CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
14c41e1a545f82d42a5ae4904215ef2ba2299ed5
zonemaster.es/zonemaster/docs/public/specifications/tests/Nameserver-TP/nameserver10.md
Malin 8d4eaa1489 feat: add full Zonemaster stack with Docker and Spanish UI 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00

165 lines
6.9 KiB
Markdown
Raw Blame History

# NAMESERVER10: Test for undefined EDNS version
## Test case identifier
**NAMESERVER10**
## Table of contents
* [Objective](#objective)
* [Scope](#scope)
* [Inputs](#inputs)
* [Summary](#summary)
* [Test procedure](#test-procedure)
* [Outcome(s)](#outcomes)
* [Special procedural requirements](#special-procedural-requirements)
* [Intercase dependencies](#intercase-dependencies)
* [Terminology](#terminology)
## Objective
EDNS ([RFC 6891]) is a mechanism to announce capabilities of a DNS
implementation, and is required by new functionality in DNS such as DNSSEC
([RFC 4033][RFC 4033#section-3], section 3).
[RFC 6891][RFC 6891#section-6.1.3], section 6.1.3, states that if a nameserver
has implemented EDNS but has not implemented the version level of the request,
then it MUST respond with RCODE "BADVERS". Only version "0" has been defined for
EDNS.
Note that RCODE "BADVERS" is an extended RCODE which is calculated from the
combination of the normal RCODE field in the DNS package header
([RFC 1035][RFC 1035#section-4.1.1], section 4.1.1) and the OPT record
EXTENDED-RCODE field ([RFC 6891][RFC 6891#section-6.1.3], section 6.1.3). Also
see [IANA RCODE Registry].
## Scope
Issues covered by [Connectivity01] (basic name server issues) or [Nameserver02] (basic
EDNS issues) will not result in messages from this test case.
## Inputs
* "Child Zone" - The domain name to be tested.
## Summary
* Only relevant for a zone whose name servers correctly support EDNS, version 0.
Message Tag outputted | Level | Arguments | Description of when message tag is outputted
:-----------------------------|:--------|:------------------|:--------------------------------------------
N10_NO_RESPONSE_EDNS1_QUERY | WARNING | ns_ip_list | Response when EDNS ver=0, but not when 1.
N10_UNEXPECTED_RCODE | WARNING | ns_ip_list, rcode | Unexpected RCODE value when EDNS ver=1.
N10_EDNS_RESPONSE_ERROR | WARNING | ns_ip_list | Expected RCODE value when EDNS ver=1, but error in response.
The value in the Level column is the default severity level of the message. The
severity level can be changed in the [Zonemaster-Engine profile]. Also see the
[Severity Level Definitions] document.
The argument names in the Arguments column lists the arguments used in the
message. The argument names are defined in the [argument list].
## Test procedure
1. Create the following empty sets:
1. Name server IP ("No Response EDNS1 Query").
2. Name server IP and associated RCODE ("Unexpected RCODE").
3. Name server IP ("EDNS Response Error").
2. Create an SOA query for the *Child Zone* with an OPT record with EDNS version
set to "0" and with EDNS option of payload size ("bufsize") set to 512 and
other EDNS options and flags unset ("Query One").
3. Create an SOA query for the *Child Zone* with an OPT record with EDNS version
set to "1" and with EDNS option of payload size ("bufsize") set to 512 and
other EDNS options and flags unset ("Query Two").
4. Obtain the set of name server IP addresses using [Method4] and [Method5]
("Name Server IP").
5. For each name server in *Name Server IP* do:
1. Send *Query One* over UDP to the name server, collect the response and do:
1. If there is no DNS response then go to next name server.
2. Else, if the RCODE value is not "NOERROR" then go to next name server.
2. Send *Query Two* over UDP to the name server, collect the response and do:
1. If there is no DNS response, then add the name server IP to the
*No Response EDNS1 Query* set.
2. Else, if the DNS response does not have RCODE with value "BADVERS", then
add the name server IP and RCODE value to the *Unexpected RCODE* set.
3. Else, if the DNS response meet all the following three criteria, then
just go to the next name server (correct response):
1. It has the RCODE "BADVERS".
2. It has EDNS version 0.
3. The answer section is empty.
4. Else add the name server IP to the *EDNS Response Error* set.
6. If the *No Response EDNS1 Query* set is non-empty, then output
*[N10_NO_RESPONSE_EDNS1_QUERY]* with the name server IP addresses from the
set.
7. If the *Unexpected RCODE* set is non-empty, then for each RCODE value in the
set do:
* Output *[N10_UNEXPECTED_RCODE]* with the RCODE value and the name server
IP addresses for that RCODE value.
8. If the *EDNS Response Error* set is non-empty, then output
*[N10_EDNS_RESPONSE_ERROR]* with the name server IP addresses from the set.
## Outcome(s)
The outcome of this Test Case is "fail" if there is at least one message
with the severity level *[ERROR]* or *[CRITICAL]*.
The outcome of this Test Case is "warning" if there is at least one message
with the severity level *[WARNING]*, but no message with severity level
*ERROR* or *CRITICAL*.
In other cases, no message or only messages with severity level
*[INFO]* or *[NOTICE]*, the outcome of this Test Case is "pass".
## Special procedural requirements
If either IPv4 or IPv6 transport is disabled, ignore the evaluation of the
result of any test using this transport protocol and log a message reporting
the ignored result.
## Intercase dependencies
None
## Terminology
No special terminology for this test case.
[Argument list]: ../ArgumentsForTestCaseMessages.md
[Connectivity01]: ../Connectivity-TP/connectivity01.md
[CRITICAL]: ../SeverityLevelDefinitions.md#critical
[ERROR]: ../SeverityLevelDefinitions.md#error
[IANA RCODE Registry]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6
[INFO]: ../SeverityLevelDefinitions.md#info
[Method4]: ../Methods.md#method-4-obtain-glue-address-records-from-parent
[Method5]: ../Methods.md#method-5-obtain-the-name-server-address-records-from-child
[N10_EDNS_RESPONSE_ERROR]: #summary
[N10_NO_RESPONSE_EDNS1_QUERY]: #summary
[N10_UNEXPECTED_RCODE]: #summary
[NOTICE]: ../SeverityLevelDefinitions.md#notice
[Nameserver02]: ../Nameserver-TP/nameserver02.md
[RFC 1035#section-4.1.1]: https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.1
[RFC 4033#section-3]: https://datatracker.ietf.org/doc/html/rfc4033#section-3
[RFC 6891#section-6.1.3]: https://datatracker.ietf.org/doc/html/rfc6891#section-6.1.3
[RFC 6891]: https://datatracker.ietf.org/doc/html/rfc6891
[Severity Level Definitions]: ../SeverityLevelDefinitions.md
[WARNING]: ../SeverityLevelDefinitions.md#warning
[Zonemaster-Engine profile]: ../../../configuration/profiles.md
Reference in New Issue View Git Blame Copy Permalink