CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
zonemaster.es/zonemaster/docs/public/specifications/tests/MethodsV2.md
Malin 8d4eaa1489 feat: add full Zonemaster stack with Docker and Spanish UI 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00

1100 lines
42 KiB
Markdown
Raw Permalink Blame History

# Methods common to Test Case Specifications (version 2)
## Table of contents
* [Objective](#objective)
* [Scope](#scope)
* [Internal Methods](#internal-methods)
* [Methods Inputs]
* [Method: Get parent NS names and IP addresses][Get-Parent-NS-Names-and-IPs]
* [Method: Get parent NS IP addresses][Get-Parent-NS-IPs]
* [Method: Get delegation NS names and IP addresses][Get-Del-NS-Names-and-IPs]
* [Method: Get delegation NS names][Get-Del-NS-Names]
* [Method: Get delegation NS IP addresses][Get-Del-NS-IPs]
* [Method: Get zone NS names][Get-Zone-NS-Names]
* [Method: Get zone NS names and IP addresses][Get-Zone-NS-Names-and-IPs]
* [Method: Get zone NS IP addresses][Get-Zone-NS-IPs]
* [Method: Get delegation (Internal)][Get-Delegation]
* [Method: Get in-bailiwick address records in zone (Internal)][Get-IB-Addr-in-Zone]
* [Method: Get out-of-bailiwick ip addresses (Internal)][Get-OOB-IPs]
* [Method inter-dependencies](#method-inter-dependencies)
* [Terminology](#terminology)
## Objective
The Methods are used in, and referred from, the Test Case specifications as
shortcuts for steps shared between Test Cases. A Test Case that makes use of any
of the Methods defined in this document must refer directly to the
specific Method or Methods.
[To top]
## Scope
This document holds version 2 of the set of Methods. Version 1 is defined in
[Methods]. Methods from version 1 will be replaced by Methods from version 2 in
all Test Case specifications.
Before the transition all Test Cases specifications use version 1 ([Methods]).
During the transition it will be stated in each specification if the
Test Case uses Methods from version 1 ([Methods]) or Methods from version 2 (this
document). When the transition is completed, the version 1 document will be
removed.
In these Methods any DS record data in *Undelegated Data* is disregarded. If
with *Child Zone* DS record data is provided, but no name server data, then the
will here be treated as "normal test", not "undelegated test".
[To top]
## Internal methods
Methods, in this document, that are referred to as *Internal* or
*Internal Method* must not be referred to from the Test Case specifications.
*Internal Methods* may only be referred to from Methods in this document. Test
Case specifications can freely refer to the other Methods.
[To top]
## Methods Inputs
The following input units are provided when a Method is executed and are
available to all Methods. All Methods, however, do not use all input units and
it is specified in the Method inputs subsections which units are used for the
specific Method.
* "Child Zone" - Mandatory data. The name of the zone to be tested. It must be
a [valid domain name].
* "Root Name Servers" - The default data is the IANA [Root Hints File] with
names and IP addresses of the root name servers, but that can optionally be
replaced by equivalent information to a private root zone. It must contain at
least one [valid name server name] with at least one [valid IP address].
* "Undelegated Data" - Optional data. If included it must consist of a set of
at least one [valid name server name] and for each name server name an optional
set of at least one [valid IP address]. The name servers and IP addresses
represent a possible delegation of *Child Zone* from its parent zone (may be
indetermined).
* "Test Type" - Derived data. It is set to "normal test" if *Undelegated Data* is
absent (empty) and to "undelegated test" if it is non-empty.
[To top]
## Method: Get parent NS names and IP addresses
### Method identifier
**Get-Parent-NS-Names-and-IPs**
### Objective
This Method will obtain the names and IP addresses of the name servers that
serve the parent zone, i.e. the zone from which the *Child Zone* is delegated
from.
This is done by finding the parent zone and then the name servers that serve the
parent zone. In case there is an inconsistency of which is the parent zone, the
list of name servers will be the gross list, i.e. rather include too much than
too little. Too much is always a result of incorrect configuration in the parent
zone or in a grand parent zone.
If *Child Zone* is the root zone, then there is by definition no parent zone and
no parent name servers.
If the test type is undelegated, then the information that the parent name
servers are supposed to provide included in the input data. In that case a list
of parent name servers has no meaning.
The Method will output a list of parent name server names and IP addresses. If
the zone is the root zone or if the test is an undelegated test, the list is
defined but empty. If the parent zone cannot be determined, then an undefined
list is returned.
Addresses for name servers (RDATA of NS records) are extracted even if the
resolution goes through CNAME. It is, however, not permitted for a NS record
to point at a name that has a CNAME, but that test is covered by Test Case
[Delegation05]. This method should extract as much as possible to find all
possible paths.
