CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
14c41e1a545f82d42a5ae4904215ef2ba2299ed5
zonemaster.es/zonemaster/test-zone-data/DNSSEC-TP/dnssec16/README.md
Malin 8d4eaa1489 feat: add full Zonemaster stack with Docker and Spanish UI 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00

13 KiB
Raw Blame History

DNSSEC16

This directory, i.e. the same directory as this README file, holds zone files and coredns configuration files for scenarios for test case DNSSEC16:

  • CDS-INVALID-RRSIG
  • CDS-MATCHES-NO-DNSKEY
  • CDS-MATCHES-NON-SEP-DNSKEY
  • CDS-MATCHES-NON-ZONE-DNSKEY
  • CDS-NOT-SIGNED-BY-CDS
  • CDS-SIGNED-BY-UNKNOWN-DNSKEY
  • CDS-UNSIGNED
  • CDS-WITHOUT-DNSKEY
  • DELETE-CDS
  • DNSKEY-NOT-SIGNED-BY-CDS
  • MIXED-DELETE-CDS
  • NO-CDS
  • NOT-AA
  • VALID-CDS

zonemaster-cli commands and their output for each test scenario

The level (--level) must be set to the lowest level of the message tags. For this test case INFO is the lowest level.

Scenario name Mandatory message tags Forbidden message tags
CDS-INVALID-RRSIG DS16_CDS_INVALID_RRSIG DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli cds-invalid-rrsig.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 ERROR     DS16_CDS_INVALID_RRSIG   keytag=33526; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
CDS-MATCHES-NO-DNSKEY DS16_CDS_MATCHES_NO_DNSKEY DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli cds-matches-no-dnskey.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 WARNING   DS16_CDS_MATCHES_NO_DNSKEY   keytag=50692; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
CDS-MATCHES-NON-SEP-DNSKEY DS16_CDS_MATCHES_NON_SEP_DNSKEY DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli cds-matches-non-sep-dnskey.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.09 NOTICE    DS16_CDS_MATCHES_NON_SEP_DNSKEY   keytag=14693; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
CDS-MATCHES-NON-ZONE-DNSKEY DS16_CDS_MATCHES_NON_ZONE_DNSKEY DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli cds-matches-non-zone-dnskey.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 ERROR     DS16_CDS_MATCHES_NON_ZONE_DNSKEY   keytag=41627; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
CDS-NOT-SIGNED-BY-CDS DS16_CDS_NOT_SIGNED_BY_CDS DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli cds-not-signed-by-cds.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.09 NOTICE    DS16_CDS_NOT_SIGNED_BY_CDS   keytag=46227; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
CDS-SIGNED-BY-UNKNOWN-DNSKEY DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli cds-signed-by-unknown-dnskey.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 ERROR     DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY   keytag=30573; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
CDS-UNSIGNED DS16_CDS_UNSIGNED, DS16_CDS_NOT_SIGNED_BY_CDS DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli cds-unsigned.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 NOTICE    DS16_CDS_NOT_SIGNED_BY_CDS   keytag=24862; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
   0.08 ERROR     DS16_CDS_UNSIGNED   ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
CDS-WITHOUT-DNSKEY DS16_CDS_WITHOUT_DNSKEY DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli cds-without-dnskey.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 ERROR     DS16_CDS_WITHOUT_DNSKEY   ns_ip_list=127.15.16.32;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
DELETE-CDS DS16_DELETE_CDS DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli delete-cds.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 INFO      DS16_DELETE_CDS   ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
DNSKEY-NOT-SIGNED-BY-CDS DS16_DNSKEY_NOT_SIGNED_BY_CDS DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli dnskey-not-signed-by-cds.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 WARNING   DS16_DNSKEY_NOT_SIGNED_BY_CDS   keytag=63201; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
MIXED-DELETE-CDS DS16_MIXED_DELETE_CDS DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS 
$ zonemaster-cli mixed-delete-cds.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1
   0.08 ERROR     DS16_MIXED_DELETE_CDS   ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32

-> OK

Scenario name Mandatory message tags Forbidden message tags
NO-CDS (none) DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli no-cds.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1

-> OK

Scenario name Mandatory message tags Forbidden message tags
NOT-AA (none) DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli not-aa.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1

-> OK

Scenario name Mandatory message tags Forbidden message tags
VALID-CDS (none) DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS 
$ zonemaster-cli valid-cds.dnssec16.xa --raw  --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
   0.00 INFO      GLOBAL_VERSION   version=v4.5.1

-> OK

Reference in New Issue View Git Blame Copy Permalink