CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add full Zonemaster stack with Docker and Spanish UI

Browse Source 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-04-21 08:19:24 +02:00
commit 8d4eaa1489
1567 changed files with 204155 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/README.md Normal file
View File

@@ -0,0 +1,156 @@
# Bind
## Table of contents
* [Variable below](#variable-below)
* [Configuring Bind](#configuring-bind)
* [Zone files](#zone-files)
* [Key generation and zone signing](#key-generation-and-zone-signing)
* [Creating a variant zone](#creating-a-variant-zone)
* [Synchronizing the keys and zones at checkout](#synchronizing-the-keys-and-zones-at-checkout)
* [Starting and stopping Bind](#starting-and-stopping-bind)
* [Reloading Bind](#reloading-bind)
* [Checking Bind](#checking-bind)
## Variable below
Below `%ZONE-NAME%` means the name of the zone in question, without the trailing
dot, e.g. `inconsist-nsec-nsec3-1.dnssec10.xa`.
## Configuring Bind
Specific IP addresses must be allocated for Bind in `address-plan.md`. For these
test scenarios 127.15.10.37 and 127.15.10.38 are allocated.
All Bind configuration must be kept in the
`test-zone-data/DNSSEC-TP/dnssec10/Bind` directory (and that model should always
be used for Bind data). In `named.conf` all configuration for Bind is kept. In
that file it is configured that Bind listens to the two addresses listed above.
There is no need to listen to IPv6.
Bind is configured with `views`, one view per IP address. In the normal case
a zone is only put into the `main` view (127.15.10.37). If the scenario requires
two variants of the same zone (NSEC vs NSEC3) then the same zone with other
settings are added to the `var1` view (127.15.10.38). In that way both NSEC and
NSEC3 responses can be fetched. See further below on the creation of the
variant zone.
## Zone files
Zone files are created as unsigned zones. The zone file name should be
`%ZONE-NAME%.zone`, e.g. `inconsist-nsec-nsec3-1.dnssec10.xa.zone`.
The file should reside in directory `zones/` unless it is a variant zone file
(view `var1`). Then is should reside in directory `zones-var1/`. A variant zone
file should have the same name as the main zone file.
## Key generation and zone signing
When started or restarted Bind will create keys (DNSKEY), signatures (RRSIG) and
NSEC or NSEC3 records. The unsigned zone file is unchanged and a `*.zone.signed`
file is created, e.g. `inconsist-nsec-nsec3-1.dnssec10.xa.zone.signed`.
Keys for `main` zones are put in the `key-dir` directory by Bind. Keys for the
`var1` zones are put in the `key-dir-var1` directory.
## Creating a variant zone
When a variant zone file (in `var1` view) of exactly the same zone (zone name)
then Bind will create a different set of keys, which is not what we want. To
prevent this, do the following steps:
1. Create the `main` variant.
2. Restart Bind.
3. Wait for the `zones/%ZONE-NAME%.zone.signed` file to be created.
4. Create the `var1` variant.
5. Copy all keys from `main` to `var1`:
```sh
cp key-dir/K%ZONE-NAME%* key-dir-var1/
```
6. Restart Bind
To verify that both variants of the zone have the same keys run the equivalent
of the following commnds, that should list the same DNSKEY, but maybe in
different order:
```sh
dig +noall +ans +nocrypt @127.15.10.37 inconsist-nsec-nsec3-1.dnssec10.xa dnskey
```
```sh
dig +noall +ans +nocrypt @127.15.10.38 inconsist-nsec-nsec3-1.dnssec10.xa dnskey
```
If different keys are listed, then do the following steps:
1. Stop Bind.
2. Removed signed files and keys for the `var1` zone.
```sh
rm -i zones-var1/%ZONE-NAME%.zone.* key-dir-var1/K%ZONE-NAME%*
```
3. Copy all keys for the zone:
```sh
cp key-dir/K%ZONE-NAME%* key-dir-var1/
```
4. Start Bind
5. Verify (see above).
## Synchronizing the keys and zones at checkout
The keys and signed zones are not stored in Git. When a branch has been checked
out Bind will create new keys and signature when started. Some steps must be
taken to manually sychronize the keys between the `main` view and the `var1`
view.
1. Stop Bind if running.
2. Clean the directories from signed zones and any keys for the `var1` view:
```sh
rm -i zones/*.zone.* zones-var1/*.zone.* key-dir-var1/*
```
2. Start Bind.
3. Wait for the `zones/*.zone.signed` files to be created.
4. Stop Bind.
5. Removed signed files and keys for the `var1` zones.
```sh
rm -i zones-var1/*.zone.* key-dir-var1/*
```
4. Copy all keys from `main` to `var1` which will be more than we need but that
will create no problem.
```sh
cp key-dir/K* key-dir-var1/
```
5. Start Bind.
6. Verify (see above).
## Starting and stopping Bind
To start or stop Bind go to the directory where `named.conf` is found,
```sh
cd test-zone-data/DNSSEC-TP/dnssec10/Bind
```
Start Bind with the following command where `$USER` has the owner of the git
tree, i.e. owner of the `Bind` directory and all file in that directory. In a
default installation of Ubuntu that user name is `ubuntu`.
```sh
sudo named -c $(pwd)/named.conf -u $USER
```
From the directory where Bind was started the following command stops Bind:
```sh
kill $(cat named.pid)
```
If the PID file is lost then named can be stopped with the following command,
which may kill other Bind processes (after confirmation):
```sh
killall -i named
```
## Reloading Bind
After update of `named.conf` or zone file run by Bind you must reload Bind:
```sh
kill -HUP $(cat named.pid)
```
## Checking Bind
To see log output run the following command:
```sh
tail -50 /var/log/syslog | grep named
```

490
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/named.conf Normal file
View File

@@ -0,0 +1,490 @@
options {
dnssec-validation auto;
automatic-interface-scan no;
#
# Explicitly listen on specific addresses, both IPv4 and IPv6 to
# prevent Bind to bind to too many addresses
listen-on { 127.15.10.37; 127.15.10.38; };
listen-on-v6 { fda1:b2:c3:0:127:15:10:37; fda1:b2:c3:0:127:15:10:38; };
#
recursion no;
notify no;
empty-zones-enable no;
pid-file "named.pid";
masterfile-format text;
session-keyfile none;
};
# In the usual case add the zone to view "main" only. If the scenario requires
# two variants of the zone, add the variant of the zone to view "var1" (create
# view "var2" etc if required).
# Put all zone files into the "zones" sub-directory.
view "main" {
# Name of zone file in this view should be "<ZONE-NAME>.zone"
match-destinations { 127.15.10.37; fda1:b2:c3:0:127:15:10:37; };
key-directory "key-dir";
zone "localhost" {
type master;
file "zones/localhost.zone";
};
zone "good-nsec-1.dnssec10.xa" {
type master;
file "zones/good-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec-2.dnssec10.xa" {
type master;
file "zones/good-nsec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec-3.dnssec10.xa" {
type master;
file "zones/good-nsec-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "good-nsec3-1.dnssec10.xa" {
type master;
file "zones/good-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "good-nsec3-2.dnssec10.xa" {
type master;
file "zones/good-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "good-nsec3-3.dnssec10.xa" {
type master;
file "zones/good-nsec3-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "algo-not-supp-by-zm-1.dnssec10.xa" {
type master;
file "zones/algo-not-supp-by-zm-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "algo-not-supp-by-zm-2.dnssec10.xa" {
type master;
file "zones/algo-not-supp-by-zm-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "bad-servers-but-good-nsec-1.dnssec10.xa" {
type master;
file "zones/bad-servers-but-good-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec-2.dnssec10.xa" {
type master;
file "zones/err-mult-nsec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "err-mult-nsec3-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "err-mult-nsec3param-1.dnssec10.xa" {
type master;
file "zones/err-mult-nsec3param-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "exp-nsec-nsec3-miss-1.dnssec10.xa" {
# The scenario has neither NSEC nor NSEC3, but we have to select
# something to get the DNSKEY and RRSIG.
type master;
file "zones/exp-nsec-nsec3-miss-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsistent-nsec-1.dnssec10.xa" {
type master;
file "zones/inconsistent-nsec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsistent-nsec3-1.dnssec10.xa" {
type master;
file "zones/inconsistent-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones/inconsist-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones/inconsist-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "mixed-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones/mixed-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "mixed-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones/mixed-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec3param-gives-err-answer-1.dnssec10.xa" {
type master;
file "zones/nsec3param-gives-err-answer-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-gives-err-answer-2.dnssec10.xa" {
type master;
file "zones/nsec3param-gives-err-answer-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec3param-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-1.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-2.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3param-q-response-err-3.dnssec10.xa" {
type master;
file "zones/nsec3param-q-response-err-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-err-type-list-1.dnssec10.xa" {
type master;
file "zones/nsec3-err-type-list-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-err-type-list-2.dnssec10.xa" {
type master;
file "zones/nsec3-err-type-list-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec3-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-missing-signature-1.dnssec10.xa" {
type master;
file "zones/nsec3-missing-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-nodata-missing-soa-1.dnssec10.xa" {
type master;
file "zones/nsec3-nodata-missing-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-nodata-wrong-soa-1.dnssec10.xa" {
type master;
file "zones/nsec3-nodata-wrong-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-1.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-2.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-3.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec3-no-verified-signature-4.dnssec10.xa" {
type master;
file "zones/nsec3-no-verified-signature-4.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "nsec-err-type-list-1.dnssec10.xa" {
type master;
file "zones/nsec-err-type-list-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-err-type-list-2.dnssec10.xa" {
type master;
file "zones/nsec-err-type-list-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-gives-err-answer-1.dnssec10.xa" {
type master;
file "zones/nsec-gives-err-answer-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-gives-err-answer-2.dnssec10.xa" {
type master;
file "zones/nsec-gives-err-answer-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-mismatches-apex-1.dnssec10.xa" {
type master;
file "zones/nsec-mismatches-apex-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-mismatches-apex-2.dnssec10.xa" {
type master;
file "zones/nsec-mismatches-apex-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-missing-signature-1.dnssec10.xa" {
type master;
file "zones/nsec-missing-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-nodata-missing-soa-1.dnssec10.xa" {
type master;
file "zones/nsec-nodata-missing-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-nodata-wrong-soa-1.dnssec10.xa" {
type master;
file "zones/nsec-nodata-wrong-soa-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-1.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-2.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-3.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-no-verified-signature-4.dnssec10.xa" {
type master;
file "zones/nsec-no-verified-signature-4.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-1.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-2.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "nsec-query-response-err-3.dnssec10.xa" {
type master;
file "zones/nsec-query-response-err-3.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "server-no-dnssec-1.dnssec10.xa" {
type master;
file "zones/server-no-dnssec-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec;
inline-signing yes;
};
zone "server-no-dnssec-2.dnssec10.xa" {
type master;
file "zones/server-no-dnssec-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
}; # End view "main"
view "var1" {
# This view is for a variant of the zone already defined in view
# "main". Do not put zones here unless they already exist in view
# "main".
# Name of zone file in this view should be "<ZONE-NAME>.zone", i.e.
# the same name as in the main view, but stored in directory
# "zones-var1".
match-destinations { 127.15.10.38; fda1:b2:c3:0:127:15:10:38; };
key-directory "key-dir-var1";
zone "localhost" {
type master;
file "zones-var1/localhost.zone";
};
zone "inconsist-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones-var1/inconsist-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "inconsist-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones-var1/inconsist-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "mixed-nsec-nsec3-1.dnssec10.xa" {
type master;
file "zones-var1/mixed-nsec-nsec3-1.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
zone "mixed-nsec-nsec3-2.dnssec10.xa" {
type master;
file "zones-var1/mixed-nsec-nsec3-2.dnssec10.xa.zone";
dnssec-policy dnssec10-nsec3;
inline-signing yes;
};
}; # End view "var1"
## DNSSEC policy
# Period duration definition: https://en.wikipedia.org/wiki/ISO_8601#Durations
dnssec-policy dnssec10-nsec3 {
dnskey-ttl PT24H;
keys {
ksk lifetime unlimited algorithm 13; # ECDSAP256SHA256
zsk lifetime unlimited algorithm 13; # ECDSAP256SHA256
};
max-zone-ttl P7W;
nsec3param iterations 0 optout no salt-length 0;
signatures-validity P8Y;
signatures-validity-dnskey P8Y;
};
dnssec-policy dnssec10-nsec {
dnskey-ttl PT24H;
keys {
ksk lifetime unlimited algorithm 13; # ECDSAP256SHA256
zsk lifetime unlimited algorithm 13; # ECDSAP256SHA256
};
max-zone-ttl PT24H;
signatures-validity P8Y;
signatures-validity-dnskey P8Y;
};