This Method must, in general, use the same algorithm as Test Case [Basic01], but
the test case extracts more information and outputs messages.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
* "Root Name Servers"
* "Test Type" - "[undelegated test]" or "normal test".
### Procedures
1. If the *Child Zone* is the root zone (".") then output empty set and exit
these procedures.
2. If the *Test Type* is "undelegated test" then output empty set and exit
these procedures.
3. Create the following empty sets:
1. Name server name, name server IP and zone name tuples ("Remaining
Servers").
2. Name server name, name server IP and zone name tuples ("Handled
Servers").
3. Parent name server name and IP address pairs ("Parent Name Servers").
4. Insert all names and addresses from *Root Name Servers* and the root zone
name into the *Remaining Servers* set.
> In the loop below, the steps tries to capture the name of the parent zone of
> **Child Zone** and the IP addresses of the name servers for that parent zone.
> This is done using a modified version of the "QNAME minimization" technique
> [RFC 9156]. SOA is the query type used for traversing the tree.
5. While the *Remaining Servers* is non-empty pick next name server name, IP
address and zone name tuple from the set ("Server Name", "Server Address"
and "Zone Name") and do:
1. Extract and remove the *Server Name*, *Server Address* and *Zone Name*
tuple from *Remaining Servers*.
2. Insert the *Server Name*, *Server Address* and *Zone Name* tuple into
*Handled Servers*.
3. If *Handled Servers* contains two or more tuples with the same
*Server Address* and *Zone Name* (but not necessarily the same *Server
Name*), then:
1. If an item exists in *Parent Name Servers* whose IP address equals
*Server Address*, then add the *Server Name* and *Server Address*
pair to the *Parent Name Servers* set.
2. Go to next server in *Remaining Servers*.
4. Create [DNS queries][DNS Query]:
1. Query type SOA and query name *Zone Name* ("Zone Name SOA Query").
2. Query type NS and query name *Zone Name* ("Zone Name NS Query").
5. [Send] *Zone Name SOA Query* to *Server Address*.
6. Go to next server in *Remaining Servers* if one or more of the following
matches:
* No DNS response.
* [RCODE Name] different from NoError in response.
* AA bit not set in response.
* Not exactly one SOA record in answer section
* Owner name of SOA record is not *Zone Name*.
7. [Send] *Zone Name NS Query* to *Server Address*.
8. Go to next server in *Remaining Servers* if one or more of the following
matches:
* No DNS response.
* [RCODE Name] different from NoError in response.
* AA bit not set in response.
* No NS records in answer section
* Owner name of any of the NS records is not *Zone Name*.
9. Extract the name server names from the NS records and any address records
in the additional section.
10. Do [DNS Lookup] of name server names (A and AAAA) not already listed in
the additional section of the response. If a CNAME is encountered,
follow the chain of CNAME records but use the original name as obtained
from the NS record RDATA when storing the data in the next substep.
1. For each IP address add the name server name, IP address and *Zone
Name* tuple to the *Remaining Servers* set, unless such a tuple
already exists in *Handled Servers*.
2. Ignore any failing lookups or lookups resulting in NODATA or NXDOMAIN.
11. Create "Intermediate Query Name" by copying *Zone Name* as start value.
12. Run a loop processing *Server Name* and *Server Address* (jumps back
here from the steps below).
1. Extend *Intermediate Query Name* by adding one more label to the left
by copying the equivalent label from *Child Zone*. (See "Example 1"
below.)
2. Create a [DNS Query] with query name
*Intermediate Query Name* and [query type] SOA
("Intermediate SOA query").
3. [Send] *Intermediate SOA Query* to *Server Address*. (See "Example 2"
below.)
4. Go to next server in *Remaining Servers* if there is no DNS response.
5. If the response has exactly one SOA record with owner name
*Intermediate Query Name* in the answer section, with the AA bit
set and [RCODE Name] NoError then do:
1. If *Intermediate Query Name* is equal to *Child Zone* then
1. Save the *Server Name* and *Server Address* pair to the
*Parent Name Servers* set.
2. Go to next server in *Remaining Servers*.
2. Else do:
1. Create a [DNS query][DNS Query] with query name
*Intermediate Query Name* and [query type] NS
("Intermediate NS query").
2. [Send] *Intermediate NS Query* to *Server Address*.
3. Go to next server in *Remaining Servers* if one or more of the
following matches:
* No DNS response.
* [RCODE Name] different from NoError in response.
* AA bit not set in response.
* No NS records in answer section.
* Owner name of any of the NS records is not *Intermediate Query Name*.
