Malin
8d4eaa1489
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
39 lines
1.1 KiB
Markdown
39 lines
1.1 KiB
Markdown
## DNSSEC06: Verify DNSSEC additional processing
|
|
|
|
### Test case identifier
|
|
**DNSSEC06** Verify DNSSEC additional processing
|
|
|
|
### Objective
|
|
|
|
In order for an authoritative name server to be DNSSEC compliant,
|
|
it must serve DNSSEC signatures (RRSIG) as additional data in a DNS answer.
|
|
This additional processing is described in section 3.1 of [RFC 4035](
|
|
https://datatracker.ietf.org/doc/html/rfc4035#section-3.1).
|
|
|
|
### Inputs
|
|
|
|
The domain name to be tested.
|
|
|
|
### Ordered description of steps to be taken to execute the test case
|
|
|
|
1. For each name server configured for the domain:
|
|
2. Retrieve the DNSKEY RR set from the child zone.
|
|
3. If the answer from the query does contain a DNSKEY _and_ RRSIG, this
|
|
test case passes.
|
|
4. If there is no DNSKEY RR or RRSIG RR in the answer and the RCODE is
|
|
NOERROR, this test case fails.
|
|
|
|
### Outcome(s)
|
|
|
|
If any of the name servers configured for the domains fail to answer with
|
|
DNSSEC data, this test case fails.
|
|
|
|
### Special procedural requirements
|
|
|
|
None.
|
|
|
|
### Intercase dependencies
|
|
|
|
This test should only run if [DNSSEC07](dnssec07.md) has been successful
|
|
in finding a DNSKEY for the domain.
|