CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add full Zonemaster stack with Docker and Spanish UI

Browse Source 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-04-21 08:19:24 +02:00
commit 8d4eaa1489
1567 changed files with 204155 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
zonemaster/test-zone-data/DNSSEC-TP/dnssec16/README.md Normal file
View File

@@ -0,0 +1,190 @@
# DNSSEC16
[This directory](.), i.e. the same directory as this README file, holds
zone files and `coredns` configuration files for scenarios for test case DNSSEC16:
* CDS-INVALID-RRSIG
* CDS-MATCHES-NO-DNSKEY
* CDS-MATCHES-NON-SEP-DNSKEY
* CDS-MATCHES-NON-ZONE-DNSKEY
* CDS-NOT-SIGNED-BY-CDS
* CDS-SIGNED-BY-UNKNOWN-DNSKEY
* CDS-UNSIGNED
* CDS-WITHOUT-DNSKEY
* DELETE-CDS
* DNSKEY-NOT-SIGNED-BY-CDS
* MIXED-DELETE-CDS
* NO-CDS
* NOT-AA
* VALID-CDS
## zonemaster-cli commands and their output for each test scenario
The level (`--level`) must be set to the lowest level of the message tags. For
this test case `INFO` is the lowest level.
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
CDS-INVALID-RRSIG | DS16\_CDS\_INVALID\_RRSIG | DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli cds-invalid-rrsig.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_CDS_INVALID_RRSIG keytag=33526; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
CDS-MATCHES-NO-DNSKEY | DS16\_CDS\_MATCHES\_NO\_DNSKEY | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli cds-matches-no-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 WARNING DS16_CDS_MATCHES_NO_DNSKEY keytag=50692; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
CDS-MATCHES-NON-SEP-DNSKEY | DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli cds-matches-non-sep-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.09 NOTICE DS16_CDS_MATCHES_NON_SEP_DNSKEY keytag=14693; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
CDS-MATCHES-NON-ZONE-DNSKEY | DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli cds-matches-non-zone-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_CDS_MATCHES_NON_ZONE_DNSKEY keytag=41627; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
CDS-NOT-SIGNED-BY-CDS | DS16\_CDS\_NOT\_SIGNED\_BY\_CDS | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli cds-not-signed-by-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.09 NOTICE DS16_CDS_NOT_SIGNED_BY_CDS keytag=46227; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
CDS-SIGNED-BY-UNKNOWN-DNSKEY | DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli cds-signed-by-unknown-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY keytag=30573; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
CDS-UNSIGNED | DS16\_CDS\_UNSIGNED, DS16_CDS_NOT_SIGNED_BY_CDS | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli cds-unsigned.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 NOTICE DS16_CDS_NOT_SIGNED_BY_CDS keytag=24862; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
0.08 ERROR DS16_CDS_UNSIGNED ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
CDS-WITHOUT-DNSKEY | DS16\_CDS\_WITHOUT\_DNSKEY | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli cds-without-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_CDS_WITHOUT_DNSKEY ns_ip_list=127.15.16.32;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
DELETE-CDS | DS16\_DELETE\_CDS | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli delete-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 INFO DS16_DELETE_CDS ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
DNSKEY-NOT-SIGNED-BY-CDS | DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli dnskey-not-signed-by-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 WARNING DS16_DNSKEY_NOT_SIGNED_BY_CDS keytag=63201; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
MIXED-DELETE-CDS | DS16\_MIXED\_DELETE\_CDS | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS
```
$ zonemaster-cli mixed-delete-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_MIXED_DELETE_CDS ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
NO-CDS | (none) | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli no-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
NOT-AA | (none) | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli not-aa.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
```
-> OK
Scenario name | Mandatory message tags | Forbidden message tags
:----------------------------|:--------------------------------------------------|:-------------------------------------------
VALID-CDS | (none) | DS16\_CDS\_INVALID\_RRSIG, DS16\_CDS\_MATCHES\_NON\_SEP\_DNSKEY, DS16\_CDS\_MATCHES\_NON\_ZONE\_DNSKEY, DS16\_CDS\_MATCHES\_NO\_DNSKEY, DS16\_CDS\_NOT\_SIGNED\_BY\_CDS, DS16\_CDS\_SIGNED\_BY\_UNKNOWN\_DNSKEY, DS16\_CDS\_UNSIGNED, DS16\_CDS\_WITHOUT\_DNSKEY, DS16\_DELETE\_CDS, DS16\_DNSKEY\_NOT\_SIGNED\_BY\_CDS, DS16\_MIXED\_DELETE\_CDS
```
$ zonemaster-cli valid-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
```
-> OK