4. Extract the name server names from the NS records and any address
records in the additional section.
5. Do [DNS Lookup] of name server names (A and AAAA) not already
listed in the additional section of the response. If a CNAME
is encountered, follow the chain of CNAME records but use the
original name as obtained from the NS record RDATA when storing
the data in the next step.
6. For each name and IP address add the name, IP address and
*Intermediate Query Name* tuple to the *Remaining Servers* set,
unless such a tuple already exists in *Handled Servers*.
7. Set *Zone Name* to *Intermediate Query Name*.
8. Go back to the start of the loop.
6. Else, if the response contains a [Referral] of *Intermediate Query Name*
then do:
1. If *Intermediate Query Name* is equal to *Child Zone* then do:
1. Save the *Server Name* and *Server Address* pair to the
*Parent Name Servers* set.
2. Else do:
1. Extract the name server names from the NS records and any glue
records.
2. Do [DNS Lookup] of name server names (A and AAAA) not already
listed as glue record or records. Follow CNAME if provided.
3. For each name and IP address add the *Server Name*, *Server
Address* and *Intermediate Query Name* tuple to the *Remaining
Servers* set, unless such a tuple already exists in *Handled
Servers*.
3. Go to next server in *Remaining Servers*.
7. Else, if the [RCODE Name] is NoError and the AA is set then do:
1. If *Intermediate Query Name* is not equal to *Child Zone* then
go back to the start of the loop.
2. Else go to next server in *Remaining Servers*.
8. Else, go to next server in *Remaining Servers*.
> Examples referred to from the steps.
>
> Example 1: If *Child Zone* is "foo.bar.xa" and *Intermediate Query Name* is "."
> (root zone) then *Intermediate Query Name* becomes "xa". If it is "xa", it
> will become "bar.xa" instead.
>
> Example 2: An "bar.xa SOA" query to a name server for "xa".
6. If the *Parent Name Servers* set is non-empty then do:
1. Extract the list of name server names and IP addresses.
2. Return the following from the Method:
1. The extracted list of name server names and IP addresses (parent zone
name servers).
3. Exit these procedures.
7. If the *Parent Name Servers* set is empty then do:
1. Return the following from the Method:
1. Undefined value. (Parent name severs cannot be determined.)
2. Exit these procedures.
### Outputs
* A set of name server IP address for the parent zone:
* Non-empty set: The name servers have been identified.
* Empty set: Root zone or undelegated test.
* Undefined set: The name servers cannot be determined due to errors in the
delegation.
### Dependencies
None.
[To top]
## Method: Get parent NS IP addresses
### Method identifier
**Get-Parent-NS-IPs**
### Objective
This Method will obtain the IP addresses of the name servers that serve the
parent zone, i.e. the zone from which the *Child Zone* is delegated from.
The procedure is identical to the one used by
[Get-Parent-NS-Names-and-IPs], except that this Method only collects and
outputs IP addresses instead of name-IP address pairs.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
* "Root Name Servers"
* "Test Type" - "[undelegated test]" or "normal test".
### Procedures
1. Get the set of parent name servers by using [Get-Parent-NS-Names-and-IPs]
("Parent Name Servers").
2. If the *Parent Name Servers* set is undefined, then output an undefined set and
exit these procedures.
3. If the *Parent Name Servers* set is empty, then output an empty set and exit these
procedures.
4. Extract the IP addresses from *Parent Name Servers* and create a set of
unique addresses ("Parent NS IPs").
5. Output the *Parent NS IPs* set.
### Outputs
* A set of name server IP address for the parent zone:
* Non-empty set: The name servers have been identified.
* Empty set: Root zone or undelegated test.
* Undefined set: The name servers cannot be determined due to errors in the
delegation.
### Dependencies
This Method depends on [Get-Parent-NS-Names-and-IPs].
[To top]
## Method: Get delegation NS names and IP addresses
### Method identifier
**Get-Del-NS-Names-and-IPs**
### Objective
Obtain the name server names (from the NS records) and the IP addresses (from
Glue Records) from the delegation of the given zone (child zone) from
the parent zone. [Glue Records], if any, are address records for name
server names. Also obtain the IP addresses for the [Out-Of-Bailiwick] name
server names, if any. If the [Glue Records] include address records for
[Out-Of-Bailiwick] name servers they will be included twice, unless identical.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
### Procedures
1. Get the set of name servers where each unique name server name is linked to a
possibly empty set of its IP addresses by using Method [Get-Delegation]
("Name Servers").
2. If the *Name Servers* set is undefined, then output an undefined set and exit
these procedures.
3. If the *Name Servers* set is empty, then output an empty set and exit these
procedures.