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/inconsist-nsec-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN inconsist-nsec-nsec3-1.dnssec10.xa.
; NSEC3 version of the zone.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/inconsist-nsec-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN inconsist-nsec-nsec3-2.dnssec10.xa.
; NSEC3 version of the zone.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
14 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

15
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/localhost.zone Normal file
View File

@@ -0,0 +1,15 @@
; For the dnssec10-38 view.
;
$TTL 604800
@ SOA localhost. root.localhost. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS localhost.
@ A 127.0.0.1
@ AAAA ::1
@ TXT "127.15.10.38 fda1:b2:c3:0:127:15:10:38"

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/mixed-nsec-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN mixed-nsec-nsec3-1.dnssec10.xa.
; NSEC3 version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
16 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones-var1/mixed-nsec-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN mixed-nsec-nsec3-2.dnssec10.xa.
; NSEC3 version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
17 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/algo-not-supp-by-zm-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN algo-not-supp-by-zm-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
10 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/algo-not-supp-by-zm-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN algo-not-supp-by-zm-2.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

27
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/bad-servers-but-good-nsec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,27 @@
$ORIGIN bad-servers-but-good-nsec-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ NS ns3
@ NS ns4
@ NS ns5
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
ns3 A 127.15.10.33
ns3 AAAA fda1:b2:c3:0:127:15:10:33
ns4 A 127.15.10.34
ns4 AAAA fda1:b2:c3:0:127:15:10:34
ns5 A 127.15.10.35
ns5 AAAA fda1:b2:c3:0:127:15:10:35

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/err-mult-nsec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN err-mult-nsec-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/err-mult-nsec-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN err-mult-nsec-2.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/err-mult-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN err-mult-nsec3-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/err-mult-nsec3param-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN err-mult-nsec3param-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
14 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/exp-nsec-nsec3-miss-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN exp-nsec-nsec3-miss-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN good-nsec-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
$ORIGIN good-nsec-2.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1a
@ NS ns1b
@ NS ns1c
ns1a A 127.15.10.31
ns1a AAAA fda1:b2:c3:0:127:15:10:31
ns1b A 127.15.10.31
ns1b AAAA fda1:b2:c3:0:127:15:10:31
ns1c A 127.15.10.31
ns1c AAAA fda1:b2:c3:0:127:15:10:31

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN good-nsec-3.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS dns1
@ NS dns2
dns1 A 127.15.10.31
dns1 AAAA fda1:b2:c3:0:127:15:10:31
dns2 A 127.15.10.32
dns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN good-nsec3-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
$ORIGIN good-nsec3-2.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1a
@ NS ns1b
@ NS ns1c
ns1a A 127.15.10.31
ns1a AAAA fda1:b2:c3:0:127:15:10:31
ns1b A 127.15.10.31
ns1b AAAA fda1:b2:c3:0:127:15:10:31
ns1c A 127.15.10.31
ns1c AAAA fda1:b2:c3:0:127:15:10:31

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/good-nsec3-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN good-nsec3-3.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS dns1
@ NS dns2
dns1 A 127.15.10.31
dns1 AAAA fda1:b2:c3:0:127:15:10:31
dns2 A 127.15.10.32
dns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/inconsist-nsec-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN inconsist-nsec-nsec3-1.dnssec10.xa.
; NSEC version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/inconsist-nsec-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN inconsist-nsec-nsec3-2.dnssec10.xa.
; NSEC version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
14 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/inconsistent-nsec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN inconsistent-nsec-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

17
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/inconsistent-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,17 @@
$ORIGIN inconsistent-nsec3-1.dnssec10.xa.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

15
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/localhost.zone Normal file
View File

@@ -0,0 +1,15 @@
; For the dnssec10-37 view.
;
$TTL 604800
@ SOA localhost. root.localhost. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS localhost.
@ A 127.0.0.1
@ AAAA ::1
@ TXT "127.15.10.37 fda1:b2:c3:0:127:15:10:37"

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/mixed-nsec-nsec3-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN mixed-nsec-nsec3-1.dnssec10.xa.
; NSEC version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
15 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/mixed-nsec-nsec3-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN mixed-nsec-nsec3-2.dnssec10.xa.
; NSEC version of the zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
16 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-err-type-list-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-err-type-list-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
4 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-err-type-list-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-err-type-list-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
5 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-gives-err-answer-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
$ORIGIN nsec-gives-err-answer-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
8 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ TXT Text-string
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

21
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-gives-err-answer-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,21 @@
$ORIGIN nsec-gives-err-answer-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
10 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ TXT Text-string
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-mismatches-apex-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-mismatches-apex-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
12 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-mismatches-apex-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-mismatches-apex-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-missing-signature-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-missing-signature-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
14 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-no-verified-signature-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-no-verified-signature-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
6 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-no-verified-signature-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-no-verified-signature-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
7 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-no-verified-signature-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-no-verified-signature-3.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
7 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-no-verified-signature-4.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-no-verified-signature-4.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-nodata-missing-soa-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-nodata-missing-soa-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
2 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-nodata-wrong-soa-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-nodata-wrong-soa-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
4 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-query-response-err-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-query-response-err-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
2 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-query-response-err-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-query-response-err-2.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
3 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec-query-response-err-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec-query-response-err-3.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
5 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-err-type-list-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-err-type-list-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
2 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-err-type-list-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-err-type-list-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
3 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-mismatches-apex-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-mismatches-apex-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
3 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-missing-signature-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-missing-signature-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
5 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-no-verified-signature-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-no-verified-signature-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
11 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-no-verified-signature-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-no-verified-signature-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
13 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-no-verified-signature-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-no-verified-signature-3.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
15 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-no-verified-signature-4.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-no-verified-signature-4.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
17 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-nodata-missing-soa-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-nodata-missing-soa-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
7 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3-nodata-wrong-soa-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3-nodata-wrong-soa-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-gives-err-answer-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-gives-err-answer-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
17 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ TXT Text-string
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-gives-err-answer-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-gives-err-answer-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
18 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
@ TXT Text-string
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

18
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-mismatches-apex-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,18 @@
$ORIGIN nsec3param-mismatches-apex-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
23 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-q-response-err-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-q-response-err-1.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
24 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-q-response-err-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-q-response-err-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
26 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/nsec3param-q-response-err-3.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN nsec3param-q-response-err-3.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
28 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/server-no-dnssec-1.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN server-no-dnssec-1.dnssec10.xa.
; NSEC zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
7 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

19
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/Bind/zones/server-no-dnssec-2.dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,19 @@
$ORIGIN server-no-dnssec-2.dnssec10.xa.
; NSEC3 zone
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
9 ; Serial
3600 ; Refresh
1200 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

23
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/README-Bind.md Normal file
View File

@@ -0,0 +1,23 @@
# Bind
## Generate DNS records
For this test case Bind is used for generating some DNS records, and then
they are added to the CoreDNS configuration. Specifically `DNSKEY`, `NSEC`,
`NSEC3`, `NSEC3PARAM` and `RRSIG` records are generated and then copied to,
for this test case, [dnssec10.cfg](dnssec10.cfg).
Bind is never used to serve the test zones. That is done by CoreDNS, and in the
future maybe IBDNS.
## Creating new scenarios or updating existing scenarios
The recommended path is to let Bind load the zone for the scenario and then get
the records from responses on queries to the bind specific IP addresses,
127.15.10.37 and in some cases 127.15.10.38. That will give valid DNSKEY, NSEC,
NSEC3 and NSEC3PARAM records signed by valid RRSIG.
After that manipulations could be necessary. See existing test zones for examples.
Go to the [Bind](Bind) directory for Bind configuration, zone files and more
information.

