS05_ALGO_PRIVATE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-PRIVATE-254.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_PRIVATE algo_descr=private algorithm OID; algo_mnemo=PRIVATEOID; algo_num=254; keytag=51539; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-RESERVED-11 | DS05_ALGO_RESERVED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-RESERVED-11.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_RESERVED algo_descr=Reserved; algo_mnemo=RESERVED; algo_num=11; keytag=51296; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-RESERVED-123 | DS05_ALGO_RESERVED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-RESERVED-123.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_RESERVED algo_descr=Reserved; algo_mnemo=RESERVED; algo_num=123; keytag=51408; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-RESERVED-251 | DS05_ALGO_RESERVED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-RESERVED-251.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_RESERVED algo_descr=Reserved; algo_mnemo=RESERVED; algo_num=251; keytag=51536; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-RESERVED-255 | DS05_ALGO_RESERVED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-RESERVED-255.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_RESERVED algo_descr=Reserved; algo_mnemo=RESERVED; algo_num=255; keytag=51540; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-RESERVED-4 | DS05_ALGO_RESERVED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-RESERVED-4.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_RESERVED algo_descr=Reserved; algo_mnemo=RESERVED; algo_num=4; keytag=51289; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-RESERVED-9 | DS05_ALGO_RESERVED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-RESERVED-9.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 ERROR DNSSEC05 DS05_ALGO_RESERVED algo_descr=Reserved; algo_mnemo=RESERVED; algo_num=9; keytag=51294; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-UNASSIGNED-122 | DS05_ALGO_UNASSIGNED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-UNASSIGNED-122.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_UNASSIGNED algo_descr=Unassigned; algo_mnemo=UNASSIGNED; algo_num=122; keytag=51407; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ALGO-UNASSIGNED-20 | DS05_ALGO_UNASSIGNED | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ALGO-UNASSIGNED-20.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 ERROR DNSSEC05 DS05_ALGO_UNASSIGNED algo_descr=Unassigned; algo_mnemo=UNASSIGNED; algo_num=20; keytag=51305; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| MIXED-ALGO-1 | DS05_ALGO_DEPRECATED, DS05_ALGO_NOT_RECOMMENDED, DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw MIXED-ALGO-1.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 WARNING DNSSEC05 DS05_ALGO_NOT_RECOMMENDED algo_descr=RSA/SHA-512; algo_mnemo=RSASHA512; algo_num=10; keytag=51295; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
0.05 ERROR DNSSEC05 DS05_ALGO_DEPRECATED algo_descr=RSASHA1-NSEC3-SHA1; algo_mnemo=RSASHA1-NSEC3-SHA1; algo_num=7; keytag=51292; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
0.06 INFO DNSSEC05 DS05_ALGO_OK algo_descr=ECDSA Curve P-256 with SHA-256; algo_mnemo=ECDSAP256SHA256; algo_num=13; keytag=51298; ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| NO-RESPONSE-1 | DS05_NO_RESPONSE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw NO-RESPONSE-1.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
20.07 WARNING DNSSEC05 DS05_NO_RESPONSE ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| NO-RESPONSE-2 | DS05_NO_RESPONSE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw NO-RESPONSE-2.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 WARNING DNSSEC05 DS05_NO_RESPONSE ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:-------------------|:------------------------------------|:-----------------------|
| SERVER-NO-DNSSEC-1 | DS05_SERVER_NO_DNSSEC, DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw SERVER-NO-DNSSEC-1.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 INFO DNSSEC05 DS05_ALGO_OK algo_descr=ECDSA Curve P-256 with SHA-256; algo_mnemo=ECDSAP256SHA256; algo_num=13; keytag=51298; ns_list=ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
0.06 ERROR DNSSEC05 DS05_SERVER_NO_DNSSEC ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| SHARED-IP-1 | DS05_ALGO_OK | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw SHARED-IP-1.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.05 INFO DNSSEC05 DS05_ALGO_OK algo_descr=ECDSA Curve P-256 with SHA-256; algo_mnemo=ECDSAP256SHA256; algo_num=13; keytag=51298; ns_list=ns1a.shared-ip-1.dnssec05.xa/127.15.5.31;ns1b.shared-ip-1.dnssec05.xa/127.15.5.31
```
--> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|:------------------------|:--------------------------------------------------------------|:-----------------------|
| ZONE-NO-DNSSEC-1 | DS05_ZONE_NO_DNSSEC | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec05 --level=info --show-testcase --raw ZONE-NO-DNSSEC-1.dnssec05.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.06 NOTICE DNSSEC05 DS05_ZONE_NO_DNSSEC ns_list=ns1.child.dnssec05.xa/127.15.5.23;ns1.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:23;ns2.child.dnssec05.xa/127.15.5.24;ns2.child.dnssec05.xa/fda1:b2:c3:0:127:15:5:24
```
--> OK

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
; Shared, $ORIGIN must implicit.
$TTL 3600
@ SOA ns1 admin. (
2025092900 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
@ TXT "Placeholder"
; EOF

13
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/README.md Normal file
View File

@@ -0,0 +1,13 @@
[This directory](.), i.e. the same directory as this README file, holds zone
files and configuration files to implement the test zones for the scenarios
defined in [DNSSEC07 test scenario specification].
For these test zones the following files are found in [This directory](.):
* Zone files for `dnssec07.xa` and other related zones.
* CoreDNS configuration file
* Zone file and hint file for local root zone.
* Output from `zonemaster-cli` on all test scenarios in
[test-zones-output.md](test-zones-output.md).
[DNSSEC07 test scenario specification]: ../../../docs/public/specifications/test-zones/DNSSEC-TP/dnssec07.md

235
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/dnssec07.cfg Normal file
View File