4. Extract the set of [Out-Of-Bailiwick] name server names from *Name Servers*
("OOB Names").
5. Get the IP addresses for name server names in *OOB Names* by using Method
[Get-OOB-IPs] with *OOB Names* as input.
6. Merge the set returned from [Get-OOB-IPs] with *Name Servers*.
7. Output the *Name Servers* set.
### Outputs
* A set of delegation name servers, where each unique name server name
links to a possibly empty set of its IP addresses:
* Non-empty set: The normal case.
* Empty set: [Get-Delegation] returned an empty set.
* Undefined set: [Get-Delegation] returned an undefined set.
### Dependencies
This Method depends on [Get-Delegation] and [Get-OOB-IPs].
[To top]
## Method: Get delegation NS names
### Method identifier
**Get-Del-NS-Names**
### Objective
In general, this Method replaces [Method2] in [Methods], version 1.
Obtain the name server names for *Child Zone* as defined in the delegation from
parent zone.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
### Procedures
1. Get the set of name servers where each unique name server name is linked to a
possibly empty set of its IP addresses by using Method
[Get-Del-NS-Names-and-IPs] ("Name Servers").
2. If the *Name Servers* set is undefined, then output an undefined set and exit
these procedures.
3. If the *Name Servers* set is empty, then output an empty set and exit these
procedures.
4. If the set is empty, then output an empty set and exit these test
procedures.
5. Extract the set of name server names from *Name Servers*.
6. Output the set of name server names.
### Outputs
* The set of delegation name server names:
* Non-empty set: The normal case.
* Empty set: [Get-Del-NS-Names-and-IPs] returned an empty set.
* Undefined set: [Get-Del-NS-Names-and-IPs] returned an undefined set.
### Dependencies
This Method depends on [Get-Del-NS-Names-and-IPs].
[To top]
## Method: Get delegation NS IP addresses
### Method identifier
**Get-Del-NS-IPs**
### Objective
In general, this Method replaces [Method4] in [Methods], version 1.
Obtain the IP addresses (from [Glue Records]) from the delegation of
the given zone (child zone) from the parent zone. [Glue Records] are address
records for [In-Bailiwick] name server names, if any. Obtain the IP addresses
for the [Out-Of-Bailiwick] name server names, if any.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
### Procedures
1. Get the set of name servers where each unique name server name is linked to a
possibly empty set of its IP addresses by using Method
[Get-Del-NS-Names-and-IPs] ("Name Servers").
2. If the *Name Servers* set is undefined, then output an undefined set and exit
these procedures.
3. If the *Name Servers* set is empty, then output an empty set and exit these
procedures.
4. Extract the IP addresses from *Name Servers* and create a set of
unique addresses ("NS IPs").
5. Output the *NS IPs* set.
### Outputs
* The set of delegation name server IP addresses:
* Non-empty set: The normal case.
* Empty set: [Get-Del-NS-Names-and-IPs] returned an empty set.
* Undefined set: [Get-Del-NS-Names-and-IPs] returned an undefined set.
### Dependencies
This Method depends on [Get-Del-NS-Names-and-IPs].
[To top]
## Method: Get zone NS names
### Method identifier
**Get-Zone-NS-Names**
### Objective
In general, this Method replaces [Method3] in [Methods], version 1.
Obtain the names of the authoritative name servers for the given zone
(child zone) as defined in the NS records in the zone itself.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
### Procedures
1. Using Method [Get-Del-NS-IPs], obtain the IP addresses of the
name servers ("Name Server IPs").
2. If the *Name Server IPs* set is undefined, then output an undefined set and
exit these procedures.
3. If the *Name Server IPs* set is empty, then output an empty set and exit
these procedures.
4. Create an empty set of name server names ("Name Server Names").
5. Create a [DNS Query] with query type NS and query name *Child Zone*
("NS Query").
6. [Send] *NS Query* to every IP address in *Name Server IPs*.
7. Collect all [DNS Responses][DNS Response] and ignore all non-responses.
8. Collect all the unique NS records with *Child Zone* as owner name in the
answer sections of the responses where the AA flag is set. Ignore any other
response.
9. Extract the name server names from the RDATA of the NS records and add them
to the *Name Server Names* set.
10. Output the possibly empty *Name Server Names* set.
### Outputs
* The set of zone name servers (name server names):
* Non-empty set: The normal case.
* Empty set: [Get-Del-NS-IPs] returned an empty set or no name server
names were found.
* Undefined set: [Get-Del-NS-IPs] returned an undefined set.
### Dependencies
This Method depends on [Get-Del-NS-IPs].