9
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/README-DNSSEC-utilities.md Normal file
View File

@@ -0,0 +1,9 @@
# DNSEC utilities
For these test scenarios there are three useful utilities avaiable:
* keytag-from-dnskey
* sign-rrset
* verify-rrset
See the [utilities directory README](../../utils/README.md) for details.

20
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/README.md Normal file
View File

@@ -0,0 +1,20 @@
[This directory], i.e. the same directory as this README file, holds zone
files and configuration files to implement the test zones for the scenarios
defined in [DNSSEC10 test scenario specification].
For these test zones the following files are found in [this directory]:
* Zone files for `dnssec10.xa` and other related zones.
* CoreDNS configuration file
* Zone file and hint file for local root zone.
* Output from `zonemaster-cli` on all test scenarios in
[DNSSEC Test Zones Output].
* Bind configuration and zone files for Bind in the [Bind] directory.
* README files for [Bind][README-Bind] and [DNSSEC utilities].
[DNSSEC Test Zones Output]: ./test-zones-output.md
[DNSSEC utilities]: ./README-DNSSEC-utilities.md
[DNSSEC10 test scenario specification]: ../../../docs/public/specifications/test-zones/DNSSEC-TP/dnssec10.md
[README-Bind]: ./README-Bind.md
[This directory]: .
[Bind]: ./Bind/

1610
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/dnssec10.cfg Normal file
View File

File diff suppressed because it is too large Load Diff

477
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/dnssec10.xa.zone Normal file
View File

@@ -0,0 +1,477 @@
$ORIGIN dnssec10.xa. ; Must end with "."
$TTL 3600
@ SOA ns1 admin. (
2025052800 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
@ NS ns1
@ NS ns2
ns1 A 127.15.10.21
ns1 AAAA fda1:b2:c3:0:127:15:10:21
ns2 A 127.15.10.22
ns2 AAAA fda1:b2:c3:0:127:15:10:22
$ORIGIN good-nsec-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN good-nsec-2.dnssec10.xa.
@ NS ns1a
@ NS ns1b
@ NS ns1c
ns1a A 127.15.10.31
ns1a AAAA fda1:b2:c3:0:127:15:10:31
ns1b A 127.15.10.31
ns1b AAAA fda1:b2:c3:0:127:15:10:31
ns1c A 127.15.10.31
ns1c AAAA fda1:b2:c3:0:127:15:10:31
$ORIGIN good-nsec-3.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN good-nsec3-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN good-nsec3-2.dnssec10.xa.
@ NS ns1a
@ NS ns1b
@ NS ns1c
ns1a A 127.15.10.31
ns1a AAAA fda1:b2:c3:0:127:15:10:31
ns1b A 127.15.10.31
ns1b AAAA fda1:b2:c3:0:127:15:10:31
ns1c A 127.15.10.31
ns1c AAAA fda1:b2:c3:0:127:15:10:31
$ORIGIN good-nsec3-3.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN algo-not-supp-by-zm-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN algo-not-supp-by-zm-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN bad-servers-but-good-nsec-1.dnssec10.xa.
@ NS ns1
@ NS ns2
@ NS ns3
@ NS ns4
@ NS ns5
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
ns3 A 127.15.10.33
ns3 AAAA fda1:b2:c3:0:127:15:10:33
ns4 A 127.15.10.34
ns4 AAAA fda1:b2:c3:0:127:15:10:34
ns5 A 127.15.10.35
ns5 AAAA fda1:b2:c3:0:127:15:10:35
$ORIGIN err-mult-nsec-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN err-mult-nsec-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN err-mult-nsec3-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN err-mult-nsec3param-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN exp-nsec-nsec3-miss-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN inconsistent-nsec-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN inconsistent-nsec3-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN inconsist-nsec-nsec3-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN inconsist-nsec-nsec3-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN mixed-nsec-nsec3-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN mixed-nsec-nsec3-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3param-gives-err-answer-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3param-gives-err-answer-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3param-mismatches-apex-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3param-q-response-err-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3param-q-response-err-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3param-q-response-err-3.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-err-type-list-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-err-type-list-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-mismatches-apex-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-missing-signature-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-nodata-missing-soa-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-nodata-wrong-soa-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-no-verified-signature-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-no-verified-signature-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-no-verified-signature-3.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec3-no-verified-signature-4.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-err-type-list-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-err-type-list-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-gives-err-answer-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-gives-err-answer-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-mismatches-apex-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-mismatches-apex-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-missing-signature-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-nodata-missing-soa-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-nodata-wrong-soa-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-no-verified-signature-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-no-verified-signature-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-no-verified-signature-3.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-no-verified-signature-4.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-query-response-err-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-query-response-err-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN nsec-query-response-err-3.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN server-no-dnssec-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN server-no-dnssec-2.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32
$ORIGIN zone-no-dnssec-1.dnssec10.xa.
@ NS ns1
@ NS ns2
ns1 A 127.15.10.31
ns1 AAAA fda1:b2:c3:0:127:15:10:31
ns2 A 127.15.10.32
ns2 AAAA fda1:b2:c3:0:127:15:10:32

109
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/profile-no-ipv6.json Normal file
View File

@@ -0,0 +1,109 @@
{
"net" : {
"ipv4" : true,
"ipv6" : false
},
"test_levels" : {
"DNSSEC" : {
"DS10_ALGO_NOT_SUPPORTED_BY_ZM" : "NOTICE",
"DS10_ERR_MULT_NSEC" : "ERROR",
"DS10_ERR_MULT_NSEC3" : "ERROR",
"DS10_ERR_MULT_NSEC3PARAM" : "ERROR",
"DS10_EXPECTED_NSEC_NSEC3_MISSING" : "ERROR",
"DS10_HAS_NSEC" : "INFO",
"DS10_HAS_NSEC3" : "INFO",
"DS10_INCONSISTENT_NSEC" : "ERROR",
"DS10_INCONSISTENT_NSEC3" : "ERROR",
"DS10_INCONSISTENT_NSEC_NSEC3" : "ERROR",
"DS10_MIXED_NSEC_NSEC3" : "ERROR",
"DS10_NSEC3PARAM_GIVES_ERR_ANSWER" : "ERROR",
"DS10_NSEC3PARAM_MISMATCHES_APEX" : "ERROR",
"DS10_NSEC3PARAM_QUERY_RESPONSE_ERR" : "ERROR",
"DS10_NSEC3_ERR_TYPE_LIST" : "ERROR",
"DS10_NSEC3_MISMATCHES_APEX" : "ERROR",
"DS10_NSEC3_MISSING_SIGNATURE" : "ERROR",
"DS10_NSEC3_NODATA_MISSING_SOA" : "ERROR",
"DS10_NSEC3_NODATA_WRONG_SOA" : "ERROR",
"DS10_NSEC3_NO_VERIFIED_SIGNATURE" : "ERROR",
"DS10_NSEC3_RRSIG_EXPIRED" : "ERROR",
"DS10_NSEC3_RRSIG_NOT_YET_VALID" : "ERROR",
"DS10_NSEC3_RRSIG_NO_DNSKEY" : "WARNING",
"DS10_NSEC3_RRSIG_VERIFY_ERROR" : "ERROR",
"DS10_NSEC_ERR_TYPE_LIST" : "ERROR",
"DS10_NSEC_GIVES_ERR_ANSWER" : "ERROR",
"DS10_NSEC_MISMATCHES_APEX" : "ERROR",
"DS10_NSEC_MISSING_SIGNATURE" : "ERROR",
"DS10_NSEC_NODATA_MISSING_SOA" : "ERROR",
"DS10_NSEC_NODATA_WRONG_SOA" : "ERROR",
"DS10_NSEC_NO_VERIFIED_SIGNATURE" : "ERROR",
"DS10_NSEC_QUERY_RESPONSE_ERR" : "ERROR",
"DS10_NSEC_RRSIG_EXPIRED" : "ERROR",
"DS10_NSEC_RRSIG_NOT_YET_VALID" : "ERROR",
"DS10_NSEC_RRSIG_NO_DNSKEY" : "WARNING",
"DS10_NSEC_RRSIG_VERIFY_ERROR" : "ERROR",
"DS10_SERVER_NO_DNSSEC" : "ERROR",
"DS10_ZONE_NO_DNSSEC" : "NOTICE",
"IPV4_DISABLED" : "INFO",
"IPV6_DISABLED" : "INFO"
},
"SYSTEM" : {
"ASN_LOOKUP_SOURCE": "DEBUG",
"CACHE_CREATED" : "DEBUG2",
"CACHE_FETCHED" : "DEBUG2",
"CACHED_RETURN" : "DEBUG3",
"CANNOT_CONTINUE" : "CRITICAL",
"CNAME_CHAIN_TOO_LONG" : "ERROR",
"CNAME_FOLLOWED_IN_ZONE" : "DEBUG",
"CNAME_FOLLOWED_OUT_OF_ZONE" : "DEBUG",
"CNAME_LOOP_INNER" : "ERROR",
"CNAME_LOOP_OUTER" : "ERROR",
"CNAME_NO_MATCH" : "ERROR",
"CNAME_RECORDS_CHAIN_BROKEN" : "ERROR",
"CNAME_RECORDS_DUPLICATES" : "DEBUG",
"CNAME_RECORDS_MULTIPLE_FOR_NAME" : "ERROR",
"CNAME_RECORDS_TOO_MANY" : "ERROR",
"CNAME_START" : "DEBUG",
"DEPENDENCY_VERSION" : "DEBUG",
"EMPTY_RETURN" : "DEBUG3",
"EXTERNAL_RESPONSE" : "DEBUG3",
"FAKE_DELEGATION_ADDED" : "DEBUG2",
"FAKE_DELEGATION_IN_ZONE_NO_IP" : "ERROR",
"FAKE_DELEGATION_NO_IP" : "ERROR",
"FAKE_DELEGATION_RETURNED" : "DEBUG2",
"FAKE_DELEGATION_TO_SELF" : "DEBUG2",
"FAKE_DS_ADDED" : "DEBUG2",
"FAKE_DS_RETURNED" : "DEBUG2",
"FAKE_PACKET_RETURNED" : "DEBUG3",
"GLOBAL_VERSION" : "INFO",
"IPV4_BLOCKED" : "DEBUG2",
"IPV6_BLOCKED" : "DEBUG2",
"IS_BLACKLISTED" : "DEBUG",
"IS_REDIRECT" : "DEBUG2",
"LOGGER_CALLBACK_ERROR" : "DEBUG",
"LOOKUP_ERROR" : "DEBUG",
"LOOP_PROTECTION" : "DEBUG2",
"MODULE_ERROR" : "CRITICAL",
"MODULE_VERSION" : "DEBUG",
"MODULE_END" : "DEBUG",
"NO_NETWORK": "CRITICAL",
"NO_SUCH_NAME" : "DEBUG2",
"NO_SUCH_RECORD" : "DEBUG2",
"NS_CREATED" : "DEBUG2",
"PACKET_BIG" : "DEBUG",
"QUERY" : "DEBUG2",
"RECURSE" : "DEBUG2",
"RECURSE_QUERY" : "DEBUG2",
"RESTORED_NS_CACHE" : "DEBUG2",
"SAVED_NS_CACHE" : "DEBUG2",
"SKIP_IPV4_DISABLED": "DEBUG",
"SKIP_IPV6_DISABLED": "DEBUG",
"START_TIME": "DEBUG",
"TEST_TARGET": "DEBUG",
"UNKNOWN_METHOD" : "CRITICAL",
"UNKNOWN_MODULE" : "CRITICAL"
}
},
"test_cases": [
"dnssec10"
]
}