@@ -0,0 +1,235 @@
# | 127.15.7.0/24 | DNSSEC07 scenarios |
# | 127.15.7.21 | ns1.dnssec07.xa |
# | 127.15.7.22 | ns2.dnssec07.xa |
# | 127.15.7.27 | ns1 of root |
# | 127.15.7.28 | ns2 of root |
# | 127.15.7.31 | ns1 of parent in some scenarios |
# | 127.15.7.32 | ns2 of parent in some scenarios |
# | 127.15.7.41 | ns1 of child zone |
# | 127.15.7.42 | ns2 of child zone |
# | 127.15.7.53 | resolver with test case local hint |
## root
.:53 {
bind 127.15.7.27 # ns1
bind fda1:b2:c3:0:127:15:7:27 # ns1
bind 127.15.7.28 # ns2
bind fda1:b2:c3:0:127:15:7:28 # ns2
log
file DNSSEC-TP/dnssec07/root-zone.zone .
}
# Resolver using test case local root
. {
bind 127.15.7.53
unbound {
option root-hints DNSSEC-TP/dnssec07/hintfile.zone
}
log
}
dnssec07.xa:53 { #
bind 127.15.7.21 # ns1
bind fda1:b2:c3:0:127:15:7:21 # ns1
bind 127.15.7.22 # ns2
bind fda1:b2:c3:0:127:15:7:22 # ns2
log
file DNSSEC-TP/dnssec07/dnssec07.xa.zone dnssec07.xa
}
# SIGNED-AND-DS-1
signed-and-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone signed-and-ds-1.dnssec07.xa
template IN DNSKEY signed-and-ds-1.dnssec07.xa. {
answer "signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "signed-and-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 signed-and-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# SIGNED-NO-DS-1
signed-no-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone signed-no-ds-1.dnssec07.xa
template IN DNSKEY signed-no-ds-1.dnssec07.xa. {
answer "signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "signed-no-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 signed-no-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# INCONSIST-SIGNED-AND-DS-1
inconsist-signed-and-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-and-ds-1.dnssec07.xa
template IN DNSKEY inconsist-signed-and-ds-1.dnssec07.xa. {
answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 inconsist-signed-and-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
inconsist-signed-and-ds-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-and-ds-1.dnssec07.xa
}
# INCONSIST-SIGNED-NO-DS-1
inconsist-signed-no-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-no-ds-1.dnssec07.xa
template IN DNSKEY inconsist-signed-no-ds-1.dnssec07.xa. {
answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 inconsist-signed-no-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
inconsist-signed-no-ds-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-no-ds-1.dnssec07.xa
}
# ### SIGNED-AND-INCONSIST-DS-1
signed-and-inconsist-ds-1.dnssec07.xa:53 { # parent (ns1)
bind 127.15.7.31 # ns1
bind fda1:b2:c3:0:127:15:7:31 # ns1
log
file DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns1.zone signed-and-inconsist-ds-1.dnssec07.xa
}
signed-and-inconsist-ds-1.dnssec07.xa:53 { # parent (ns1)
bind 127.15.7.32 # ns2
bind fda1:b2:c3:0:127:15:7:32 # ns2
log
file DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns2.zone signed-and-inconsist-ds-1.dnssec07.xa
}
child.signed-and-inconsist-ds-1.dnssec07.xa:53 { # child
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone child.signed-and-inconsist-ds-1.dnssec07.xa
template IN DNSKEY child.signed-and-inconsist-ds-1.dnssec07.xa. {
answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 child.signed-and-inconsist-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# UNSIGNED-AND-DS-1
unsigned-and-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unsigned-and-ds-1.dnssec07.xa
}
# UNSIGNED-NO-DS-1
unsigned-no-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unsigned-no-ds-1.dnssec07.xa
}
# NON-AUTH-RESPONSE-DNSKEY-1
non-auth-response-dnskey-1.dnssec07.xa:53 {
view pass {
expr type() in ['DNSKEY']
}
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
template IN DNSKEY non-auth-response-dnskey-1.dnssec07.xa. {
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 non-auth-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
header {
response clear aa
}
}
non-auth-response-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone non-auth-response-dnskey-1.dnssec07.xa
}
non-auth-response-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone non-auth-response-dnskey-1.dnssec07.xa
template IN DNSKEY non-auth-response-dnskey-1.dnssec07.xa. {
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 non-auth-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# NO-RESPONSE-DNSKEY-1
no-response-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone no-response-dnskey-1.dnssec07.xa
acl no-response-dnskey-1.dnssec07.xa {
drop type DNSKEY
}
}
no-response-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone no-response-dnskey-1.dnssec07.xa
template IN DNSKEY no-response-dnskey-1.dnssec07.xa. {
answer "no-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "no-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "no-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 no-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# ### UNEXP-RCODE-RESP-DNSKEY-1
unexp-rcode-resp-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unexp-rcode-resp-dnskey-1.dnssec07.xa
template IN DNSKEY unexp-rcode-resp-dnskey-1.dnssec07.xa. {
rcode "REFUSED"
}
}
unexp-rcode-resp-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unexp-rcode-resp-dnskey-1.dnssec07.xa
template IN DNSKEY unexp-rcode-resp-dnskey-1.dnssec07.xa. {
answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 unexp-rcode-resp-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}

109
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/dnssec07.xa.zone Normal file
View File