[To top]
## Method: Get zone NS names and IP addresses
### Method identifier
**Get-Zone-NS-Names-and-IPs**
### Objective
Obtain the name server names (extracted from the NS records) from the apex of the
child zone. For [In-Bailiwick] name server names obtain the IP addresses from the
child zone. For the [Out-Of-Bailiwick] name server names obtain the IP addresses
from resolver lookup.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
### Procedures
1. Get the name server names for the *Child Zone* as defined in
the *Child Zone* by using Method [Get-Zone-NS-Names] ("Names").
2. If the *Names* set is undefined, then output an undefined set and
exit these procedures.
3. If the *Names* set is empty, then output an empty set and exit
these procedures.
4. Create a set of name servers where each unique name server name in *Names*
is linked to an empty set of IP addresses ("Name Servers").
5. Fetch the IP addresses for any [In-Bailiwick] name server
names in *Names* by using Method [Get-IB-Addr-in-Zone].
6. Add each fetched IP address, if any, to *Name Servers* to the name
server name it belongs to.
7. Extract the set of [Out-Of-Bailiwick] name server names from *Names*
("OOB Names").
8. Get the IP addresses for name server names in *OOB Names* by using Method
[Get-OOB-IPs] with *OOB Names* as input.
9. Merge the set returned from [Get-OOB-IPs] with *Name Servers*.
10. Output the *Name Servers* set.
### Outputs
* The set of zone name servers, where each unique name server name links to a
possibly empty set of its IP addresses:
* Non-empty set: The normal case.
* Empty set: [Get-Zone-NS-Names] returned an empty set.
* Undefined set: [Get-Zone-NS-Names] returned an undefined set.
### Dependencies
This Method depends on Methods [Get-Zone-NS-Names], [Get-IB-Addr-in-Zone]
and [Get-OOB-IPs].
[To top]
## Method: Get zone NS IP addresses
### Method identifier
**Get-Zone-NS-IPs**
### Objective
In general, this Method replaces [Method5] in [Methods], version 1.
Obtain the IP addresses of the name servers, as extracted from
the NS records of apex of the child zone.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
### Procedures
1. Get the name servers set where each unique name server name is linked to a
possibly empty set of its IP addresses by using Method
[Get-Zone-NS-Names-and-IPs] ("Name Servers");
2. If the *Name Servers* set is undefined, then output an undefined set and
exit these procedures.
3. If the *Name Servers* set is empty, then output an empty set and exit
these procedures.
4. Extract the IP addresses from *Name Servers* and create a
set of unique IP addresses.
5. Output the set of IP addresses.
### Outputs
* The set of zone name server IP addresses:
* Non-empty set: The normal case.
* Empty set: [Get-Zone-NS-Names-and-IPs] returned an empty set.
* Undefined set: [Get-Zone-NS-Names-and-IPs] returned an undefined set.
### Dependencies
This Method depends on Method [Get-Zone-NS-Names-and-IPs].
[To top]
## Method: Get delegation (Internal)
### Method identifier
**Get-Delegation**
### Objective
Obtain the name server names (from the NS records) and the IP addresses (from
[Glue Records]) from the delegation of the given zone (child zone) from
the parent zone. [Glue Records] are address records for [In-Bailiwick] name
server names, if any. Extract addresses even if the resolution goes through
CNAME. It is, however, not permitted for a NS record to point at a name
that has a CNAME, but that test is covered by Test Case [Delegation05].
IP addresses for [Out-Of-Bailiwick] name server names are not extracted
with this Method. To get those use Method [Get-Del-NS-IPs] or
Method [Get-Del-NS-Names-and-IPs].
This is an [Internal Method][Internal Methods] that can be referred to by other
Methods in this document, but not by Test Case specifications.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
* "Root Name Servers"
* "Undelegated Data" - The name servers and IP addresses representing a
possible delegation of *Child Zone*.
* "Test Type" - "undelegated test" or "normal test".
### Procedures
1. If the *Test Type* is "undelegated test", then:
1. Use *Undelegated Data*.
2. Create an empty set of name servers where each unique name server name is
linked to an empty set of IP addresses ("Name Servers").
3. Extract all name server names from the *Undelegated Data* set and add to
the *Name Servers* set.
4. For each [In-Bailiwick] name server name collect any
IP addresses from *Undelegated Data* and add that to the
*Name Servers* set under the name server name.
5. For any [Out-Of-Bailiwick] name server name the IP address should be
ignored.
6. Output the *Name Servers* set.
7. Exit these procedures.
2. If *Child Zone* is the root zone ".", then output the set of name server names
and IP addresses from *Root Name Servers* and exit these procedures.
3. Using Method [Get-Parent-NS-IPs] extract the name server IP addresses for
the parent zone ("Parent NS").