773
zonemaster/test-zone-data/DNSSEC-TP/dnssec10/test-zones-output.md Normal file
View File

@@ -0,0 +1,773 @@
# DNSSEC10 Test Zones Output
# Table of contents
* [Introduction](#introduction)
* [All message tags](#all-message-tags)
* [All scenarios](#all-scenarios)
* [zonemaster-cli commands and their output for each test scenario](#zonemaster-cli-commands-and-their-output-for-each-test-scenario)
* [zonemaster-cli commands and special run of some test scenarios](#zonemaster-cli-commands-and-special-run-of-some-test-scenarios)
## Introduction
In this file the output of running `zonemaster-cli` for every test zone is
found. This file is created during the development of the test zones and should
be updated as the implementation of the test case or the test scenarios or test
zones are updated or corrected.
During development and any update this document serves as tracking and log tool.
It also serves as a template for future development of test zones for
scenarios for other test cases.
## All message tags
* DS10_ALGO_NOT_SUPPORTED_BY_ZM
* DS10_ERR_MULT_NSEC
* DS10_ERR_MULT_NSEC3
* DS10_ERR_MULT_NSEC3PARAM
* DS10_EXPECTED_NSEC_NSEC3_MISSING
* DS10_HAS_NSEC
* DS10_HAS_NSEC3
* DS10_INCONSISTENT_NSEC
* DS10_INCONSISTENT_NSEC3
* DS10_INCONSISTENT_NSEC_NSEC3
* DS10_MIXED_NSEC_NSEC3
* DS10_NSEC3PARAM_GIVES_ERR_ANSWER
* DS10_NSEC3PARAM_MISMATCHES_APEX
* DS10_NSEC3PARAM_QUERY_RESPONSE_ERR
* DS10_NSEC3_ERR_TYPE_LIST
* DS10_NSEC3_MISMATCHES_APEX
* DS10_NSEC3_MISSING_SIGNATURE
* DS10_NSEC3_NODATA_MISSING_SOA
* DS10_NSEC3_NODATA_WRONG_SOA
* DS10_NSEC3_NO_VERIFIED_SIGNATURE
* DS10_NSEC3_RRSIG_EXPIRED
* DS10_NSEC3_RRSIG_NOT_YET_VALID
* DS10_NSEC3_RRSIG_NO_DNSKEY
* DS10_NSEC3_RRSIG_VERIFY_ERROR
* DS10_NSEC_ERR_TYPE_LIST
* DS10_NSEC_GIVES_ERR_ANSWER
* DS10_NSEC_MISMATCHES_APEX
* DS10_NSEC_MISSING_SIGNATURE
* DS10_NSEC_NODATA_MISSING_SOA
* DS10_NSEC_NODATA_WRONG_SOA
* DS10_NSEC_NO_VERIFIED_SIGNATURE
* DS10_NSEC_QUERY_RESPONSE_ERR
* DS10_NSEC_RRSIG_EXPIRED
* DS10_NSEC_RRSIG_NOT_YET_VALID
* DS10_NSEC_RRSIG_NO_DNSKEY
* DS10_NSEC_RRSIG_VERIFY_ERROR
* DS10_SERVER_NO_DNSSEC
* DS10_ZONE_NO_DNSSEC
## All scenarios
Scenario name | Zone name
:------------------------------|:---------------------------------------------
GOOD-NSEC-1 | good-nsec-1.dnssec10.xa
GOOD-NSEC-2 | good-nsec-2.dnssec10.xa
GOOD-NSEC-3 | good-nsec-3.dnssec10.xa
GOOD-NSEC3-1 | good-nsec3-1.dnssec10.xa
GOOD-NSEC3-2 | good-nsec3-2.dnssec10.xa
GOOD-NSEC3-3 | good-nsec3-3.dnssec10.xa
ALGO-NOT-SUPP-BY-ZM-1 | algo-not-supp-by-zm-1.dnssec10.xa
ALGO-NOT-SUPP-BY-ZM-2 | algo-not-supp-by-zm-2.dnssec10.xa
BAD-SERVERS-BUT-GOOD-NSEC-1 | bad-servers-but-good-nsec-1.dnssec10.xa
ERR-MULT-NSEC-1 | err-mult-nsec-1.dnssec10.xa
ERR-MULT-NSEC-2 | err-mult-nsec-2.dnssec10.xa
ERR-MULT-NSEC3-1 | err-mult-nsec3-1.dnssec10.xa
ERR-MULT-NSEC3PARAM-1 | err-mult-nsec3param-1.dnssec10.xa
EXP-NSEC-NSEC3-MISS-1 | exp-nsec-nsec3-miss-1.dnssec10.xa
INCONSISTENT-NSEC-1 | inconsistent-nsec-1.dnssec10.xa
INCONSISTENT-NSEC3-1 | inconsistent-nsec3-1.dnssec10.xa
INCONSIST-NSEC-NSEC3-1 | inconsist-nsec-nsec3-1.dnssec10.xa
INCONSIST-NSEC-NSEC3-2 | inconsist-nsec-nsec3-2.dnssec10.xa
MIXED-NSEC-NSEC3-1 | mixed-nsec-nsec3-1.dnssec10.xa
MIXED-NSEC-NSEC3-1 | mixed-nsec-nsec3-2.dnssec10.xa
NSEC3PARAM-GIVES-ERR-ANSWER-1 | nsec3param-gives-err-answer-1.dnssec10.xa
NSEC3PARAM-GIVES-ERR-ANSWER-2 | nsec3param-gives-err-answer-1.dnssec10.xa
NSEC3PARAM-MISMATCHES-APEX-1 | nsec3param-mismatches-apex-1.dnssec10.xa
NSEC3PARAM-Q-RESPONSE-ERR-1 | nsec3param-q-response-err-1.dnssec10.xa
NSEC3PARAM-Q-RESPONSE-ERR-2 | nsec3param-q-response-err-2.dnssec10.xa
NSEC3PARAM-Q-RESPONSE-ERR-3 | nsec3param-q-response-err-3.dnssec10.xa
NSEC3-ERR-TYPE-LIST-1 | nsec3-err-type-list-1.dnssec10.xa
NSEC3-ERR-TYPE-LIST-2 | nsec3-err-type-list-2.dnssec10.xa
NSEC3-MISMATCHES-APEX-1 | nsec3-mismatches-apex-1.dnssec10.xa
NSEC3-MISSING-SIGNATURE-1 | nsec3-missing-signature-1.dnssec10.xa
NSEC3-NODATA-MISSING-SOA-1 | nsec3-nodata-missing-soa-1.dnssec10.xa
NSEC3-NODATA-WRONG-SOA-1 | nsec3-nodata-wrong-soa-1.dnssec10.xa
NSEC3-NO-VERIFIED-SIGNATURE-1 | nsec3-no-verified-signature-1.dnssec10.xa
NSEC3-NO-VERIFIED-SIGNATURE-2 | nsec3-no-verified-signature-2.dnssec10.xa
NSEC3-NO-VERIFIED-SIGNATURE-3 | nsec3-no-verified-signature-3.dnssec10.xa
NSEC3-NO-VERIFIED-SIGNATURE-4 | nsec3-no-verified-signature-4.dnssec10.xa
NSEC-ERR-TYPE-LIST-1 | nsec-err-type-list-1.dnssec10.xa
NSEC-ERR-TYPE-LIST-2 | nsec-err-type-list-2.dnssec10.xa
NSEC-GIVES-ERR-ANSWER-1 | nsec-gives-err-answer-1.dnssec10.xa
NSEC-GIVES-ERR-ANSWER-2 | nsec-gives-err-answer-2.dnssec10.xa
NSEC-MISMATCHES-APEX-1 | nsec-mismatches-apex-1.dnssec10.xa
NSEC-MISMATCHES-APEX-2 | nsec-mismatches-apex-2.dnssec10.xa
NSEC-MISSING-SIGNATURE-1 | nsec-missing-signature-1.dnssec10.xa
NSEC-NODATA-MISSING-SOA-1 | nsec-nodata-missing-soa-1.dnssec10.xa
NSEC-NODATA-WRONG-SOA-1 | nsec-nodata-wrong-soa-1.dnssec10.xa
NSEC-NO-VERIFIED-SIGNATURE-1 | nsec-no-verified-signature-1.dnssec10.xa
NSEC-NO-VERIFIED-SIGNATURE-2 | nsec-no-verified-signature-2.dnssec10.xa
NSEC-NO-VERIFIED-SIGNATURE-3 | nsec-no-verified-signature-3.dnssec10.xa
NSEC-NO-VERIFIED-SIGNATURE-4 | nsec-no-verified-signature-4.dnssec10.xa
NSEC-QUERY-RESPONSE-ERR-1 | nsec-query-response-err-1.dnssec10.xa
NSEC-QUERY-RESPONSE-ERR-2 | nsec-query-response-err-2.dnssec10.xa
NSEC-QUERY-RESPONSE-ERR-3 | nsec-query-response-err-3.dnssec10.xa
SERVER-NO-DNSSEC-1 | server-no-dnssec-1.dnssec10.xa
SERVER-NO-DNSSEC-2 | server-no-dnssec-2.dnssec10.xa
ZONE-NO-DNSSEC-1 | zone-no-dnssec-1.dnssec10.xa
## zonemaster-cli commands and their output for each test scenario
For this test case it is only meaningful to test the test zones with
`--level=info --test=dnssec10`. All commands are run from the same directory as
this file is in.
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
GOOD-NSEC-1 | DS10_HAS_NSEC | 2)
* (2) All tags except for those specified as "Mandatory message tags"
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw GOOD-NSEC-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.16 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.good-nsec-1.dnssec10.xa/127.15.10.31;ns1.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.good-nsec-1.dnssec10.xa/127.15.10.32;ns2.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
GOOD-NSEC-2 | DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw GOOD-NSEC-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v7.1.0
0.07 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1a.good-nsec-2.dnssec10.xa/127.15.10.31;ns1a.good-nsec-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
```
--> OK, but missing names in *ns_list* in DS10_HAS_NSEC.
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
GOOD-NSEC-3 | DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw GOOD-NSEC-3.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v7.1.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.good-nsec-3.dnssec10.xa/127.15.10.31;ns1.good-nsec-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.good-nsec-3.dnssec10.xa/127.15.10.32;ns2.good-nsec-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK, but missing names in *ns_list* in DS10_HAS_NSEC.
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
GOOD-NSEC3-1 | DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw GOOD-NSEC3-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.25 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.good-nsec3-1.dnssec10.xa/127.15.10.31;ns1.good-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.good-nsec3-1.dnssec10.xa/127.15.10.32;ns2.good-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
GOOD-NSEC3-2 | DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw GOOD-NSEC3-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v7.1.0
0.07 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1a.good-nsec3-2.dnssec10.xa/127.15.10.31;ns1a.good-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
GOOD-NSEC3-3 | DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw GOOD-NSEC3-3.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v7.1.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.good-nsec3-3.dnssec10.xa/127.15.10.31;ns1.good-nsec3-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.good-nsec3-3.dnssec10.xa/127.15.10.32;ns2.good-nsec3-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK, but missing names in *ns_list* in DS10_HAS_NSEC.
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
ALGO-NOT-SUPP-BY-ZM-1 | DS10_ALGO_NOT_SUPPORTED_BY_ZM, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw ALGO-NOT-SUPP-BY-ZM-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.20 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.algo-not-supp-by-zm-1.dnssec10.xa/127.15.10.31;ns1.algo-not-supp-by-zm-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.algo-not-supp-by-zm-1.dnssec10.xa/127.15.10.32;ns2.algo-not-supp-by-zm-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.20 NOTICE DNSSEC10 DS10_ALGO_NOT_SUPPORTED_BY_ZM algo_mnemo=; algo_num=255; keytag=4848; ns_ip_list=ns1.algo-not-supp-by-zm-1.dnssec10.xa/127.15.10.31;ns1.algo-not-supp-by-zm-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.algo-not-supp-by-zm-1.dnssec10.xa/127.15.10.32;ns2.algo-not-supp-by-zm-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
BAD-SERVERS-BUT-GOOD-NSEC-1 | DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw BAD-SERVERS-BUT-GOOD-NSEC-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v7.1.0
