Malin
8d4eaa1489
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
DNSSEC16
This directory, i.e. the same directory as this README file, holds
zone files and coredns configuration files for scenarios for test case DNSSEC16:
- CDS-INVALID-RRSIG
- CDS-MATCHES-NO-DNSKEY
- CDS-MATCHES-NON-SEP-DNSKEY
- CDS-MATCHES-NON-ZONE-DNSKEY
- CDS-NOT-SIGNED-BY-CDS
- CDS-SIGNED-BY-UNKNOWN-DNSKEY
- CDS-UNSIGNED
- CDS-WITHOUT-DNSKEY
- DELETE-CDS
- DNSKEY-NOT-SIGNED-BY-CDS
- MIXED-DELETE-CDS
- NO-CDS
- NOT-AA
- VALID-CDS
zonemaster-cli commands and their output for each test scenario
The level (--level) must be set to the lowest level of the message tags. For
this test case INFO is the lowest level.
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| CDS-INVALID-RRSIG | DS16_CDS_INVALID_RRSIG | DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli cds-invalid-rrsig.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_CDS_INVALID_RRSIG keytag=33526; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| CDS-MATCHES-NO-DNSKEY | DS16_CDS_MATCHES_NO_DNSKEY | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli cds-matches-no-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 WARNING DS16_CDS_MATCHES_NO_DNSKEY keytag=50692; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| CDS-MATCHES-NON-SEP-DNSKEY | DS16_CDS_MATCHES_NON_SEP_DNSKEY | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli cds-matches-non-sep-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.09 NOTICE DS16_CDS_MATCHES_NON_SEP_DNSKEY keytag=14693; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| CDS-MATCHES-NON-ZONE-DNSKEY | DS16_CDS_MATCHES_NON_ZONE_DNSKEY | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli cds-matches-non-zone-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_CDS_MATCHES_NON_ZONE_DNSKEY keytag=41627; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| CDS-NOT-SIGNED-BY-CDS | DS16_CDS_NOT_SIGNED_BY_CDS | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli cds-not-signed-by-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.09 NOTICE DS16_CDS_NOT_SIGNED_BY_CDS keytag=46227; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| CDS-SIGNED-BY-UNKNOWN-DNSKEY | DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli cds-signed-by-unknown-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY keytag=30573; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| CDS-UNSIGNED | DS16_CDS_UNSIGNED, DS16_CDS_NOT_SIGNED_BY_CDS | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli cds-unsigned.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 NOTICE DS16_CDS_NOT_SIGNED_BY_CDS keytag=24862; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
0.08 ERROR DS16_CDS_UNSIGNED ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| CDS-WITHOUT-DNSKEY | DS16_CDS_WITHOUT_DNSKEY | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli cds-without-dnskey.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_CDS_WITHOUT_DNSKEY ns_ip_list=127.15.16.32;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| DELETE-CDS | DS16_DELETE_CDS | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli delete-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 INFO DS16_DELETE_CDS ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| DNSKEY-NOT-SIGNED-BY-CDS | DS16_DNSKEY_NOT_SIGNED_BY_CDS | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli dnskey-not-signed-by-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 WARNING DS16_DNSKEY_NOT_SIGNED_BY_CDS keytag=63201; ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| MIXED-DELETE-CDS | DS16_MIXED_DELETE_CDS | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS |
$ zonemaster-cli mixed-delete-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
0.08 ERROR DS16_MIXED_DELETE_CDS ns_ip_list=127.15.16.31;127.15.16.32;fda1:b2:c3:0:127:15:16:31;fda1:b2:c3:0:127:15:16:32
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| NO-CDS | (none) | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli no-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| NOT-AA | (none) | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli not-aa.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
-> OK
| Scenario name | Mandatory message tags | Forbidden message tags |
|---|---|---|
| VALID-CDS | (none) | DS16_CDS_INVALID_RRSIG, DS16_CDS_MATCHES_NON_SEP_DNSKEY, DS16_CDS_MATCHES_NON_ZONE_DNSKEY, DS16_CDS_MATCHES_NO_DNSKEY, DS16_CDS_NOT_SIGNED_BY_CDS, DS16_CDS_SIGNED_BY_UNKNOWN_DNSKEY, DS16_CDS_UNSIGNED, DS16_CDS_WITHOUT_DNSKEY, DS16_DELETE_CDS, DS16_DNSKEY_NOT_SIGNED_BY_CDS, DS16_MIXED_DELETE_CDS |
$ zonemaster-cli valid-cds.dnssec16.xa --raw --test DNSSEC/dnssec16 --hints COMMON/hintfile --level info
0.00 INFO GLOBAL_VERSION version=v4.5.1
-> OK