CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add full Zonemaster stack with Docker and Spanish UI

Browse Source 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-04-21 08:19:24 +02:00
commit 8d4eaa1489
1567 changed files with 204155 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
zonemaster/test-zone-data/utils/README.md Normal file
View File

@@ -0,0 +1,18 @@
# Utilities for test zones
## keytag-from-dnskey
The [keytag-from-dnskey](keytag-from-dnskey) utility provides the key tag for a
DNSKEY record. Run `keytag-from-dnskey --help` for manual.
## sign-rrset
The [sign-rrset](sign-rrset) utility creates a valid RRSIG for an RRset using
the private key provided. Run `sign-rrset --help` for manual.
## verify-rrset
The [verify-rrset](verify-rrset) utility verifies if the provided RRSIG is a
valid signature for the given RRset using the provided DNSKEY. Run
`verify-rrset --help` for manual.

61
zonemaster/test-zone-data/utils/keytag-from-dnskey Executable file
View File

@@ -0,0 +1,61 @@
#!/usr/bin/env perl
=pod
=head1 SUMMARY
This script calculates and reports the key tag of provided DNSKEY
records.
=head1 SYNOPSIS
cat data-file | keytag-from-dnskey.pl
keytag-from-dnskey.pl
=head1 DATA FILE
Create a file with the complete DNSKEY records. The key tag of the DNSKEY
records will be reported in the order they are provided. You can freely add
comment lines starting with "#" anywhere.
=head1 EXAMPLE FILE
=begin text
nsec3-nodata-missing-soa-1.dnssec10.xa. 86400 IN DNSKEY 256 3 13 UXX/6XrJ3E9AX9X+4wAYzSJYLzvndC8Ga6EtZ3uRT2VDBM5fcWwXK4Sj TEpCSIjSo5Vd3PwxLDOfd6KQXDxsTA==
nsec3-nodata-missing-soa-1.dnssec10.xa. 86400 IN DNSKEY 257 3 13 2WNTg518FYvoS+z1975+VslncFZRfSrd6nX+mQXOT1fycnoa7OU0RURW 846oEfXCdBzfIGwiemQZm4S3kxMrsA==
=end text
=cut
use 5.16.0;
use warnings;
use Net::DNS::SEC 1.26;
use Net::DNS 1.47;
use Getopt::Long;
use Pod::Usage;
my ( $key, $exp, $inc, $help );
GetOptions( 'help' => \$help
);
if ( $help ) {
pod2usage(-verbose => 99);
exit 0;
}
while( my $line = <> ) {
chomp ( $line );
next if $line =~ /^\s*$/;
next if $line =~ /^#/;
my $rrref = Net::DNS::RR->new( $line );
say $rrref->keytag;
}

99
zonemaster/test-zone-data/utils/sign-rrset Executable file
View File

@@ -0,0 +1,99 @@
#!/usr/bin/env perl
=pod
=head1 SUMMARY
This script supports signing an RRset (one or more DNS records)
by the provided private key
=head1 SYNOPSIS
cat data-file | sign-rrset.pl --key KEY --exp DATETIME --inc DATETIME
sign-rrset.pl --help
=over 3
=item *
KEY is the file with the private key matching the intended DNSKEY record.
=item *
DATETIME is the date-time in the format "YYYYMMDDHHMMSS" for RRSIG expiration (--exp)
and RRSIG inception (--inc) respectively.
=back
=head1 DATA FILE
Create a file with the complete RRset to be signed. You can freely add
comment lines starting with "#" anywhere.
=head1 EXAMPLE FILE
=begin text
err-mult-nsec-1.dnssec10.xa. 86400 IN NSEC ns1.err-mult-nsec-1.dnssec10.xa. NS SOA RRSIG NSEC DNSKEY TYPE65534
err-mult-nsec-1.dnssec10.xa. 86400 IN NSEC www.err-mult-nsec-1.dnssec10.xa. NS SOA RRSIG NSEC DNSKEY TYPE65534
=end text
=cut
use 5.16.0;
use warnings;
use Net::DNS::SEC 1.26;
use Net::DNS 1.47;
use Getopt::Long;
use Pod::Usage;
my ( $key, $exp, $inc, $help );
GetOptions( 'key=s' => \$key,
'exp=s' => \$exp,
'inc=s' => \$inc,
'help' => \$help
);
if ( $help ) {
pod2usage(-verbose => 99);
exit 0;
}
unless ( $key ) {
say STDERR "Missing private key file";
say STDERR "Run with --help to get help";
exit 1;
}
unless ( $exp and $inc ) {
say STDERR "Missing expiration and/or inception value";
say STDERR "Run with --help to get help";
exit 1;
}
my @rrsetref; # List of references to RRs.
while( my $line = <> ) {
chomp ( $line );
next if $line =~ /^\s*$/;
next if $line =~ /^#/;
my $rrref = Net::DNS::RR->new( $line );
push ( @rrsetref, $rrref );
}
unless ( @rrsetref ) {
say "Missing RRset to sign";
say STDERR "Run with --help to get help";
exit 1;
};
my $private = Net::DNS::SEC::Private->new($key);
my $sigrr= Net::DNS::RR::RRSIG->create( \@rrsetref, $private, sigex => $exp, sigin => $inc );
say $sigrr->plain;