40.13 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.bad-servers-but-good-nsec-1.dnssec10.xa/127.15.10.31;ns1.bad-servers-but-good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.bad-servers-but-good-nsec-1.dnssec10.xa/127.15.10.32;ns2.bad-servers-but-good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
ALGO-NOT-SUPP-BY-ZM-2 | DS10_ALGO_NOT_SUPPORTED_BY_ZM, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw ALGO-NOT-SUPP-BY-ZM-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.13 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.algo-not-supp-by-zm-2.dnssec10.xa/127.15.10.31;ns1.algo-not-supp-by-zm-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.algo-not-supp-by-zm-2.dnssec10.xa/127.15.10.32;ns2.algo-not-supp-by-zm-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.13 NOTICE DNSSEC10 DS10_ALGO_NOT_SUPPORTED_BY_ZM algo_mnemo=; algo_num=255; keytag=4848; ns_ip_list=ns1.algo-not-supp-by-zm-2.dnssec10.xa/127.15.10.31;ns1.algo-not-supp-by-zm-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.algo-not-supp-by-zm-2.dnssec10.xa/127.15.10.32;ns2.algo-not-supp-by-zm-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
ERR-MULT-NSEC-1 | DS10_ERR_MULT_NSEC, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw ERR-MULT-NSEC-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.24 ERROR DNSSEC10 DS10_ERR_MULT_NSEC ns_list=ns1.err-mult-nsec-1.dnssec10.xa/127.15.10.31;ns1.err-mult-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.err-mult-nsec-1.dnssec10.xa/127.15.10.32;ns2.err-mult-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.24 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.err-mult-nsec-1.dnssec10.xa/127.15.10.31;ns1.err-mult-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.err-mult-nsec-1.dnssec10.xa/127.15.10.32;ns2.err-mult-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
ERR-MULT-NSEC-2 | DS10_ERR_MULT_NSEC, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw ERR-MULT-NSEC-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.18 ERROR DNSSEC10 DS10_ERR_MULT_NSEC ns_list=ns1.err-mult-nsec-2.dnssec10.xa/127.15.10.31;ns1.err-mult-nsec-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.err-mult-nsec-2.dnssec10.xa/127.15.10.32;ns2.err-mult-nsec-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.19 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.err-mult-nsec-2.dnssec10.xa/127.15.10.31;ns1.err-mult-nsec-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.err-mult-nsec-2.dnssec10.xa/127.15.10.32;ns2.err-mult-nsec-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
ERR-MULT-NSEC3-1 | DS10_ERR_MULT_NSEC3, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw ERR-MULT-NSEC3-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.13 ERROR DNSSEC10 DS10_ERR_MULT_NSEC3 ns_list=ns1.err-mult-nsec3-1.dnssec10.xa/127.15.10.31;ns1.err-mult-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.err-mult-nsec3-1.dnssec10.xa/127.15.10.32;ns2.err-mult-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.14 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.err-mult-nsec3-1.dnssec10.xa/127.15.10.31;ns1.err-mult-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.err-mult-nsec3-1.dnssec10.xa/127.15.10.32;ns2.err-mult-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
ERR-MULT-NSEC3PARAM-1 | DS10_ERR_MULT_NSEC3PARAM, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw ERR-MULT-NSEC3PARAM-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.21 ERROR DNSSEC10 DS10_ERR_MULT_NSEC3PARAM ns_list=ns1.err-mult-nsec3param-1.dnssec10.xa/127.15.10.31;ns1.err-mult-nsec3param-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.err-mult-nsec3param-1.dnssec10.xa/127.15.10.32;ns2.err-mult-nsec3param-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.21 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.err-mult-nsec3param-1.dnssec10.xa/127.15.10.31;ns1.err-mult-nsec3param-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.err-mult-nsec3param-1.dnssec10.xa/127.15.10.32;ns2.err-mult-nsec3param-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
EXP-NSEC-NSEC3-MISS-1 | DS10_EXPECTED_NSEC_NSEC3_MISSING | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw EXP-NSEC-NSEC3-MISS-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.25 ERROR DNSSEC10 DS10_EXPECTED_NSEC_NSEC3_MISSING ns_list=ns1.exp-nsec-nsec3-miss-1.dnssec10.xa/127.15.10.31;ns1.exp-nsec-nsec3-miss-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.exp-nsec-nsec3-miss-1.dnssec10.xa/127.15.10.32;ns2.exp-nsec-nsec3-miss-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
INCONSISTENT-NSEC-1 | DS10_INCONSISTENT_NSEC, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw INCONSISTENT-NSEC-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.27 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC ns_list=ns1.inconsistent-nsec-1.dnssec10.xa/127.15.10.31;ns1.inconsistent-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.inconsistent-nsec-1.dnssec10.xa/127.15.10.32;ns2.inconsistent-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.27 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.inconsistent-nsec-1.dnssec10.xa/127.15.10.31;ns1.inconsistent-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.inconsistent-nsec-1.dnssec10.xa/127.15.10.32;ns2.inconsistent-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
INCONSISTENT-NSEC3-1 | DS10_INCONSISTENT_NSEC3, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw INCONSISTENT-NSEC3-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.13 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC3 ns_list=ns1.inconsistent-nsec3-1.dnssec10.xa/127.15.10.31;ns1.inconsistent-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.inconsistent-nsec3-1.dnssec10.xa/127.15.10.32;ns2.inconsistent-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.13 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.inconsistent-nsec3-1.dnssec10.xa/127.15.10.31;ns1.inconsistent-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.inconsistent-nsec3-1.dnssec10.xa/127.15.10.32;ns2.inconsistent-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
INCONSIST-NSEC-NSEC3-1 | DS10_INCONSISTENT_NSEC_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw INCONSIST-NSEC-NSEC3-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.13 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC_NSEC3 ns_list=ns1.inconsist-nsec-nsec3-1.dnssec10.xa/127.15.10.31;ns1.inconsist-nsec-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.inconsist-nsec-nsec3-1.dnssec10.xa/127.15.10.32;ns2.inconsist-nsec-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
INCONSIST-NSEC-NSEC3-2 | DS10_INCONSISTENT_NSEC_NSEC3, DS10_INCONSISTENT_NSEC, DS10_INCONSISTENT_NSEC3| 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw INCONSIST-NSEC-NSEC3-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC ns_list=ns1.inconsist-nsec-nsec3-2.dnssec10.xa/127.15.10.31;ns1.inconsist-nsec-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.inconsist-nsec-nsec3-2.dnssec10.xa/127.15.10.32;ns2.inconsist-nsec-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.13 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC3 ns_list=ns1.inconsist-nsec-nsec3-2.dnssec10.xa/127.15.10.31;ns1.inconsist-nsec-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.inconsist-nsec-nsec3-2.dnssec10.xa/127.15.10.32;ns2.inconsist-nsec-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.13 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC_NSEC3 ns_list=ns1.inconsist-nsec-nsec3-2.dnssec10.xa/127.15.10.31;ns1.inconsist-nsec-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.inconsist-nsec-nsec3-2.dnssec10.xa/127.15.10.32;ns2.inconsist-nsec-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
MIXED-NSEC-NSEC3-1 | DS10_MIXED_NSEC_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw MIXED-NSEC-NSEC3-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 ERROR DNSSEC10 DS10_MIXED_NSEC_NSEC3 ns_list=ns1.mixed-nsec-nsec3-1.dnssec10.xa/127.15.10.31;ns1.mixed-nsec-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.mixed-nsec-nsec3-1.dnssec10.xa/127.15.10.32;ns2.mixed-nsec-nsec3-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
MIXED-NSEC-NSEC3-2 | DS10_MIXED_NSEC_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw MIXED-NSEC-NSEC3-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.15 ERROR DNSSEC10 DS10_MIXED_NSEC_NSEC3 ns_list=ns1.mixed-nsec-nsec3-2.dnssec10.xa/127.15.10.31;ns1.mixed-nsec-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.mixed-nsec-nsec3-2.dnssec10.xa/127.15.10.32;ns2.mixed-nsec-nsec3-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3PARAM-GIVES-ERR-ANSWER-1 | DS10_NSEC3PARAM_GIVES_ERR_ANSWER, DS10_HAS_NSEC3, DS10_INCONSISTENT_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3PARAM-GIVES-ERR-ANSWER-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.15 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC3 ns_list=ns1.nsec3param-gives-err-answer-1.dnssec10.xa/127.15.10.31;ns1.nsec3param-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-gives-err-answer-1.dnssec10.xa/127.15.10.32;ns2.nsec3param-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.15 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3param-gives-err-answer-1.dnssec10.xa/127.15.10.31;ns1.nsec3param-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-gives-err-answer-1.dnssec10.xa/127.15.10.32;ns2.nsec3param-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.15 ERROR DNSSEC10 DS10_NSEC3PARAM_GIVES_ERR_ANSWER ns_list=ns1.nsec3param-gives-err-answer-1.dnssec10.xa/127.15.10.31;ns1.nsec3param-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-gives-err-answer-1.dnssec10.xa/127.15.10.32;ns2.nsec3param-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3PARAM-GIVES-ERR-ANSWER-2 | DS10_NSEC3PARAM_GIVES_ERR_ANSWER, DS10_EXPECTED_NSEC_NSEC3_MISSING, DS10_INCONSISTENT_NSEC3, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3PARAM-GIVES-ERR-ANSWER-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.15 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC3 ns_list=ns1.nsec3param-gives-err-answer-2.dnssec10.xa/127.15.10.31;ns1.nsec3param-gives-err-answer-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