@@ -0,0 +1,109 @@
$ORIGIN dnssec07.xa. ; Must end with "."
$TTL 3600
@ SOA ns1 admin. (
2025100201 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.7.21
ns1 AAAA fda1:b2:c3:0:127:15:7:21
ns2 A 127.15.7.22
ns2 AAAA fda1:b2:c3:0:127:15:7:22
$ORIGIN signed-and-ds-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
@ DS 51298 13 2 60A48DB6C1F4B993E3D7C0869C0C535A70C9A6D1899DE86563D485B5 15EE1918
@ RRSIG DS 8 2 3600 20351012164605 20250928151605 54394 dnssec07.xa. ewSq03Pu8mWZWKNCsuJZ5MzO3PCqtqfR/MbslNbRtRHyynj+yZqbdhCS5dwTEgmDMkpIuAranFbwqnJ6nkncuffpQu/oEOjRHQQslf2JB4RtQlqtjNjX9N+YRjCdgm9oY4k9h4268YlP92oYXnfX5Cj5h6v5aMjdbY4X38fvXO/DruNB9mLHsOkdSLld2f/TOJ4IeXqr2MGubgeUqybsNX4c9XkypTMLazqBeg1mK8GNX1n+msOaln8zCiCMPDep/ShHuZuBtmayUSCFwb5oOd80deEyphf7HBl6/vgXRmPpvqVjBSChtxjrkSjP+DKMn1fkr7jPLS4Bv3jEznFlGw==
$ORIGIN signed-no-ds-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
$ORIGIN inconsist-signed-and-ds-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
@ DS 51298 13 2 60A48DB6C1F4B993E3D7C0869C0C535A70C9A6D1899DE86563D485B5 15EE1918
@ RRSIG DS 8 2 3600 20351012164605 20250928151605 54394 dnssec07.xa. ewSq03Pu8mWZWKNCsuJZ5MzO3PCqtqfR/MbslNbRtRHyynj+yZqbdhCS5dwTEgmDMkpIuAranFbwqnJ6nkncuffpQu/oEOjRHQQslf2JB4RtQlqtjNjX9N+YRjCdgm9oY4k9h4268YlP92oYXnfX5Cj5h6v5aMjdbY4X38fvXO/DruNB9mLHsOkdSLld2f/TOJ4IeXqr2MGubgeUqybsNX4c9XkypTMLazqBeg1mK8GNX1n+msOaln8zCiCMPDep/ShHuZuBtmayUSCFwb5oOd80deEyphf7HBl6/vgXRmPpvqVjBSChtxjrkSjP+DKMn1fkr7jPLS4Bv3jEznFlGw==
$ORIGIN inconsist-signed-no-ds-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
$ORIGIN signed-and-inconsist-ds-1.dnssec07.xa. ; parent
@ NS ns1
@ NS ns2
ns1 A 127.15.7.31
ns1 AAAA fda1:b2:c3:0:127:15:7:31
ns2 A 127.15.7.32
ns2 AAAA fda1:b2:c3:0:127:15:7:32
$ORIGIN unsigned-and-ds-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
@ DS 51298 13 2 60A48DB6C1F4B993E3D7C0869C0C535A70C9A6D1899DE86563D485B5 15EE1918
@ RRSIG DS 8 2 3600 20351012164605 20250928151605 54394 dnssec07.xa. ewSq03Pu8mWZWKNCsuJZ5MzO3PCqtqfR/MbslNbRtRHyynj+yZqbdhCS5dwTEgmDMkpIuAranFbwqnJ6nkncuffpQu/oEOjRHQQslf2JB4RtQlqtjNjX9N+YRjCdgm9oY4k9h4268YlP92oYXnfX5Cj5h6v5aMjdbY4X38fvXO/DruNB9mLHsOkdSLld2f/TOJ4IeXqr2MGubgeUqybsNX4c9XkypTMLazqBeg1mK8GNX1n+msOaln8zCiCMPDep/ShHuZuBtmayUSCFwb5oOd80deEyphf7HBl6/vgXRmPpvqVjBSChtxjrkSjP+DKMn1fkr7jPLS4Bv3jEznFlGw==
$ORIGIN unsigned-no-ds-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
$ORIGIN non-auth-response-dnskey-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
@ DS 51298 13 2 60A48DB6C1F4B993E3D7C0869C0C535A70C9A6D1899DE86563D485B5 15EE1918
@ RRSIG DS 8 2 3600 20351012164605 20250928151605 54394 dnssec07.xa. ewSq03Pu8mWZWKNCsuJZ5MzO3PCqtqfR/MbslNbRtRHyynj+yZqbdhCS5dwTEgmDMkpIuAranFbwqnJ6nkncuffpQu/oEOjRHQQslf2JB4RtQlqtjNjX9N+YRjCdgm9oY4k9h4268YlP92oYXnfX5Cj5h6v5aMjdbY4X38fvXO/DruNB9mLHsOkdSLld2f/TOJ4IeXqr2MGubgeUqybsNX4c9XkypTMLazqBeg1mK8GNX1n+msOaln8zCiCMPDep/ShHuZuBtmayUSCFwb5oOd80deEyphf7HBl6/vgXRmPpvqVjBSChtxjrkSjP+DKMn1fkr7jPLS4Bv3jEznFlGw==
$ORIGIN no-response-dnskey-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
@ DS 51298 13 2 60A48DB6C1F4B993E3D7C0869C0C535A70C9A6D1899DE86563D485B5 15EE1918
@ RRSIG DS 8 2 3600 20351012164605 20250928151605 54394 dnssec07.xa. ewSq03Pu8mWZWKNCsuJZ5MzO3PCqtqfR/MbslNbRtRHyynj+yZqbdhCS5dwTEgmDMkpIuAranFbwqnJ6nkncuffpQu/oEOjRHQQslf2JB4RtQlqtjNjX9N+YRjCdgm9oY4k9h4268YlP92oYXnfX5Cj5h6v5aMjdbY4X38fvXO/DruNB9mLHsOkdSLld2f/TOJ4IeXqr2MGubgeUqybsNX4c9XkypTMLazqBeg1mK8GNX1n+msOaln8zCiCMPDep/ShHuZuBtmayUSCFwb5oOd80deEyphf7HBl6/vgXRmPpvqVjBSChtxjrkSjP+DKMn1fkr7jPLS4Bv3jEznFlGw==
$ORIGIN unexp-rcode-resp-dnskey-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
@ DS 51298 13 2 60A48DB6C1F4B993E3D7C0869C0C535A70C9A6D1899DE86563D485B5 15EE1918
@ RRSIG DS 8 2 3600 20351012164605 20250928151605 54394 dnssec07.xa. ewSq03Pu8mWZWKNCsuJZ5MzO3PCqtqfR/MbslNbRtRHyynj+yZqbdhCS5dwTEgmDMkpIuAranFbwqnJ6nkncuffpQu/oEOjRHQQslf2JB4RtQlqtjNjX9N+YRjCdgm9oY4k9h4268YlP92oYXnfX5Cj5h6v5aMjdbY4X38fvXO/DruNB9mLHsOkdSLld2f/TOJ4IeXqr2MGubgeUqybsNX4c9XkypTMLazqBeg1mK8GNX1n+msOaln8zCiCMPDep/ShHuZuBtmayUSCFwb5oOd80deEyphf7HBl6/vgXRmPpvqVjBSChtxjrkSjP+DKMn1fkr7jPLS4Bv3jEznFlGw==

8
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/hintfile.zone Normal file
View File

@@ -0,0 +1,8 @@
; Hint file for DNSSEC07 local root
. 3600 NS root-ns1.xa.
. 3600 NS root-ns2.xa.
root-ns1.xa. 3600 A 127.15.7.27
root-ns1.xa. 3600 AAAA fda1:b2:c3::127:15:7:27
root-ns2.xa. 3600 A 127.15.7.28
root-ns2.xa. 3600 AAAA fda1:b2:c3::127:15:7:28

32
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/root-zone.zone Normal file
View File

@@ -0,0 +1,32 @@
$ORIGIN .
$TTL 3600
@ SOA ns1. admin.xa. (
2025100201 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS root-ns1.xa.
NS root-ns2.xa.
TXT "dnssec07"
root-ns1.xa. A 127.15.7.27
root-ns1.xa. AAAA fda1:b2:c3::127:15:7:27
root-ns2.xa. A 127.15.7.28
root-ns2.xa. AAAA fda1:b2:c3::127:15:7:28
$ORIGIN dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.21
ns1 AAAA fda1:b2:c3::127:15:7:21
ns2 A 127.15.7.22
ns1 AAAA fda1:b2:c3::127:15:7:22
;EOF

33
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns1.zone Normal file
View File

@@ -0,0 +1,33 @@
$ORIGIN signed-and-inconsist-ds-1.dnssec07.xa. ; parent (ns1)
$TTL 3600
@ SOA ns1 admin. (
2025100104 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.7.31
ns1 AAAA fda1:b2:c3:0:127:15:7:31
ns2 A 127.15.7.32
ns2 AAAA fda1:b2:c3:0:127:15:7:32
@ TXT "Placeholder"
$ORIGIN child.signed-and-inconsist-ds-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
@ DS 51298 13 2 60A48DB6C1F4B993E3D7C0869C0C535A70C9A6D1899DE86563D485B5 15EE1918
@ RRSIG DS 8 2 3600 20351012164605 20250928151605 54394 signed-and-inconsist-ds-1.dnssec07.xa. ewSq03Pu8mWZWKNCsuJZ5MzO3PCqtqfR/MbslNbRtRHyynj+yZqbdhCS5dwTEgmDMkpIuAranFbwqnJ6nkncuffpQu/oEOjRHQQslf2JB4RtQlqtjNjX9N+YRjCdgm9oY4k9h4268YlP92oYXnfX5Cj5h6v5aMjdbY4X38fvXO/DruNB9mLHsOkdSLld2f/TOJ4IeXqr2MGubgeUqybsNX4c9XkypTMLazqBeg1mK8GNX1n+msOaln8zCiCMPDep/ShHuZuBtmayUSCFwb5oOd80deEyphf7HBl6/vgXRmPpvqVjBSChtxjrkSjP+DKMn1fkr7jPLS4Bv3jEznFlGw==
; EOF