4. If *Parent NS* is empty, then output the undefined set and exit these test
procedures.
5. Create [DNS Query] with query type NS and query name *Child Zone*
("NS Query").
6. Create empty sets:
1. Unique name server names where each name can be linked to a possibly empty
set of IP addresses ("Delegation Name Servers").
2. Unique name server names where each name can be linked to a possibly empty
set of IP addresses ("AA Name Servers").
7. For each parent name server in *Parent NS* do:
1. [Send] *NS query* to to the parent name server.
2. Go to next parent name server if:
1. Does not respond at all, or
2. Responds with an invalid DNS response, or
3. Responds with an [RCODE Name] besides NoError.
3. If the [DNS Response] is a [Referral] to the Child Zone:
1. Extract the name server names from the RDATA of the NS records in
the authority section.
2. Extract any A or AAAA record from the additional section if the owner
name is an [In-Bailiwick] name server name matching an NS record
from the same response.
3. Update *Delegation Name Servers* with unique name server names and with
a possibly empty set of IP addresses.
1. If the name already exists in the set and additional IP addresses
exists, add those to the name in the set.
4. If the [DNS response] has the AA bit set and the answer section contains
the NS record of the Child Zone do:
1. Extract the name server names from the RDATA of the NS records.
2. Extract any A or AAAA record from the additional section if the owner
name is an [In-Bailiwick] name server name matching an NS record
from the same response.
3. Update *AA Name Servers* with unique name server names and with
a possibly empty set of IP addresses.
1. If the name already exists in the set and additional IP addresses
exists, add those to the name in the set.
4. If any [In-Bailiwick] name server name from the NS records lacks IP
address, then:
1. [Send] two [DNS Queries][DNS Query] with that name server name as
query name to the parent name server, query type A and AAAA,
respectively.
2. If the [DNS Response] is a [Referral] to a sub-zone of *Child Zone*,
follow that delegation, possibly in several steps, by repeating the
A and AAAA queries.
3. If a CNAME is returned, follow that, possibly in several steps, to
resolve the name to IP addresses, if possible.
4. Update *AA Name Servers* with captured IP addresses, if any.
8. If the *Delegation Name Servers* set is non-empty output that and exit these
procedures.
9. Else, if the *AA Name Servers* set is non-empty output that and exit these
procedures.
10. Else, if both *Delegation Name Servers* and *AA Name Servers* sets are empty
then output an empty set.
### Outputs
* The set of name servers, the delegation, where each unique name server name
links to a possibly empty set of its IP addresses:
* Non-empty set: The normal case.
* Empty set: No delegation was found.
* Undefined set: [Get-Parent-NS-IPs] returned undefined set of parent
name server IPs.
### Dependencies
This Method depends on the output from [Get-Parent-NS-IPs] if test type is a
"normal test".
[To top]
## Method: Get in-bailiwick address records in zone (Internal)
### Method identifier
**Get-IB-Addr-in-Zone**
### Objective
From the child zone, obtain the address records matching the
[In-Bailiwick] name server names found in the zone itself.
Extract addresses even if the resolution goes through CNAME.
It is, however, not permitted for a NS record
to point at a name that has a CNAME, but that test is
covered by Test Case [Delegation05].
This is an [Internal Method][Internal Methods] that can be referred to by other
Methods in this document, but not by Test Case specifications.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
### Procedures
1. Using Method [Get-Del-NS-IPs], obtain the IP addresses to the name
servers ("Name Server IPs").
2. Using Method [Get-Zone-NS-Names], obtain the names of the name servers
from the *Child Zone* ("Child Zone Name Server Names").
3. If the *Name Server IPs* set or the *Child Zone Name Server Names* set is
empty or undefined, then output an undefined set and exit these test
procedures.
4. If no name in *Child Zone Name Server Names* is an [In-Bailiwick]
name server name:
1. Output an empty set.
2. Exit these procedures.
5. Create an empty set the [In-Bailiwick] name server names from the
*Child Zone Name Server Names* set, where each name is linked to an empty set
of IP addresses ("Name Servers").
6. For name in *Name Servers* do:
1. Create the following two [DNS queries][DNS Query]:
1. Query type A and the [In-Bailiwick] name as the query name ("A Query").
2. Query type AAAA and the [In-Bailiwick] name as the query name
("AAAA Query").
2. [Send] *A Query* and *AAAA Query* to all servers in *Name Server IPs*
and process the [DNS Responses][DNS Response] from each of them.
3. If a [Referral] to a sub-zone of Child Zone is returned,
follow that delegation, possibly in several steps, by repeating
*A Query* and *AAAA Query*.