0.15 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3param-gives-err-answer-2.dnssec10.xa/127.15.10.31;ns1.nsec3param-gives-err-answer-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
0.15 ERROR DNSSEC10 DS10_NSEC3PARAM_GIVES_ERR_ANSWER ns_list=ns1.nsec3param-gives-err-answer-2.dnssec10.xa/127.15.10.31;ns1.nsec3param-gives-err-answer-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
0.15 ERROR DNSSEC10 DS10_EXPECTED_NSEC_NSEC3_MISSING ns_list=ns2.nsec3param-gives-err-answer-2.dnssec10.xa/127.15.10.32;ns2.nsec3param-gives-err-answer-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3PARAM-MISMATCHES-APEX-1 | DS10_NSEC3PARAM_MISMATCHES_APEX, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3PARAM-MISMATCHES-APEX-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.14 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3param-mismatches-apex-1.dnssec10.xa/127.15.10.31;ns1.nsec3param-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-mismatches-apex-1.dnssec10.xa/127.15.10.32;ns2.nsec3param-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.14 ERROR DNSSEC10 DS10_NSEC3PARAM_MISMATCHES_APEX ns_list=ns1.nsec3param-mismatches-apex-1.dnssec10.xa/127.15.10.31;ns1.nsec3param-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-mismatches-apex-1.dnssec10.xa/127.15.10.32;ns2.nsec3param-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3PARAM-Q-RESPONSE-ERR-1 | DS10_NSEC3PARAM_QUERY_RESPONSE_ERR, DS10_HAS_NSEC3, DS10_INCONSISTENT_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3PARAM-Q-RESPONSE-ERR-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
40.19 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC3 ns_list=ns1.nsec3param-q-response-err-1.dnssec10.xa/127.15.10.31;ns1.nsec3param-q-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-q-response-err-1.dnssec10.xa/127.15.10.32;ns2.nsec3param-q-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
40.19 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3param-q-response-err-1.dnssec10.xa/127.15.10.31;ns1.nsec3param-q-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-q-response-err-1.dnssec10.xa/127.15.10.32;ns2.nsec3param-q-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
40.19 ERROR DNSSEC10 DS10_NSEC3PARAM_QUERY_RESPONSE_ERR ns_list=ns1.nsec3param-q-response-err-1.dnssec10.xa/127.15.10.31;ns1.nsec3param-q-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-q-response-err-1.dnssec10.xa/127.15.10.32;ns2.nsec3param-q-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3PARAM-Q-RESPONSE-ERR-2 | DS10_NSEC3PARAM_QUERY_RESPONSE_ERR, DS10_HAS_NSEC3, DS10_INCONSISTENT_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3PARAM-Q-RESPONSE-ERR-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.14 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC3 ns_list=ns1.nsec3param-q-response-err-2.dnssec10.xa/127.15.10.31;ns1.nsec3param-q-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-q-response-err-2.dnssec10.xa/127.15.10.32;ns2.nsec3param-q-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.14 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3param-q-response-err-2.dnssec10.xa/127.15.10.31;ns1.nsec3param-q-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-q-response-err-2.dnssec10.xa/127.15.10.32;ns2.nsec3param-q-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.14 ERROR DNSSEC10 DS10_NSEC3PARAM_QUERY_RESPONSE_ERR ns_list=ns1.nsec3param-q-response-err-2.dnssec10.xa/127.15.10.31;ns1.nsec3param-q-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3param-q-response-err-2.dnssec10.xa/127.15.10.32;ns2.nsec3param-q-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3PARAM-Q-RESPONSE-ERR-3 | DS10_NSEC3PARAM_QUERY_RESPONSE_ERR, DS10_EXPECTED_NSEC_NSEC3_MISSING, DS10_INCONSISTENT_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3PARAM-Q-RESPONSE-ERR-3.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.14 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3param-q-response-err-3.dnssec10.xa/127.15.10.31;ns1.nsec3param-q-response-err-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
0.14 ERROR DNSSEC10 DS10_EXPECTED_NSEC_NSEC3_MISSING ns_list=ns2.nsec3param-q-response-err-3.dnssec10.xa/127.15.10.32;ns2.nsec3param-q-response-err-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> Not OK -- test zone cannot be correctly created
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-ERR-TYPE-LIST-1 | DS10_NSEC3_ERR_TYPE_LIST, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-ERR-TYPE-LIST-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-err-type-list-1.dnssec10.xa/127.15.10.31;ns1.nsec3-err-type-list-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-err-type-list-1.dnssec10.xa/127.15.10.32;ns2.nsec3-err-type-list-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_ERR_TYPE_LIST ns_list=ns1.nsec3-err-type-list-1.dnssec10.xa/127.15.10.31;ns1.nsec3-err-type-list-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-err-type-list-1.dnssec10.xa/127.15.10.32;ns2.nsec3-err-type-list-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-ERR-TYPE-LIST-2 | DS10_NSEC3_ERR_TYPE_LIST, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-ERR-TYPE-LIST-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-err-type-list-2.dnssec10.xa/127.15.10.31;ns1.nsec3-err-type-list-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-err-type-list-2.dnssec10.xa/127.15.10.32;ns2.nsec3-err-type-list-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_ERR_TYPE_LIST ns_list=ns1.nsec3-err-type-list-2.dnssec10.xa/127.15.10.31;ns1.nsec3-err-type-list-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-err-type-list-2.dnssec10.xa/127.15.10.32;ns2.nsec3-err-type-list-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-MISMATCHES-APEX-1 | DS10_NSEC3_MISMATCHES_APEX, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-MISMATCHES-APEX-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-mismatches-apex-1.dnssec10.xa/127.15.10.31;ns1.nsec3-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-mismatches-apex-1.dnssec10.xa/127.15.10.32;ns2.nsec3-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_MISMATCHES_APEX ns_list=ns1.nsec3-mismatches-apex-1.dnssec10.xa/127.15.10.31;ns1.nsec3-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-mismatches-apex-1.dnssec10.xa/127.15.10.32;ns2.nsec3-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-MISSING-SIGNATURE-1 | DS10_NSEC3_MISSING_SIGNATURE, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-MISSING-SIGNATURE-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-missing-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec3-missing-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-missing-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec3-missing-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_MISSING_SIGNATURE ns_list=ns1.nsec3-missing-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec3-missing-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-missing-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec3-missing-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-NODATA-MISSING-SOA-1 | DS10_NSEC3_NODATA_MISSING_SOA, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-NODATA-MISSING-SOA-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-nodata-missing-soa-1.dnssec10.xa/127.15.10.31;ns1.nsec3-nodata-missing-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-nodata-missing-soa-1.dnssec10.xa/127.15.10.32;ns2.nsec3-nodata-missing-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_NODATA_MISSING_SOA ns_list=ns1.nsec3-nodata-missing-soa-1.dnssec10.xa/127.15.10.31;ns1.nsec3-nodata-missing-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-nodata-missing-soa-1.dnssec10.xa/127.15.10.32;ns2.nsec3-nodata-missing-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-NODATA-WRONG-SOA-1 | DS10_NSEC3_NODATA_WRONG_SOA, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-NODATA-WRONG-SOA-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-nodata-wrong-soa-1.dnssec10.xa/127.15.10.31;ns1.nsec3-nodata-wrong-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-nodata-wrong-soa-1.dnssec10.xa/127.15.10.32;ns2.nsec3-nodata-wrong-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_NODATA_WRONG_SOA domain=nsec3-nodata-wrong-soa-1.dnssec10.xa; ns_list=ns1.nsec3-nodata-wrong-soa-1.dnssec10.xa/127.15.10.31;ns1.nsec3-nodata-wrong-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-nodata-wrong-soa-1.dnssec10.xa/127.15.10.32;ns2.nsec3-nodata-wrong-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-NO-VERIFIED-SIGNATURE-1 | DS10_NSEC3_NO_VERIFIED_SIGNATURE, DS10_HAS_NSEC3, DS10_NSEC3_RRSIG_NO_DNSKEY | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-NO-VERIFIED-SIGNATURE-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-no-verified-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 WARNING DNSSEC10 DS10_NSEC3_RRSIG_NO_DNSKEY keytag=15463; ns_list=ns1.nsec3-no-verified-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_NO_VERIFIED_SIGNATURE ns_list=ns1.nsec3-no-verified-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-NO-VERIFIED-SIGNATURE-2 | DS10_NSEC3_NO_VERIFIED_SIGNATURE, DS10_HAS_NSEC3, DS10_NSEC3_RRSIG_EXPIRED | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-NO-VERIFIED-SIGNATURE-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-no-verified-signature-2.