31
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns2.zone Normal file
View File

@@ -0,0 +1,31 @@
$ORIGIN signed-and-inconsist-ds-1.dnssec07.xa. ; parent (ns2)
$TTL 3600
@ SOA ns1 admin. (
2025100104 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.7.31
ns1 AAAA fda1:b2:c3:0:127:15:7:31
ns2 A 127.15.7.32
ns2 AAAA fda1:b2:c3:0:127:15:7:32
@ TXT "Placeholder"
$ORIGIN child.signed-and-inconsist-ds-1.dnssec07.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.7.41
ns1 AAAA fda1:b2:c3:0:127:15:7:41
ns2 A 127.15.7.42
ns2 AAAA fda1:b2:c3:0:127:15:7:42
; EOF

200
zonemaster/test-zone-data/DNSSEC-TP/dnssec07/test-zones-output.md Normal file
View File

@@ -0,0 +1,200 @@
# DNSSEC07 Test scenario output
# Table of contents
* [Introduction](#introduction)
* [All message tags](#all-message-tags)
* [All scenarios](#all-scenarios)
* [zonemaster-cli commands and their output for each test scenario](#zonemaster-cli-commands-and-their-output-for-each-test-scenario)
## Introduction
In this file the output of running `zonemaster-cli` for every test zone is
found. This file is created during the development of the test zones and should
be updated as the implementation of the test case or the test scenarios or test
zones are updated or corrected.
During development and any update this document serves as tracking and log tool.
It also serves as a template for future development of test zones for
scenarios for other test cases.
## All message tags
* DS07_DS_FOR_SIGNED_ZONE
* DS07_DS_ON_PARENT_SERVER
* DS07_INCONSISTENT_DS
* DS07_INCONSISTENT_SIGNED
* DS07_NON_AUTH_RESPONSE_DNSKEY
* DS07_NOT_SIGNED
* DS07_NOT_SIGNED_ON_SERVER
* DS07_NO_DS_ON_PARENT_SERVER
* DS07_NO_DS_FOR_SIGNED_ZONE
* DS07_NO_RESPONSE_DNSKEY
* DS07_SIGNED
* DS07_SIGNED_ON_SERVER
* DS07_UNEXP_RCODE_RESP_DNSKEY
## All scenarios
| Scenario name | Zone name |
|:---------------------------|:---------------------------------------------|
| SIGNED-AND-DS-1 | signed-and-ds-1.dnssec07.xa. |
| SIGNED-NO-DS-1 | signed-no-ds-1.dnssec07.xa. |
| INCONSIST-SIGNED-AND-DS-1 | inconsist-signed-and-ds-1.dnssec07.xa. |
| INCONSIST-SIGNED-NO-DS-1 | inconsist-signed-no-ds-1.dnssec07.xa. |
| SIGNED-AND-INCONSIST-DS-1 | child.signed-and-inconsist-ds-1.dnssec07.xa. |
| UNSIGNED-AND-DS-1 | unsigned-and-ds-1.dnssec07.xa. |
| UNSIGNED-NO-DS-1 | unsigned-no-ds-1.dnssec07.xa. |
| NON-AUTH-RESPONSE-DNSKEY-1 | non-auth-response-dnskey-1.dnssec07.xa. |
| NO-RESPONSE-DNSKEY-1 | no-response-dnskey-1.dnssec07.xa. |
| UNEXP-RCODE-RESP-DNSKEY-1 | unexp-rcode-resp-dnskey-1.dnssec07.xa. |
## zonemaster-cli commands and their output for each test scenario
> **PLEASE NOTE:**
>
> The `zonemaster-cli` output in this section is from before the implementation
> of test DNSSEC07 has been updated. All message tags and the logic for utputting
> them are to be updated. This file has to updated when the implementation
> update is available.
All commands are run from the same directory as this file is in. To be meaningful
the `zonemaster-cli` command should be run with the following options:
```
--hints=hintfile.zone --test=dnssec07 --level=info
```
| Scenario name | Mandatory tags | Forbidden tags |
|:----------------|:--------------------------------------------------------------------------------------|:---------------|
| SIGNED-AND-DS-1 | DS07_DS_FOR_SIGNED_ZONE, DS07_DS_ON_PARENT_SERVER, DS07_SIGNED, DS07_SIGNED_ON_SERVER | 2) |
* (2) All tags except for those specified as "Mandatory tags"
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw SIGNED-AND-DS-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.09 INFO DNSSEC07 DS07_SIGNED_ON_SERVER ns_list=ns1.signed-and-ds-1.dnssec07.xa/127.15.7.41;ns1.signed-and-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41;ns2.signed-and-ds-1.dnssec07.xa/127.15.7.42;ns2.signed-and-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.09 INFO DNSSEC07 DS07_SIGNED
0.09 INFO DNSSEC07 DS07_DS_ON_PARENT_SERVER ns_list=ns1.dnssec07.xa/127.15.7.21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:22;ns2.dnssec07.xa/127.15.7.22
0.09 INFO DNSSEC07 DS07_DS_FOR_SIGNED_ZONE
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:---------------|:--------------------------------------------------------------------------------------------|:---------------|
| SIGNED-NO-DS-1 | DS07_NO_DS_ON_PARENT_SERVER, DS07_NO_DS_FOR_SIGNED_ZONE, DS07_SIGNED, DS07_SIGNED_ON_SERVER | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw SIGNED-NO-DS-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.07 INFO DNSSEC07 DS07_SIGNED_ON_SERVER ns_list=ns1.signed-no-ds-1.dnssec07.xa/127.15.7.41;ns1.signed-no-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41;ns2.signed-no-ds-1.dnssec07.xa/127.15.7.42;ns2.signed-no-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.07 INFO DNSSEC07 DS07_SIGNED
0.07 WARNING DNSSEC07 DS07_NO_DS_ON_PARENT_SERVER ns_list=ns1.dnssec07.xa/127.15.7.21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:22;ns2.dnssec07.xa/127.15.7.22
0.07 WARNING DNSSEC07 DS07_NO_DS_FOR_SIGNED_ZONE
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:--------------------------|:-----------------------------------------------------------------------------------------------------|:---------------|
| INCONSIST-SIGNED-AND-DS-1 | DS07_DS_ON_PARENT_SERVER, DS07_INCONSISTENT_SIGNED, DS07_NOT_SIGNED_ON_SERVER, DS07_SIGNED_ON_SERVER | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw INCONSIST-SIGNED-AND-DS-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.08 INFO DNSSEC07 DS07_SIGNED_ON_SERVER ns_list=ns1.inconsist-signed-and-ds-1.dnssec07.xa/127.15.7.41;ns1.inconsist-signed-and-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41
0.08 WARNING DNSSEC07 DS07_NOT_SIGNED_ON_SERVER ns_list=ns2.inconsist-signed-and-ds-1.dnssec07.xa/127.15.7.42;ns2.inconsist-signed-and-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.08 ERROR DNSSEC07 DS07_INCONSISTENT_SIGNED
0.08 INFO DNSSEC07 DS07_DS_ON_PARENT_SERVER ns_list=ns1.dnssec07.xa/127.15.7.21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:22;ns2.dnssec07.xa/127.15.7.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:-------------------------|:--------------------------------------------------------------------------------------------------------|:---------------|
| INCONSIST-SIGNED-NO-DS-1 | DS07_INCONSISTENT_SIGNED, DS07_NOT_SIGNED_ON_SERVER, DS07_NO_DS_ON_PARENT_SERVER, DS07_SIGNED_ON_SERVER | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw INCONSIST-SIGNED-NO-DS-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.07 INFO DNSSEC07 DS07_SIGNED_ON_SERVER ns_list=ns1.inconsist-signed-no-ds-1.dnssec07.xa/127.15.7.41;ns1.inconsist-signed-no-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41
0.07 WARNING DNSSEC07 DS07_NOT_SIGNED_ON_SERVER ns_list=ns2.inconsist-signed-no-ds-1.dnssec07.xa/127.15.7.42;ns2.inconsist-signed-no-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.07 ERROR DNSSEC07 DS07_INCONSISTENT_SIGNED
0.07 WARNING DNSSEC07 DS07_NO_DS_ON_PARENT_SERVER ns_list=ns1.dnssec07.xa/127.15.7.21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:22;ns2.dnssec07.xa/127.15.7.22
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:--------------------------|:----------------------------------------------------------------------------------------------------------------|:---------------|
| SIGNED-AND-INCONSIST-DS-1 | DS07_DS_ON_PARENT_SERVER, DS07_INCONSISTENT_DS, DS07_NO_DS_ON_PARENT_SERVER, DS07_SIGNED, DS07_SIGNED_ON_SERVER | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw child.signed-and-inconsist-ds-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.11 INFO DNSSEC07 DS07_SIGNED_ON_SERVER ns_list=ns1.child.signed-and-inconsist-ds-1.dnssec07.xa/127.15.7.41;ns1.child.signed-and-inconsist-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41;ns2.child.signed-and-inconsist-ds-1.dnssec07.xa/127.15.7.42;ns2.child.signed-and-inconsist-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.11 INFO DNSSEC07 DS07_SIGNED
0.11 WARNING DNSSEC07 DS07_NO_DS_ON_PARENT_SERVER ns_list=ns2.signed-and-inconsist-ds-1.dnssec07.xa/127.15.7.32;ns2.signed-and-inconsist-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:32