4. If a CNAME is returned, follow that, possibly in several
steps, to resolve the name to IP addresses, if possible.
5. Ignore non-referral responses (see [Referral]) unless AA flag is set (cached
data is not accepted) and ignore response with any other [RCODE Name] than
NoError.
6. Add found IP addresses for the name server names in *Name Servers*.
7. Output the possibly empty *Name Servers* set.
### Outputs
* A set of name server names pointing at possibly empty sets of IP addresses:
* Non-empty set: The normal case.
* Empty set: There are no [In-Bailiwick] names or those are not defined in
*Child Zone*, also a normal case.
* Undefined set: [Get-Del-NS-IPs] returned an empty or undefined set.
### Dependencies
This Method depends on [Get-Zone-NS-Names] and [Get-Del-NS-IPs].
[To top]
## Method: Get out-of-bailiwick ip addresses (Internal)
### Method identifier
**Get-OOB-IPs**
### Objective
Obtain the IP addresses of the [Out-Of-Bailiwick] name servers for the
given zone (child zone) and a given set of name server names.
Extract addresses even if the resolution goes through CNAME, here ignoring that
it is not permitted for a NS record to point at a name that has a CNAME record.
See Test Case [Delegation05] for a test of NS records pointing at names that
holds CNAME records.
This is an [Internal Method][Internal Methods] that can be referred to by other
Methods in this document, but not by Test Case specifications.
### Inputs
This Method uses the following input units defined in section [Methods Inputs]:
* "Child Zone" - The name of the child zone to be tested.
* "Undelegated Data" - The name servers and IP addresses representing a
possible delegation of *Child Zone*.
* "Test Type" - "undelegated test" or "normal test".
This Method also used the following input unit from the calling Method:
* "NS Set" - Name servers names to be looked up.
### Procedures
1. If *NS Set* is empty then output an empty set and exit these procedures.
2. Create a set of name servers where each unique name server name in *NS Set*
is linked to an empty set of IP addresses ("Name Servers").
3. For each name server name ("Name") in *NS Set* do:
1. If *Test Type* is "undelegated test" and if the *Name*
has IP address specification (IPv4 or IPv6) in *Undelegated Data*,
then:
1. Add the address or addresses to *Name Servers* for *Name*.
2. Go to next server name server name.
2. Create the following two [DNS queries][DNS Query]:
1. Query type A and *Name* as the query name and the RD flag set true
("A Query").
2. Query type AAAA and *Name* as the query name and the RD flag set
true ("AAAA Query").
3. Do [DNS Lookup] of the two queries.
4. If the [DNS Responses][DNS Response], if any, contains a list of A or AAAA
records (follow any CNAME chain) in the answer section then remember the IP
addresses for next step.
5. Collect all IP addresses for the *Name* and add the address or addresses to
*Name Servers* for that *Name* and go to next *Name*.
4. Output the *Name Servers* set.
### Outputs
* A set of name servers, where each unique name server name links to a possibly
empty set of its IP addresses:
* Non-empty set: The normal case.
* Empty set: No addresses were available.
### Dependencies
None.
[To top]
## Method inter-dependencies
| Method | Level | Dependent on Method | Level |
|-------------------------------|-------|-------------------------------|-------|
| [Get-Parent-NS-Names-and-IPs] | 1 | - | |
| [Get-Parent-NS-IPs] | 2 | [Get-Parent-NS-Names-and-IPs] | 1 |
| [Get-OOB-IPs] | 1 | - | |
| [Get-Delegation] | 3 | [Get-Parent-NS-IPs] | 2 |
| [Get-Del-NS-Names-and-IPs] | 4 | [Get-Delegation] | 3 |
| | | [Get-OOB-IPs] | 1 |
| [Get-Del-NS-Names] | 5 | [Get-Del-NS-Names-and-IPs] | 4 |
| [Get-Del-NS-IPs] | 5 | [Get-Del-NS-Names-and-IPs] | 4 |
| [Get-Zone-NS-Names] | 6 | [Get-Del-NS-IPs] | 5 |
| [Get-IB-Addr-in-Zone] | 7 | [Get-Del-NS-IPs] | 5 |
| | | [Get-Zone-NS-Names] | 6 |
| [Get-Zone-NS-Names-and-IPs] | 8 | [Get-Zone-NS-Names] | 6 |
| | | [Get-IB-Addr-in-Zone] | 7 |
| | | [Get-OOB-IPs] | 1 |
| [Get-Zone-NS-IPs] | 9 | [Get-Zone-NS-Names-and-IPs] | 8 |
[To top]
## Terminology
* "Glue Record" - The term is used as defined in [RFC 8499], section 7, pages
24-25.