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-2.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_RRSIG_EXPIRED keytag=30336; ns_list=ns1.nsec3-no-verified-signature-2.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-2.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_NO_VERIFIED_SIGNATURE ns_list=ns1.nsec3-no-verified-signature-2.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-2.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-NO-VERIFIED-SIGNATURE-3 | DS10_NSEC3_NO_VERIFIED_SIGNATURE, DS10_HAS_NSEC3, DS10_NSEC3_RRSIG_NOT_YET_VALID | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-NO-VERIFIED-SIGNATURE-3.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-no-verified-signature-3.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-3.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_RRSIG_NOT_YET_VALID keytag=63488; ns_list=ns1.nsec3-no-verified-signature-3.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-3.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_NO_VERIFIED_SIGNATURE ns_list=ns1.nsec3-no-verified-signature-3.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-3.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC3-NO-VERIFIED-SIGNATURE-4 | DS10_NSEC3_NO_VERIFIED_SIGNATURE, DS10_HAS_NSEC3, DS10_NSEC3_RRSIG_VERIFY_ERROR | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC3-NO-VERIFIED-SIGNATURE-4.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns1.nsec3-no-verified-signature-4.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-4.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_RRSIG_VERIFY_ERROR keytag=57697; ns_list=ns1.nsec3-no-verified-signature-4.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-4.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC3_NO_VERIFIED_SIGNATURE ns_list=ns1.nsec3-no-verified-signature-4.dnssec10.xa/127.15.10.31;ns1.nsec3-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec3-no-verified-signature-4.dnssec10.xa/127.15.10.32;ns2.nsec3-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-ERR-TYPE-LIST-1 | DS10_NSEC_ERR_TYPE_LIST, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-ERR-TYPE-LIST-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-err-type-list-1.dnssec10.xa/127.15.10.31;ns1.nsec-err-type-list-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-err-type-list-1.dnssec10.xa/127.15.10.32;ns2.nsec-err-type-list-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC_ERR_TYPE_LIST ns_list=ns1.nsec-err-type-list-1.dnssec10.xa/127.15.10.31;ns1.nsec-err-type-list-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-err-type-list-1.dnssec10.xa/127.15.10.32;ns2.nsec-err-type-list-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-ERR-TYPE-LIST-2 | DS10_NSEC_ERR_TYPE_LIST, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-ERR-TYPE-LIST-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-err-type-list-2.dnssec10.xa/127.15.10.31;ns1.nsec-err-type-list-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-err-type-list-2.dnssec10.xa/127.15.10.32;ns2.nsec-err-type-list-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC_ERR_TYPE_LIST ns_list=ns1.nsec-err-type-list-2.dnssec10.xa/127.15.10.31;ns1.nsec-err-type-list-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-err-type-list-2.dnssec10.xa/127.15.10.32;ns2.nsec-err-type-list-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-GIVES-ERR-ANSWER-1 | DS10_NSEC_GIVES_ERR_ANSWER, DS10_HAS_NSEC, DS10_INCONSISTENT_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-GIVES-ERR-ANSWER-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC ns_list=ns1.nsec-gives-err-answer-1.dnssec10.xa/127.15.10.31;ns1.nsec-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-gives-err-answer-1.dnssec10.xa/127.15.10.32;ns2.nsec-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-gives-err-answer-1.dnssec10.xa/127.15.10.31;ns1.nsec-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-gives-err-answer-1.dnssec10.xa/127.15.10.32;ns2.nsec-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC_GIVES_ERR_ANSWER ns_list=ns1.nsec-gives-err-answer-1.dnssec10.xa/127.15.10.31;ns1.nsec-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-gives-err-answer-1.dnssec10.xa/127.15.10.32;ns2.nsec-gives-err-answer-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-GIVES-ERR-ANSWER-2 | DS10_NSEC_GIVES_ERR_ANSWER, DS10_EXPECTED_NSEC_NSEC3_MISSING, DS10_INCONSISTENT_NSEC, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-GIVES-ERR-ANSWER-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC ns_list=ns1.nsec-gives-err-answer-2.dnssec10.xa/127.15.10.31;ns1.nsec-gives-err-answer-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
0.12 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-gives-err-answer-2.dnssec10.xa/127.15.10.31;ns1.nsec-gives-err-answer-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
0.12 ERROR DNSSEC10 DS10_NSEC_GIVES_ERR_ANSWER ns_list=ns1.nsec-gives-err-answer-2.dnssec10.xa/127.15.10.31;ns1.nsec-gives-err-answer-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
0.12 ERROR DNSSEC10 DS10_EXPECTED_NSEC_NSEC3_MISSING ns_list=ns2.nsec-gives-err-answer-2.dnssec10.xa/127.15.10.32;ns2.nsec-gives-err-answer-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-MISMATCHES-APEX-1 | DS10_NSEC_MISMATCHES_APEX, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-MISMATCHES-APEX-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-mismatches-apex-1.dnssec10.xa/127.15.10.31;ns1.nsec-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-mismatches-apex-1.dnssec10.xa/127.15.10.32;ns2.nsec-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC_MISMATCHES_APEX ns_list=ns1.nsec-mismatches-apex-1.dnssec10.xa/127.15.10.31;ns1.nsec-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-mismatches-apex-1.dnssec10.xa/127.15.10.32;ns2.nsec-mismatches-apex-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-MISMATCHES-APEX-2 | DS10_NSEC_MISMATCHES_APEX, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-MISMATCHES-APEX-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-mismatches-apex-2.dnssec10.xa/127.15.10.31;ns1.nsec-mismatches-apex-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-mismatches-apex-2.dnssec10.xa/127.15.10.32;ns2.nsec-mismatches-apex-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_NSEC_MISMATCHES_APEX ns_list=ns1.nsec-mismatches-apex-2.dnssec10.xa/127.15.10.31;ns1.nsec-mismatches-apex-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-mismatches-apex-2.dnssec10.xa/127.15.10.32;ns2.nsec-mismatches-apex-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-MISSING-SIGNATURE-1 | DS10_NSEC_MISSING_SIGNATURE, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-MISSING-SIGNATURE-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.13 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-missing-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec-missing-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-missing-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec-missing-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.13 ERROR DNSSEC10 DS10_NSEC_MISSING_SIGNATURE ns_list=ns1.nsec-missing-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec-missing-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-missing-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec-missing-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-NODATA-MISSING-SOA-1 | DS10_NSEC_NODATA_MISSING_SOA, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-NODATA-MISSING-SOA-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.15 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-nodata-missing-soa-1.dnssec10.xa/127.15.10.31;ns1.nsec-nodata-missing-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-nodata-missing-soa-1.dnssec10.xa/127.15.10.32;ns2.nsec-nodata-missing-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.15 ERROR DNSSEC10 DS10_NSEC_NODATA_MISSING_SOA ns_list=ns1.nsec-nodata-missing-soa-1.dnssec10.xa/127.15.10.31;ns1.nsec-nodata-missing-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-nodata-missing-soa-1.dnssec10.xa/127.15.10.32;ns2.nsec-nodata-missing-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-NODATA-WRONG-SOA-1 | DS10_NSEC_NODATA_WRONG_SOA, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-NODATA-WRONG-SOA-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.14 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-nodata-wrong-soa-1.dnssec10.xa/127.15.10.31;ns1.nsec-nodata-wrong-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-nodata-wrong-soa-1.dnssec10.xa/127.15.10.32;ns2.nsec-nodata-wrong-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.14 ERROR DNSSEC10 DS10_NSEC_NODATA_WRONG_SOA domain=nsec-nodata-wrong-soa-1.dnssec10.xa; ns_list=ns1.nsec-nodata-wrong-soa-1.dnssec10.xa/127.15.10.31;ns1.nsec-nodata-wrong-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-nodata-wrong-soa-1.dnssec10.xa/127.15.10.32;ns2.nsec-nodata-wrong-soa-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-NO-VERIFIED-SIGNATURE-1 | DS10_NSEC_NO_VERIFIED_SIGNATURE, DS10_HAS_NSEC, DS10_NSEC_RRSIG_NO_DNSKEY | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-NO-VERIFIED-SIGNATURE-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.18 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-no-verified-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.18 WARNING DNSSEC10 DS10_NSEC_RRSIG_NO_DNSKEY keytag=15434; ns_list=ns1.nsec-no-verified-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.18 ERROR DNSSEC10 DS10_NSEC_NO_VERIFIED_SIGNATURE ns_list=ns1.nsec-no-verified-signature-1.