0.11 INFO DNSSEC07 DS07_DS_ON_PARENT_SERVER ns_list=ns1.signed-and-inconsist-ds-1.dnssec07.xa/127.15.7.31;ns1.signed-and-inconsist-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:31
0.11 ERROR DNSSEC07 DS07_INCONSISTENT_DS
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:------------------|:-------------------------------------------|:---------------|
| UNSIGNED-AND-DS-1 | DS07_NOT_SIGNED, DS07_NOT_SIGNED_ON_SERVER | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw UNSIGNED-AND-DS-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.08 WARNING DNSSEC07 DS07_NOT_SIGNED_ON_SERVER ns_list=ns1.unsigned-and-ds-1.dnssec07.xa/127.15.7.41;ns1.unsigned-and-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41;ns2.unsigned-and-ds-1.dnssec07.xa/127.15.7.42;ns2.unsigned-and-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.08 WARNING DNSSEC07 DS07_NOT_SIGNED
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:-----------------|:-------------------------------------------|:---------------|
| UNSIGNED-NO-DS-1 | DS07_NOT_SIGNED, DS07_NOT_SIGNED_ON_SERVER | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw UNSIGNED-NO-DS-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.08 WARNING DNSSEC07 DS07_NOT_SIGNED_ON_SERVER ns_list=ns1.unsigned-no-ds-1.dnssec07.xa/127.15.7.41;ns1.unsigned-no-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41;ns2.unsigned-no-ds-1.dnssec07.xa/127.15.7.42;ns2.unsigned-no-ds-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.08 WARNING DNSSEC07 DS07_NOT_SIGNED
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:---------------------------|:---------------------------------------------------------------------------------------------------------------------|:---------------|
| NON-AUTH-RESPONSE-DNSKEY-1 | DS07_NON_AUTH_RESPONSE_DNSKEY, DS07_SIGNED, DS07_SIGNED_ON_SERVER, DS07_DS_ON_PARENT_SERVER, DS07_DS_FOR_SIGNED_ZONE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw NON-AUTH-RESPONSE-DNSKEY-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.08 WARNING DNSSEC07 DS07_NON_AUTH_RESPONSE_DNSKEY ns_list=ns1.non-auth-response-dnskey-1.dnssec07.xa/127.15.7.41;ns1.non-auth-response-dnskey-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41
0.08 INFO DNSSEC07 DS07_SIGNED_ON_SERVER ns_list=ns2.non-auth-response-dnskey-1.dnssec07.xa/127.15.7.42;ns2.non-auth-response-dnskey-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.08 INFO DNSSEC07 DS07_SIGNED
0.08 INFO DNSSEC07 DS07_DS_ON_PARENT_SERVER ns_list=ns1.dnssec07.xa/127.15.7.21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:22;ns2.dnssec07.xa/127.15.7.22
0.08 INFO DNSSEC07 DS07_DS_FOR_SIGNED_ZONE
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:---------------------|:---------------------------------------------------------------------------------------------------------------|:---------------|
| NO-RESPONSE-DNSKEY-1 | DS07_SIGNED, DS07_SIGNED_ON_SERVER, DS07_NO_RESPONSE_DNSKEY, DS07_DS_ON_PARENT_SERVER, DS07_DS_FOR_SIGNED_ZONE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw NO-RESPONSE-DNSKEY-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
20.09 WARNING DNSSEC07 DS07_NO_RESPONSE_DNSKEY ns_list=ns1.no-response-dnskey-1.dnssec07.xa/127.15.7.41;ns1.no-response-dnskey-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41
20.09 INFO DNSSEC07 DS07_SIGNED_ON_SERVER ns_list=ns2.no-response-dnskey-1.dnssec07.xa/127.15.7.42;ns2.no-response-dnskey-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
20.09 INFO DNSSEC07 DS07_SIGNED
20.09 INFO DNSSEC07 DS07_DS_ON_PARENT_SERVER ns_list=ns1.dnssec07.xa/127.15.7.21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:22;ns2.dnssec07.xa/127.15.7.22
20.09 INFO DNSSEC07 DS07_DS_FOR_SIGNED_ZONE
```
--> OK
| Scenario name | Mandatory tags | Forbidden tags |
|:--------------------------|:--------------------------------------------------------------------------------------------------------------------|:---------------|
| UNEXP-RCODE-RESP-DNSKEY-1 | DS07_SIGNED, DS07_SIGNED_ON_SERVER, DS07_UNEXP_RCODE_RESP_DNSKEY, DS07_DS_ON_PARENT_SERVER, DS07_DS_FOR_SIGNED_ZONE | 2) |
```
$ zonemaster-cli --hints=hintfile.zone --test=dnssec07 --level=info --show-testcase --raw UNEXP-RCODE-RESP-DNSKEY-1.dnssec07.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v8.0.0
0.07 WARNING DNSSEC07 DS07_UNEXP_RCODE_RESP_DNSKEY ns_list=ns1.unexp-rcode-resp-dnskey-1.dnssec07.xa/127.15.7.41;ns1.unexp-rcode-resp-dnskey-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:41; rcode=REFUSED
0.07 INFO DNSSEC07 DS07_SIGNED_ON_SERVER ns_list=ns2.unexp-rcode-resp-dnskey-1.dnssec07.xa/127.15.7.42;ns2.unexp-rcode-resp-dnskey-1.dnssec07.xa/fda1:b2:c3:0:127:15:7:42
0.08 INFO DNSSEC07 DS07_SIGNED
0.08 INFO DNSSEC07 DS07_DS_ON_PARENT_SERVER ns_list=ns1.dnssec07.xa/127.15.7.21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:21;ns1.dnssec07.xa/fda1:b2:c3:0:127:15:7:22;ns2.dnssec07.xa/127.15.7.22
0.08 INFO DNSSEC07 DS07_DS_FOR_SIGNED_ZONE
```
--> OK

156
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/README.md Normal file
View File

@@ -0,0 +1,156 @@
# Bind
## Table of contents
* [Variable below](#variable-below)
* [Configuring Bind](#configuring-bind)
* [Zone files](#zone-files)
* [Key generation and zone signing](#key-generation-and-zone-signing)
* [Creating a variant zone](#creating-a-variant-zone)
* [Synchronizing the keys and zones at checkout](#synchronizing-the-keys-and-zones-at-checkout)
* [Starting and stopping Bind](#starting-and-stopping-bind)
* [Reloading Bind](#reloading-bind)
* [Checking Bind](#checking-bind)
## Variable below
Below `%ZONE-NAME%` means the name of the zone in question, without the trailing
dot, e.g. `inconsist-nsec-nsec3-1.dnssec10.xa`.
## Configuring Bind
Specific IP addresses must be allocated for Bind in `address-plan.md`. For these
test scenarios 127.15.10.37 and 127.15.10.38 are allocated.
All Bind configuration must be kept in the
`test-zone-data/DNSSEC-TP/dnssec10/Bind` directory (and that model should always
be used for Bind data). In `named.conf` all configuration for Bind is kept. In
that file it is configured that Bind listens to the two addresses listed above.
There is no need to listen to IPv6.
Bind is configured with `views`, one view per IP address. In the normal case
a zone is only put into the `main` view (127.15.10.37). If the scenario requires
two variants of the same zone (NSEC vs NSEC3) then the same zone with other
settings are added to the `var1` view (127.15.10.38). In that way both NSEC and
NSEC3 responses can be fetched. See further below on the creation of the
variant zone.
## Zone files
Zone files are created as unsigned zones. The zone file name should be
`%ZONE-NAME%.zone`, e.g. `inconsist-nsec-nsec3-1.dnssec10.xa.zone`.
The file should reside in directory `zones/` unless it is a variant zone file
(view `var1`). Then is should reside in directory `zones-var1/`. A variant zone
file should have the same name as the main zone file.
## Key generation and zone signing
When started or restarted Bind will create keys (DNSKEY), signatures (RRSIG) and
NSEC or NSEC3 records. The unsigned zone file is unchanged and a `*.zone.signed`
file is created, e.g. `inconsist-nsec-nsec3-1.dnssec10.xa.zone.signed`.
Keys for `main` zones are put in the `key-dir` directory by Bind. Keys for the
`var1` zones are put in the `key-dir-var1` directory.
## Creating a variant zone
When a variant zone file (in `var1` view) of exactly the same zone (zone name)
then Bind will create a different set of keys, which is not what we want. To
prevent this, do the following steps:
1. Create the `main` variant.
2. Restart Bind.
3. Wait for the `zones/%ZONE-NAME%.zone.signed` file to be created.
4. Create the `var1` variant.
5. Copy all keys from `main` to `var1`:
```sh
cp key-dir/K%ZONE-NAME%* key-dir-var1/
```
6. Restart Bind
To verify that both variants of the zone have the same keys run the equivalent
of the following commnds, that should list the same DNSKEY, but maybe in
different order:
```sh
