# Zonemaster Test Case Specifications **Table of contents** * [Background] * [Mapping the Test Requirements to Test Case] * [Elaboration of the test case] * [Document hierarchy] * [Other documents] * [List of Defined Test Cases] ## Background This is the collection of **Test Case** specifications for the Zonemaster project. All the details are in the [Master Test Plan]. * The test cases that has been elaborated as Test Case specifications have been defined as a list of [test requirements]. Each test falls under a specific category. * The document hierarchy of the Test Case specifications could be found in the [Master Test Plan]. ## Mapping the Test Requirements to Test Case * Each test level has been separated into a separate directory below this directory. * Under each test level directory there is a level document (README.md) describing the test level. Links are found below. * The Test Cases are listed below. The mapping from Test Requirement to Test Case is found in the [Test requirements] document. ## Elaboration of the Test Case Test cases are written for almost all Test Requirements. There could be the case that a requirement can be implemented by doing more test cases than one, or that several requirements are solved by only one test case. ## Document hierarchy Each Test Level described in [Master Test Plan] should be linked directly to the correct level document (the README.md in the test level directory). The level documents are found here: * [Address-TP] * [Basic-TP] * [Connectivity-TP] * [Consistency-TP] * [DNSSEC-TP] * [Delegation-TP] * [Nameserver-TP] * [Syntax-TP] * [Zone-TP] ## Other documents The following documents are linked from and used by the Test Case specifications listed in the table below: * [DNS Query and Response Defaults] * [Methods common to Test Case Specifications (version 1)] * [Methods common to Test Case Specifications (version 2)] * [Requirements and normalization of domain names in input] * [Severity Level Definitions] The following documents are useful documents when studying the Test Case specifications: * [Mapping test messages to Test Cases] * [Implemented Test Cases] * [Zonemaster Master Test Plan] [Address-TP]: Address-TP/README.md [Background]: #background [Basic-TP]: Basic-TP/README.md [Connectivity-TP]: Connectivity-TP/README.md [Consistency-TP]: Consistency-TP/README.md [DNS Query and Response Defaults]: DNSQueryAndResponseDefaults.md [DNSSEC-TP]: DNSSEC-TP/README.md [Delegation-TP]: Delegation-TP/README.md [Document Hierarchy]: #document-hierarchy [Elaboration of the test case]: #elaboration-of-the-test-case [Implemented Test Cases]: ImplementedTestCases.md [List of Defined Test Cases]: #list-of-defined-test-cases [Mapping test messages to Test Cases]: TestMessages.md [Mapping the Test Requirements to Test Case]: #mapping-the-test-requirements-to-test-case [Master Test Plan]: MasterTestPlan.md [Methods common to Test Case Specifications (version 1)]: Methods.md [Methods common to Test Case Specifications (version 2)]: MethodsV2.md [Nameserver-TP]: Nameserver-TP/README.md [Other documents]: #other-documents [Requirements and normalization of domain names in input]: RequirementsAndNormalizationOfDomainNames.md [Severity Level Definitions]: SeverityLevelDefinitions.md [Syntax-TP]: Syntax-TP/README.md [Test requirements]: https://github.com/zonemaster/zonemaster/blob/master/docs/internal/test-requirements/TestRequirements.md [Zone-TP]: Zone-TP/README.md [Zonemaster Master Test Plan]: MasterTestPlan.md ## List of Defined Test Cases |Test Plan/Test Case |Test Case Description| |:-------------------|:--------------------| |**Address-TP**| | |[ADDRESS01](Address-TP/address01.md)|Name server address must be globally reachable| |[ADDRESS02](Address-TP/address02.md)|Reverse DNS entry exists for name server IP address| |[ADDRESS03](Address-TP/address03.md)|Reverse DNS entry matches name server name| |**Basic-TP**| | |[BASIC01](Basic-TP/basic01.md)|Check for the parent zone and the zone itself| |[BASIC02](Basic-TP/basic02.md)|The domain must have at least one working name server| |[BASIC03](Basic-TP/basic03.md)|The _Broken but functional_ test| |**Connectivity-TP**| | |[CONNECTIVITY01](Connectivity-TP/connectivity01.md)|UDP connectivity to name servers| |[CONNECTIVITY02](Connectivity-TP/connectivity02.md)|TCP connectivity to name servers| |[CONNECTIVITY03](Connectivity-TP/connectivity03.md)|AS Diversity| |[CONNECTIVITY04](Connectivity-TP/connectivity04.md)|IP Prefix Diversity| |**Consistency-TP**| | |[CONSISTENCY01](Consistency-TP/consistency01.md)|SOA serial number consistency| |[CONSISTENCY02](Consistency-TP/consistency02.md)|SOA RNAME consistency| |[CONSISTENCY03](Consistency-TP/consistency03.md)|SOA