* "DNS Lookup" - The term is used when a recursive lookup is used, though any
changes to the DNS tree introduced by an [undelegated test] must be respected.
* "DNS Query" - The term is used for a DNS query that is to follow the
specification for DNS queries in
[DNS Query and Response Defaults][DNS Query and Response Defaults#Query].
* "DNS Response" - The term is used when the DNS response is to be handled as
defined in
[DNS Query and Response Defaults][DNS Query and Response Defaults#Response].
* "In-Bailiwick" - The term is used as defined in [RFC 8499], section 7,
pages 24-25. In this document it is limited to the meaning "in domain" in the
RFC.
* "Out-Of-Bailiwick" - The terms means, in this document, what is not
"In-Bailiwick, in domain". [RFC 8499], section 7, pages 24-25.
* "Referral" - The term means a DNS response with [RCODE Name] NoError, AA flag
unset and NS records in the authority section.
* The answer section is empty or with CNAME record or records. If the query
type is CNAME, then the answer section must be empty.
* The additional section may contain address (glue) records (A and AAAA) for
the name server names from the RCODE of the NS records.
* The referral refers the zone identical to the owner name of the NS records
to the name servers specified by the RDATA in the NS records.
* "Send" - The terms are used when a DNS query is sent to a specific name server
(name server IP address).
* "Valid Domain Name" -- The term stands for a non-empty domain name string that
has successfully passed the tests and normalizations in the
[Requirements and normalization] specification.
* "Valid IP Address" -- The term stands for either an [IPv4] address or an [IPv6]
address in any address range.
* "Valid Name Server Name" -- The term stands for a [Valid Domain Name] that
functions as the name of a name server.
[To top]
[Basic01]: Basic-TP/basic01.md
[Delegation05]: Delegation-TP/delegation05.md
[DNS Lookup]: #terminology
[DNS Query and Response Defaults]: DNSQueryAndResponseDefaults.md
[DNS Query and Response Defaults#Query]: DNSQueryAndResponseDefaults.md#default-setting-in-dns-query
[DNS Query and Response Defaults#Response]: DNSQueryAndResponseDefaults.md#default-handling-of-a-dns-response
[DNS Query]: #terminology
[DNS Response]: #terminology
[Get-Del-NS-IPs]: #method-get-delegation-ns-ip-addresses
[Get-Del-NS-Names-and-IPs]: #method-get-delegation-ns-names-and-ip-addresses
[Get-Del-NS-Names]: #method-get-delegation-ns-names
[Get-Delegation]: #method-get-delegation-internal
[Get-IB-Addr-in-Zone]: #method-get-in-bailiwick-address-records-in-zone-internal
[Get-OOB-IPs]: #method-get-out-of-bailiwick-ip-addresses-internal
[Get-Parent-NS-IPs]: #method-get-parent-ns-ip-addresses
[Get-Parent-NS-Names-and-IPs]: #method-get-parent-ns-names-and-ip-addresses
[Get-Zone-NS-IPs]: #method-get-zone-ns-ip-addresses
[Get-Zone-NS-Names-and-IPs]: #method-get-zone-ns-names-and-ip-addresses
[Get-Zone-NS-Names]: #method-get-zone-ns-names
[Glue Records]: #terminology
[In-Bailiwick]: #terminology
[Internal Methods]: #internal-methods
[IPv4]: https://en.wikipedia.org/wiki/IPv4
[IPv6]: https://en.wikipedia.org/wiki/IPv6
[Root Hints File]: https://www.internic.net/domain/named.root
[Method1]: Methods.md#method-1-obtain-the-parent-domain
[Method2]: Methods.md#method-2-obtain-glue-name-records-from-parent
[Method3]: Methods.md#method-3-obtain-name-servers-from-child
[Method4]: Methods.md#method-4-obtain-glue-address-records-from-parent
[Method5]: Methods.md#method-5-obtain-the-name-server-address-records-from-child
[Methods]: Methods.md
[Methods Inputs]: #methods-inputs
[Out-Of-Bailiwick]: #terminology
[Query type]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
[RCODE Name]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6
[RFC 8499]: https://www.rfc-editor.org/rfc/rfc8499.html#section-7
[RFC 9156]: https://www.rfc-editor.org/rfc/rfc9156.html
[Referral]: #terminology
[Requirements and normalization]: RequirementsAndNormalizationOfDomainNames.md
[Send]: #terminology
[undelegated test]: ../test-types/undelegated-test.md
[Valid Domain Name]: #terminology
[Valid Name Server Name]: #terminology
[Valid IP Address]: #terminology
[To top]: #methods-common-to-test-case-specifications-version-2
Reference in New Issue View Git Blame Copy Permalink