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-1.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-NO-VERIFIED-SIGNATURE-2 | DS10_NSEC_NO_VERIFIED_SIGNATURE, DS10_HAS_NSEC, DS10_NSEC_RRSIG_EXPIRED | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-NO-VERIFIED-SIGNATURE-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.14 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-no-verified-signature-2.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-2.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.14 ERROR DNSSEC10 DS10_NSEC_RRSIG_EXPIRED keytag=15237; ns_list=ns1.nsec-no-verified-signature-2.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-2.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.14 ERROR DNSSEC10 DS10_NSEC_NO_VERIFIED_SIGNATURE ns_list=ns1.nsec-no-verified-signature-2.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-2.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-NO-VERIFIED-SIGNATURE-3 | DS10_NSEC_NO_VERIFIED_SIGNATURE, DS10_HAS_NSEC, DS10_NSEC_RRSIG_NOT_YET_VALID| 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-NO-VERIFIED-SIGNATURE-3.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.17 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-no-verified-signature-3.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-3.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.17 ERROR DNSSEC10 DS10_NSEC_RRSIG_NOT_YET_VALID keytag=9266; ns_list=ns1.nsec-no-verified-signature-3.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-3.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.17 ERROR DNSSEC10 DS10_NSEC_NO_VERIFIED_SIGNATURE ns_list=ns1.nsec-no-verified-signature-3.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-3.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-NO-VERIFIED-SIGNATURE-4 | DS10_NSEC_NO_VERIFIED_SIGNATURE, DS10_HAS_NSEC, DS10_NSEC_RRSIG_VERIFY_ERROR | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-NO-VERIFIED-SIGNATURE-4.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.24 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-no-verified-signature-4.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-4.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.24 ERROR DNSSEC10 DS10_NSEC_RRSIG_VERIFY_ERROR keytag=37527; ns_list=ns1.nsec-no-verified-signature-4.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-4.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.24 ERROR DNSSEC10 DS10_NSEC_NO_VERIFIED_SIGNATURE ns_list=ns1.nsec-no-verified-signature-4.dnssec10.xa/127.15.10.31;ns1.nsec-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-no-verified-signature-4.dnssec10.xa/127.15.10.32;ns2.nsec-no-verified-signature-4.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-QUERY-RESPONSE-ERR-1 | DS10_NSEC_QUERY_RESPONSE_ERR, DS10_HAS_NSEC, DS10_INCONSISTENT_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-QUERY-RESPONSE-ERR-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
40.25 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC ns_list=ns1.nsec-query-response-err-1.dnssec10.xa/127.15.10.31;ns1.nsec-query-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-query-response-err-1.dnssec10.xa/127.15.10.32;ns2.nsec-query-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
40.25 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-query-response-err-1.dnssec10.xa/127.15.10.31;ns1.nsec-query-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-query-response-err-1.dnssec10.xa/127.15.10.32;ns2.nsec-query-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
40.25 ERROR DNSSEC10 DS10_NSEC_QUERY_RESPONSE_ERR ns_list=ns1.nsec-query-response-err-1.dnssec10.xa/127.15.10.31;ns1.nsec-query-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-query-response-err-1.dnssec10.xa/127.15.10.32;ns2.nsec-query-response-err-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
NSEC-QUERY-RESPONSE-ERR-2 | DS10_NSEC_QUERY_RESPONSE_ERR, DS10_HAS_NSEC, DS10_INCONSISTENT_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-QUERY-RESPONSE-ERR-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.14 ERROR DNSSEC10 DS10_INCONSISTENT_NSEC ns_list=ns1.nsec-query-response-err-2.dnssec10.xa/127.15.10.31;ns1.nsec-query-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-query-response-err-2.dnssec10.xa/127.15.10.32;ns2.nsec-query-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.15 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-query-response-err-2.dnssec10.xa/127.15.10.31;ns1.nsec-query-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-query-response-err-2.dnssec10.xa/127.15.10.32;ns2.nsec-query-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.15 ERROR DNSSEC10 DS10_NSEC_QUERY_RESPONSE_ERR ns_list=ns1.nsec-query-response-err-2.dnssec10.xa/127.15.10.31;ns1.nsec-query-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.nsec-query-response-err-2.dnssec10.xa/127.15.10.32;ns2.nsec-query-response-err-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:------------------------------------------------------------------------------------------|:--------------------
NSEC-QUERY-RESPONSE-ERR-3 | DS10_NSEC_QUERY_RESPONSE_ERR, DS10_EXPECTED_NSEC_NSEC3_MISSING, , DS10_INCONSISTENT_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw NSEC-QUERY-RESPONSE-ERR-3.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.14 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.nsec-query-response-err-3.dnssec10.xa/127.15.10.31;ns1.nsec-query-response-err-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
0.14 ERROR DNSSEC10 DS10_EXPECTED_NSEC_NSEC3_MISSING ns_list=ns2.nsec-query-response-err-3.dnssec10.xa/127.15.10.32;ns2.nsec-query-response-err-3.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> Not OK -- test zone cannot be correctly created
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
SERVER-NO-DNSSEC-1 | DS10_SERVER_NO_DNSSEC, DS10_HAS_NSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw SERVER-NO-DNSSEC-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.15 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns2.server-no-dnssec-1.dnssec10.xa/127.15.10.32;ns2.server-no-dnssec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.15 ERROR DNSSEC10 DS10_SERVER_NO_DNSSEC ns_list=ns1.server-no-dnssec-1.dnssec10.xa/127.15.10.31;ns1.server-no-dnssec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
SERVER-NO-DNSSEC-2 | DS10_SERVER_NO_DNSSEC, DS10_HAS_NSEC3 | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw SERVER-NO-DNSSEC-2.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.12 INFO DNSSEC10 DS10_HAS_NSEC3 ns_list=ns2.server-no-dnssec-2.dnssec10.xa/127.15.10.32;ns2.server-no-dnssec-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
0.12 ERROR DNSSEC10 DS10_SERVER_NO_DNSSEC ns_list=ns1.server-no-dnssec-2.dnssec10.xa/127.15.10.31;ns1.server-no-dnssec-2.dnssec10.xa/fda1:b2:c3:0:127:15:10:31
```
--> OK
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
ZONE-NO-DNSSEC-1 | DS10_ZONE_NO_DNSSEC | 2)
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw ZONE-NO-DNSSEC-1.dnssec10.xa
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.14 NOTICE DNSSEC10 DS10_ZONE_NO_DNSSEC ns_list=ns1.zone-no-dnssec-1.dnssec10.xa/127.15.10.31;ns1.zone-no-dnssec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.zone-no-dnssec-1.dnssec10.xa/127.15.10.32;ns2.zone-no-dnssec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```
--> OK
## zonemaster-cli commands and special run of some test scenarios
Scenario name | Mandatory message tag | Forbidden message tags
:------------------------------|:-----------------------------------------------------------------------------|:--------------------
GOOD-NSEC-1 | DS10_HAS_NSEC, IPV6_DISABLED | 2)
* (2) All tags except for those specified as "Mandatory message tags"
Here we run the same scenario GOOD-NSEC-1 as above, but with IPv6 disabled.
```
$ zonemaster-cli --show-testcase --level INFO --test dnssec10 --hints ../../COMMON/hintfile --raw GOOD-NSEC-1.dnssec10.xa --profile profile-no-ipv6.json
Loading profile from profile-no-ipv6.json.
0.00 INFO Unspecified GLOBAL_VERSION version=v6.0.0
0.07 INFO DNSSEC10 IPV6_DISABLED ns=ns1.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31; rrtype=DNSKEY
0.07 INFO DNSSEC10 IPV6_DISABLED ns=ns1.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31; rrtype=NSEC
0.07 INFO DNSSEC10 IPV6_DISABLED ns=ns1.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31; rrtype=NSEC3PARAM
0.07 INFO DNSSEC10 IPV6_DISABLED ns=ns2.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32; rrtype=DNSKEY
0.07 INFO DNSSEC10 IPV6_DISABLED ns=ns2.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32; rrtype=NSEC
0.08 INFO DNSSEC10 IPV6_DISABLED ns=ns2.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32; rrtype=NSEC3PARAM
0.08 INFO DNSSEC10 DS10_HAS_NSEC ns_list=ns1.good-nsec-1.dnssec10.xa/127.15.10.31;ns2.good-nsec-1.dnssec10.xa/127.15.10.32
0.08 ERROR DNSSEC10 DS10_EXPECTED_NSEC_NSEC3_MISSING ns_list=ns1.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:31;ns2.good-nsec-1.dnssec10.xa/fda1:b2:c3:0:127:15:10:32
```