dig +noall +ans +nocrypt @127.15.10.37 inconsist-nsec-nsec3-1.dnssec10.xa dnskey
```
```sh
dig +noall +ans +nocrypt @127.15.10.38 inconsist-nsec-nsec3-1.dnssec10.xa dnskey
```
If different keys are listed, then do the following steps:
1. Stop Bind.
2. Removed signed files and keys for the `var1` zone.
```sh
rm -i zones-var1/%ZONE-NAME%.zone.* key-dir-var1/K%ZONE-NAME%*
```
3. Copy all keys for the zone:
```sh
cp key-dir/K%ZONE-NAME%* key-dir-var1/
```
4. Start Bind
5. Verify (see above).
## Synchronizing the keys and zones at checkout
The keys and signed zones are not stored in Git. When a branch has been checked
out Bind will create new keys and signature when started. Some steps must be
taken to manually sychronize the keys between the `main` view and the `var1`
view.
1. Stop Bind if running.
2. Clean the directories from signed zones and any keys for the `var1` view:
```sh
rm -i zones/*.zone.* zones-var1/*.zone.* key-dir-var1/*
```
2. Start Bind.
3. Wait for the `zones/*.zone.signed` files to be created.
4. Stop Bind.
5. Removed signed files and keys for the `var1` zones.
```sh
rm -i zones-var1/*.zone.* key-dir-var1/*
```
4. Copy all keys from `main` to `var1` which will be more than we need but that
will create no problem.
```sh
cp key-dir/K* key-dir-var1/
```
5. Start Bind.
6. Verify (see above).
## Starting and stopping Bind
To start or stop Bind go to the directory where `named.conf` is found,
```sh
cd test-zone-data/DNSSEC-TP/dnssec10/Bind
```
Start Bind with the following command where `$USER` has the owner of the git
tree, i.e. owner of the `Bind` directory and all file in that directory. In a
default installation of Ubuntu that user name is `ubuntu`.
```sh
sudo named -c $(pwd)/named.conf -u $USER
```
From the directory where Bind was started the following command stops Bind:
```sh
kill $(cat named.pid)
```
If the PID file is lost then named can be stopped with the following command,
which may kill other Bind processes (after confirmation):
```sh
killall -i named
```
## Reloading Bind
After update of `named.conf` or zone file run by Bind you must reload Bind:
```sh
kill -HUP $(cat named.pid)
```
## Checking Bind
To see log output run the following command:
```sh
tail -50 /var/log/syslog | grep named
```

490
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/named.conf Normal file
View File

@@ -0,0 +1,490 @@
options {
dnssec-validation auto;
automatic-interface-scan no;
#
# Explicitly listen on specific addresses, both IPv4 and IPv6 to
# prevent Bind to bind to too many addresses
listen-on { 127.15.10.37; 127.15.10.38; };
listen-on-v6 { fda1:b2:c3:0:127:15:10:37; fda1:b2:c3:0:127:15:10:38; };
#
recursion no;
notify no;
empty-zones-enable no;
pid-file "named.pid";
masterfile-format text;
session-keyfile none;
};
# In the usual case add the zone to view "main" only. If the scenario requires
# two variants of the zone, add the variant of the zone to view "var1" (create
# view "var2" etc if required).
# Put all zone files into the "zones" sub-directory.
view "main" {
# Name of zone file in this view should be "<ZONE-NAME>.zone"
match-destinations { 127.15.10.37; fda1:b2:c3:0:127:15:10:37; };
key-directory "key-dir";
zone "localhost" {
type master;
file "zones/localhost.zone";
};
zone "good-nsec-1.dnssec10.xa" {
type master;
file "zones/good-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec-2.dnssec10.xa" {
type master;
file "zones/good-nsec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec-3.dnssec10.xa" {
type master;
file "zones/good-nsec-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec3-1.dnssec10.xa" {
type master;
file "zones/good-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "good-nsec3-2.dnssec10.xa" {
type master;
file "zones/good-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "good-nsec3-3.dnssec10.xa" {
type master;
file "zones/good-nsec3-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "algo-not-supp-by-zm-1.dnssec10.xa" {
type master;
file "zones/algo-not-supp-by-zm-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "algo-not-supp-by-zm-2.dnssec10.xa" {
type master;
file "zones/algo-not-supp-by-zm-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "bad-servers-but-good-nsec-1.dnssec10.xa" {
type master;
file "zones/bad-servers-but-good-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec-2.dnssec10.xa" {
type master;
file "zones/err-mult-nsec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec3-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "err-mult-nsec3param-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec3param-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "exp-nsec-nsec3-miss-1.dnssec10.xa" {
# The scenario has neither NSEC nor NSEC3, but we have to select
# something to get the DNSKEY and RRSIG.
type master;
file "zones/exp-nsec-nsec3-miss-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsistent-nsec-1.dnssec10.xa" {
type master;
file "zones/inconsistent-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsistent-nsec3-1.dnssec10.xa" {
type master;
file "zones/inconsistent-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones/inconsist-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones/inconsist-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "mixed-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones/mixed-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "mixed-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones/mixed-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec3param-gives-err-answer-1.dnssec10.xa" {
type master;
file "zones/nsec3param-gives-err-answer-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-gives-err-answer-2.dnssec10.xa" {
type master;
file "zones/nsec3param-gives-err-answer-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec3param-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-1.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-2.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-3.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-err-type-list-1.dnssec10.xa" {
type master;
file "zones/nsec3-err-type-list-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-err-type-list-2.dnssec10.xa" {
type master;
file "zones/nsec3-err-type-list-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec3-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-missing-signature-1.dnssec10.xa" {
type master;
file "zones/nsec3-missing-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-nodata-missing-soa-1.dnssec10.xa" {
type master;
file "zones/nsec3-nodata-missing-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-nodata-wrong-soa-1.dnssec10.xa" {
type master;
file "zones/nsec3-nodata-wrong-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-1.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-2.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-3.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-4.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-4.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec-err-type-list-1.dnssec10.xa" {
type master;
file "zones/nsec-err-type-list-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-err-type-list-2.dnssec10.xa" {
type master;
file "zones/nsec-err-type-list-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-gives-err-answer-1.dnssec10.xa" {
type master;
file "zones/nsec-gives-err-answer-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-gives-err-answer-2.dnssec10.xa" {
type master;
file "zones/nsec-gives-err-answer-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-mismatches-apex-2.dnssec10.xa" {
type master;
file "zones/nsec-mismatches-apex-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-missing-signature-1.dnssec10.xa" {
type master;
file "zones/nsec-missing-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-nodata-missing-soa-1.dnssec10.xa" {
type master;
file "zones/nsec-nodata-missing-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-nodata-wrong-soa-1.dnssec10.xa" {
type master;