133
zonemaster/test-zone-data/utils/verify-rrset Executable file
View File

@@ -0,0 +1,133 @@
#!/usr/bin/env perl
=pod
=head1 SUMMARY
This script verifies that the provided RRSIG signs the
the provided RRset by checking against the provided
DNSKEY.
=head1 SYNOPSIS
cat data-file | verify-rrset.pl
verify-rrset.pl --help
=head1 DATA FILE
Create a file with the entire RRset, the RRSIG record
and the matching DNSKEY record. The records must be
in that specific order.
=over 3
=item *
All records in an RRset must have the same type and the same
owner name.
=item *
There must be at least one record in the RRset, but there may
be multiple records. Some records such as NSEC must normally
not be more than one of in a RRset, but here that is permitted.
=item *
There must be exactly one RRSIG, and its owner name must be
the same as the RRset.
=item *
There must be exactly one DNSKEY.
=item *
Comment lines starting with "#" are permitted.
=back
=head1 EXAMPLE FILE
=begin text
err-mult-nsec-1.dnssec10.xa. 86400 IN NSEC ns1.err-mult-nsec-1.dnssec10.xa. NS SOA RRSIG NSEC DNSKEY TYPE65534
err-mult-nsec-1.dnssec10.xa. 86400 IN NSEC www.err-mult-nsec-1.dnssec10.xa. NS SOA RRSIG NSEC DNSKEY TYPE65534
err-mult-nsec-1.dnssec10.xa. 86400 IN RRSIG NSEC 13 3 86400 20320923032719 20240925135938 58097 err-mult-nsec-1.dnssec10.xa. loXyRdLZF9LWOOMLBl9Y8O4lRjoCiZVnnczuvlPxblX34Jy3tM+6IFmtHAUyU/6hLuoZ1H2BwYjN MSx2n95/lg==
err-mult-nsec-1.dnssec10.xa. 86400 IN DNSKEY 256 3 13 5H2z0t6sesAGCzY5ayLWpN5s2y7HUq/TWFeZ4tAEvAPhmX6rtM5AkEAm G3QnVSfQN3u5wirEC9/JDqm2G3wJkA==
=end text
=cut
use 5.16.0;
use warnings;
use Net::DNS::SEC 1.26;
use Net::DNS 1.47;
use Getopt::Long;
use Pod::Usage;
my ( $help );
GetOptions( 'help' => \$help
);
if ( $help ) {
pod2usage(-verbose => 99);
exit 0;
}
my ( $section ) = 'RRSET';
my ( $rrsig );
my ( @rrsetref );
my ( $keyrr );
my ( $rrsettype ) = '';
my ( $ownername ) = '';
my ( $rrsetfound ) = 0;
my ( $rrsigfound ) = 0;
my ( $keyrrfound ) = 0;
while( my $line = <> ) {
chomp ( $line );
next if $line =~ /^\s*$/;
next if $line =~ /^#/;
my $rr = Net::DNS::RR->new( $line );
# say "DEBUG: " . $rr->type;
if ( $rr->type eq 'RRSIG' ) {
die "ERROR: The RRset must be listed before the RRSIG.\n" unless $rrsetfound;
die "ERROR: Only one RRSIG may be included.\n" if $rrsigfound;
if ($rr->owner ne $ownername ) {
die "ERROR: RRSIG must have the same owner name as the RRset.\n";
}
$rrsig = $rr;
$rrsigfound = 1;
} elsif ( $rr->type eq 'DNSKEY' and $rrsigfound ) {
die "ERROR: Only one DNSKEY may be included.\n" if $keyrrfound;
$keyrr = $rr;
$keyrrfound = 1;
} elsif ($keyrrfound) {
die "ERROR: DNSKEY must be the last record.\n" if $keyrrfound;
} else {
if ( $rrsettype) {
if ($rr->type ne $rrsettype ) {
die "ERROR: All records in the RRset must have the same type.\n";
}
if ($rr->owner ne $ownername ) {
die "ERROR: All records in the RRset must have the same owner name.\n";
}
} else {
$rrsettype = $rr->type;
$ownername = $rr->owner;
$rrsetfound = 1;
};
push ( @rrsetref, $rr );
}
}
die "ERROR: Missing RRset\n" unless $rrsetfound;
die "ERROR: Missing RRSIG\n" unless $rrsigfound;
die "ERROR: Missing DNSKEY\n" unless $keyrrfound;
my $verify = $rrsig->verify( \@rrsetref, $keyrr );
if ($verify) {
say 'Verified.';
} else {
say 'Verify ERROR: ' . $rrsig->vrfyerrstr;
}