timers consistency| |[CONSISTENCY04](Consistency-TP/consistency04.md)|Name server NS consistency| |[CONSISTENCY05](Consistency-TP/consistency05.md)|Consistency between glue and authoritative data| |[CONSISTENCY06](Consistency-TP/consistency06.md)|SOA MNAME consistency| |**DNSSEC-TP**| | |[DNSSEC01](DNSSEC-TP/dnssec01.md)|Legal values for the DS hash digest algorithm| |[DNSSEC02](DNSSEC-TP/dnssec02.md)|DS must match a valid DNSKEY in the child zone| |[DNSSEC03](DNSSEC-TP/dnssec03.md)|Verify NSEC3 parameters| |[DNSSEC04](DNSSEC-TP/dnssec04.md)|Check for too short or too long RRSIG lifetimes| |[DNSSEC05](DNSSEC-TP/dnssec05.md)|Check for invalid DNSKEY algorithms| |[DNSSEC06](DNSSEC-TP/dnssec06.md)|Verify DNSSEC additional processing| |[DNSSEC07](DNSSEC-TP/dnssec07.md)|DNSSEC signed zone and DS in parent for signed zone| |[DNSSEC08](DNSSEC-TP/dnssec08.md)|Valid RRSIG for DNSKEY| |[DNSSEC09](DNSSEC-TP/dnssec09.md)|RRSIG(SOA) must be valid and created by a valid DNSKEY| |[DNSSEC10](DNSSEC-TP/dnssec10.md)|Zone contains NSEC or NSEC3 records| |[DNSSEC11](DNSSEC-TP/dnssec11.md)|DS in delegation requires signed zone| |[DNSSEC12](DNSSEC-TP/dnssec12.md)|Test for DNSSEC Algorithm Completeness| |[DNSSEC13](DNSSEC-TP/dnssec13.md)|All DNSKEY algorithms used to sign the zone| |[DNSSEC14](DNSSEC-TP/dnssec14.md)|Check for valid RSA DNSKEY key size| |[DNSSEC15](DNSSEC-TP/dnssec15.md)|Existence of CDS and CDNSKEY| |[DNSSEC16](DNSSEC-TP/dnssec16.md)|Validate CDS| |[DNSSEC17](DNSSEC-TP/dnssec17.md)|Validate CDNSKEY| |[DNSSEC18](DNSSEC-TP/dnssec18.md)|Validate trust from DS to CDS and CDNSKEY| |**Delegation-TP**| | |[DELEGATION01](Delegation-TP/delegation01.md)|Minimum number of name servers | |[DELEGATION02](Delegation-TP/delegation02.md)|Name servers must have distinct IP addresses| |[DELEGATION03](Delegation-TP/delegation03.md)|No truncation of referrals| |[DELEGATION04](Delegation-TP/delegation04.md)|Name server is authoritative| |[DELEGATION05](Delegation-TP/delegation05.md)|Name server must not point at CNAME alias| |[DELEGATION06](Delegation-TP/delegation06.md)|Existence of SOA| |[DELEGATION07](Delegation-TP/delegation07.md)|Parent glue name records present in child| |**Nameserver-TP**| | |[NAMESERVER01](Nameserver-TP/nameserver01.md)|A name server should not be a recursor| |[NAMESERVER02](Nameserver-TP/nameserver02.md)|Test of EDNS0 support| |[NAMESERVER03](Nameserver-TP/nameserver03.md)|Test availability of zone transfer (AXFR)| |[NAMESERVER04](Nameserver-TP/nameserver04.md)|Same source address| |[NAMESERVER05](Nameserver-TP/nameserver05.md)|Behaviour against AAAA query| |[NAMESERVER06](Nameserver-TP/nameserver06.md)|NS can be resolved| |[NAMESERVER07](Nameserver-TP/nameserver07.md)|To check whether authoritative name servers return an upward referral| |[NAMESERVER08](Nameserver-TP/nameserver08.md)|Testing QNAME case insensitivity | |[NAMESERVER09](Nameserver-TP/nameserver09.md)|Testing QNAME case sensitivity| |[NAMESERVER10](Nameserver-TP/nameserver10.md)|Test for undefined EDNS version| |[NAMESERVER11](Nameserver-TP/nameserver11.md)|Test for unknown EDNS OPTION-CODE| |[NAMESERVER12](Nameserver-TP/nameserver12.md)|Test for unknown EDNS flags| |[NAMESERVER13](Nameserver-TP/nameserver13.md)|Test for truncated response on EDNS query| |[NAMESERVER15](Nameserver-TP/nameserver15.md)|Checking for revealed software version| |**Syntax-TP**| | |[SYNTAX01](Syntax-TP/syntax01.md)|No illegal characters in the domain name| |[SYNTAX02](Syntax-TP/syntax02.md)|No hyphen ('-') at the start or end of the domain name| |[SYNTAX03](Syntax-TP/syntax03.md)|There must be no double hyphen ('--') in position 3 and 4 of the domain name| |[SYNTAX04](Syntax-TP/syntax04.md)|The NS name must have a valid domain/hostname| |[SYNTAX05](Syntax-TP/syntax05.md)|Misuse of '@' character in the SOA RNAME field| |[SYNTAX06](Syntax-TP/syntax06.md)|No illegal characters in the SOA RNAME field| |[SYNTAX07](Syntax-TP/syntax07.md)|No illegal characters in the SOA MNAME field| |[SYNTAX08](Syntax-TP/syntax08.md)|MX name must have a valid hostname| |**Zone-TP**| | |[ZONE01](Zone-TP/zone01.md)|Fully qualified master nameserver in SOA| |[ZONE02](Zone-TP/zone02.md)|SOA 'refresh' minimum value| |[ZONE03](Zone-TP/zone03.md)|SOA 'retry' lower than 'refresh'| |[ZONE04](Zone-TP/zone04.md)|SOA 'retry' at least 1 hour| |[ZONE05](Zone-TP/zone05.md)|SOA 'expire' minimum value| |[ZONE06](Zone-TP/zone06.md)|SOA 'minimum' maximum value| |[ZONE07](Zone-TP/zone07.md)|SOA master is not an alias| |[ZONE08](Zone-TP/zone08.md)|MX is not an alias| |[ZONE09](Zone-TP/zone09.md)|MX record present| |[ZONE10](Zone-TP/zone10.md)|No multiple SOA records| |[ZONE11](Zone-TP/zone11.md)|SPF policy validation|