file "zones/nsec-nodata-wrong-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-1.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-2.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-3.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-4.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-4.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-1.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-2.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-3.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "server-no-dnssec-1.dnssec10.xa" {
type master;
file "zones/server-no-dnssec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "server-no-dnssec-2.dnssec10.xa" {
type master;
file "zones/server-no-dnssec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
}; # End view "main"
view "var1" {
# This view is for a variant of the zone already defined in view
# "main". Do not put zones here unless they already exist in view
# "main".
# Name of zone file in this view should be "<ZONE-NAME>.zone", i.e.
# the same name as in the main view, but stored in directory
# "zones-var1".
match-destinations { 127.15.10.38; fda1:b2:c3:0:127:15:10:38; };
key-directory "key-dir-var1";
zone "localhost" {
type master;
file "zones-var1/localhost.zone";
};
zone "inconsist-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones-var1/inconsist-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones-var1/inconsist-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "mixed-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones-var1/mixed-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "mixed-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones-var1/mixed-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
}; # End view "var1"
## DNSSEC policy
# Period duration definition: https://en.wikipedia.org/wiki/ISO_8601#Durations
dnssec-policy dnssec10-nsec3 {
dnskey-ttl PT24H;
keys {
ksk lifetime unlimited algorithm 13; # ECDSAP256SHA256
zsk lifetime unlimited algorithm 13; # ECDSAP256SHA256
};
max-zone-ttl P7W;
nsec3param iterations 0 optout no salt-length 0;
signatures-validity P8Y;
signatures-validity-dnskey P8Y;
};
dnssec-policy dnssec10-nsec {
dnskey-ttl PT24H;
keys {
ksk lifetime unlimited algorithm 13; # ECDSAP256SHA256
zsk lifetime unlimited algorithm 13; # ECDSAP256SHA256
};
max-zone-ttl PT24H;
signatures-validity P8Y;
signatures-validity-dnskey P8Y;
};

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/inconsist-nsec-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN inconsist-nsec-nsec3-1.dnssec10.xa.
; NSEC3 version of the zone.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/inconsist-nsec-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN inconsist-nsec-nsec3-2.dnssec10.xa.
; NSEC3 version of the zone.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
14 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

15
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/localhost.zone Normal file
View File

@@ -0,0 +1,15 @@
; For the dnssec10-38 view.
;
$TTL 604800
@ SOA localhost. root.localhost. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS localhost.
@ A 127.0.0.1
@ AAAA ::1
@ TXT "127.15.10.38 fda1:b2:c3:0:127:15:10:38"

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/mixed-nsec-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN mixed-nsec-nsec3-1.dnssec10.xa.
; NSEC3 version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
16 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/mixed-nsec-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN mixed-nsec-nsec3-2.dnssec10.xa.
; NSEC3 version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
17 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/algo-not-supp-by-zm-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN algo-not-supp-by-zm-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
10 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/algo-not-supp-by-zm-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN algo-not-supp-by-zm-2.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

27
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/bad-servers-but-good-nsec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,27 @@
$ORIGIN bad-servers-but-good-nsec-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ NS ns3
@ NS ns4
@ NS ns5
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
ns3 A 127.15.10.33
ns3 AAAA fda1:b2:c3:0:127:15:10:33
ns4 A 127.15.10.34
ns4 AAAA fda1:b2:c3:0:127:15:10:34
ns5 A 127.15.10.35
ns5 AAAA fda1:b2:c3:0:127:15:10:35

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/err-mult-nsec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN err-mult-nsec-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/err-mult-nsec-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN err-mult-nsec-2.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/err-mult-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN err-mult-nsec3-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/err-mult-nsec3param-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN err-mult-nsec3param-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
14 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/exp-nsec-nsec3-miss-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN exp-nsec-nsec3-miss-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN good-nsec-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
$ORIGIN good-nsec-2.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1a
@ NS ns1b
@ NS ns1c
ns1a A 127.15.10.31
ns1a AAAA fda1:b2:c3:0:127:15:10:31
ns1b A 127.15.10.31
ns1b AAAA fda1:b2:c3:0:127:15:10:31
ns1c A 127.15.10.31
ns1c AAAA fda1:b2:c3:0:127:15:10:31

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN good-nsec-3.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS dns1
@ NS dns2
dns1 A 127.15.10.31
dns1 AAAA fda1:b2:c3:0:127:15:10:31
dns2 A 127.15.10.32
dns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN good-nsec3-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
$ORIGIN good-nsec3-2.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1a
@ NS ns1b
@ NS ns1c
ns1a A 127.15.10.31
ns1a AAAA fda1:b2:c3:0:127:15:10:31
ns1b A 127.15.10.31
ns1b AAAA fda1:b2:c3:0:127:15:10:31
ns1c A 127.15.10.31
ns1c AAAA fda1:b2:c3:0:127:15:10:31

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec3-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN good-nsec3-3.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS dns1
@ NS dns2
dns1 A 127.15.10.31
dns1 AAAA fda1:b2:c3:0:127:15:10:31
dns2 A 127.15.10.32
dns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/inconsist-nsec-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN inconsist-nsec-nsec3-1.dnssec10.xa.
; NSEC version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/inconsist-nsec-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN inconsist-nsec-nsec3-2.dnssec10.xa.
; NSEC version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
14 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/inconsistent-nsec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN inconsistent-nsec-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/inconsistent-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN inconsistent-nsec3-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

15
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/localhost.zone Normal file
View File

@@ -0,0 +1,15 @@
; For the dnssec10-37 view.
;
$TTL 604800
@ SOA localhost. root.localhost. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS localhost.
@ A 127.0.0.1
@ AAAA ::1
@ TXT "127.15.10.37 fda1:b2:c3:0:127:15:10:37"

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/mixed-nsec-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN mixed-nsec-nsec3-1.dnssec10.xa.
; NSEC version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
15 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/mixed-nsec-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN mixed-nsec-nsec3-2.dnssec10.xa.
; NSEC version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
16 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-err-type-list-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-err-type-list-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
4 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-err-type-list-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-err-type-list-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
5 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-gives-err-answer-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
$ORIGIN nsec-gives-err-answer-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
8 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ TXT Text-string
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-gives-err-answer-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
$ORIGIN nsec-gives-err-answer-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
10 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ TXT Text-string
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-mismatches-apex-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-mismatches-apex-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-mismatches-apex-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-mismatches-apex-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-missing-signature-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-missing-signature-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
14 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-no-verified-signature-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-no-verified-signature-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
6 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-no-verified-signature-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-no-verified-signature-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
7 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-no-verified-signature-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-no-verified-signature-3.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
7 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-no-verified-signature-4.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-no-verified-signature-4.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-nodata-missing-soa-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-nodata-missing-soa-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
2 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-nodata-wrong-soa-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-nodata-wrong-soa-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
4 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-query-response-err-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-query-response-err-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
2 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-query-response-err-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-query-response-err-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
3 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-query-response-err-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-query-response-err-3.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
5 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-err-type-list-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-err-type-list-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
2 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-err-type-list-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-err-type-list-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
3 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-mismatches-apex-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-mismatches-apex-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
3 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-missing-signature-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-missing-signature-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
5 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-no-verified-signature-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-no-verified-signature-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-no-verified-signature-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-no-verified-signature-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-no-verified-signature-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-no-verified-signature-3.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
15 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-no-verified-signature-4.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-no-verified-signature-4.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
17 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-nodata-missing-soa-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-nodata-missing-soa-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
7 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-nodata-wrong-soa-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-nodata-wrong-soa-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-gives-err-answer-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-gives-err-answer-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
17 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ TXT Text-string
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-gives-err-answer-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-gives-err-answer-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
18 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ TXT Text-string
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-mismatches-apex-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN nsec3param-mismatches-apex-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
23 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-q-response-err-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-q-response-err-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
24 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-q-response-err-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-q-response-err-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
26 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-q-response-err-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-q-response-err-3.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
28 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/server-no-dnssec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN server-no-dnssec-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
7 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/server-no-dnssec-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN server-no-dnssec-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

23
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/README-Bind.md Normal file
View File

@@ -0,0 +1,23 @@
# Bind
## Generate DNS records
For this test case Bind is used for generating some DNS records, and then
they are added to the CoreDNS configuration. Specifically `DNSKEY`, `NSEC`,
`NSEC3`, `NSEC3PARAM` and `RRSIG` records are generated and then copied to,
for this test case, [dnssec10.cfg](dnssec10.cfg).
Bind is never used to serve the test zones. That is done by CoreDNS, and in the
future maybe IBDNS.
## Creating new scenarios or updating existing scenarios
The recommended path is to let Bind load the zone for the scenario and then get
the records from responses on queries to the bind specific IP addresses,
127.15.10.37 and in some cases 127.15.10.38. That will give valid DNSKEY, NSEC,
NSEC3 and NSEC3PARAM records signed by valid RRSIG.
After that manipulations could be necessary. See existing test zones for examples.
Go to the [Bind](Bind) directory for Bind configuration, zone files and more
information.

9
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/README-DNSSEC-utilities.md Normal file
View File

@@ -0,0 +1,9 @@
# DNSEC utilities
For these test scenarios there are three useful utilities avaiable:
* keytag-from-dnskey
* sign-rrset
* verify-rrset
See the [utilities directory README](../../utils/README.md) for details.

Some files were not shown because too many files have changed in this diff Show More