CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f98c45834e9ec2240341906c7baebf61321f6eef
zonemaster.es/zonemaster/test-zone-data/DNSSEC-TP/dnssec07/dnssec07.cfg
Malin 8d4eaa1489 feat: add full Zonemaster stack with Docker and Spanish UI 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00

236 lines
12 KiB
INI
Raw Blame History

# | 127.15.7.0/24 | DNSSEC07 scenarios |
# | 127.15.7.21 | ns1.dnssec07.xa |
# | 127.15.7.22 | ns2.dnssec07.xa |
# | 127.15.7.27 | ns1 of root |
# | 127.15.7.28 | ns2 of root |
# | 127.15.7.31 | ns1 of parent in some scenarios |
# | 127.15.7.32 | ns2 of parent in some scenarios |
# | 127.15.7.41 | ns1 of child zone |
# | 127.15.7.42 | ns2 of child zone |
# | 127.15.7.53 | resolver with test case local hint |
## root
.:53 {
bind 127.15.7.27 # ns1
bind fda1:b2:c3:0:127:15:7:27 # ns1
bind 127.15.7.28 # ns2
bind fda1:b2:c3:0:127:15:7:28 # ns2
log
file DNSSEC-TP/dnssec07/root-zone.zone .
}
# Resolver using test case local root
. {
bind 127.15.7.53
unbound {
option root-hints DNSSEC-TP/dnssec07/hintfile.zone
}
log
}
dnssec07.xa:53 { #
bind 127.15.7.21 # ns1
bind fda1:b2:c3:0:127:15:7:21 # ns1
bind 127.15.7.22 # ns2
bind fda1:b2:c3:0:127:15:7:22 # ns2
log
file DNSSEC-TP/dnssec07/dnssec07.xa.zone dnssec07.xa
}
# SIGNED-AND-DS-1
signed-and-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone signed-and-ds-1.dnssec07.xa
template IN DNSKEY signed-and-ds-1.dnssec07.xa. {
answer "signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "signed-and-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 signed-and-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# SIGNED-NO-DS-1
signed-no-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone signed-no-ds-1.dnssec07.xa
template IN DNSKEY signed-no-ds-1.dnssec07.xa. {
answer "signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "signed-no-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 signed-no-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# INCONSIST-SIGNED-AND-DS-1
inconsist-signed-and-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-and-ds-1.dnssec07.xa
template IN DNSKEY inconsist-signed-and-ds-1.dnssec07.xa. {
answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 inconsist-signed-and-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
inconsist-signed-and-ds-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-and-ds-1.dnssec07.xa
}
# INCONSIST-SIGNED-NO-DS-1
inconsist-signed-no-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-no-ds-1.dnssec07.xa
template IN DNSKEY inconsist-signed-no-ds-1.dnssec07.xa. {
answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 inconsist-signed-no-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
inconsist-signed-no-ds-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-no-ds-1.dnssec07.xa
}
# ### SIGNED-AND-INCONSIST-DS-1
signed-and-inconsist-ds-1.dnssec07.xa:53 { # parent (ns1)
bind 127.15.7.31 # ns1
bind fda1:b2:c3:0:127:15:7:31 # ns1
log
file DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns1.zone signed-and-inconsist-ds-1.dnssec07.xa
}
signed-and-inconsist-ds-1.dnssec07.xa:53 { # parent (ns1)
bind 127.15.7.32 # ns2
bind fda1:b2:c3:0:127:15:7:32 # ns2
log
file DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns2.zone signed-and-inconsist-ds-1.dnssec07.xa
}
child.signed-and-inconsist-ds-1.dnssec07.xa:53 { # child
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone child.signed-and-inconsist-ds-1.dnssec07.xa
template IN DNSKEY child.signed-and-inconsist-ds-1.dnssec07.xa. {
answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 child.signed-and-inconsist-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# UNSIGNED-AND-DS-1
unsigned-and-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unsigned-and-ds-1.dnssec07.xa
}
# UNSIGNED-NO-DS-1
unsigned-no-ds-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unsigned-no-ds-1.dnssec07.xa
}
# NON-AUTH-RESPONSE-DNSKEY-1
non-auth-response-dnskey-1.dnssec07.xa:53 {
view pass {
expr type() in ['DNSKEY']
}
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
template IN DNSKEY non-auth-response-dnskey-1.dnssec07.xa. {
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 non-auth-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
header {
response clear aa
}
}
non-auth-response-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone non-auth-response-dnskey-1.dnssec07.xa
}
non-auth-response-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone non-auth-response-dnskey-1.dnssec07.xa
template IN DNSKEY non-auth-response-dnskey-1.dnssec07.xa. {
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 non-auth-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# NO-RESPONSE-DNSKEY-1
no-response-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone no-response-dnskey-1.dnssec07.xa
acl no-response-dnskey-1.dnssec07.xa {
drop type DNSKEY
}
}
no-response-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone no-response-dnskey-1.dnssec07.xa
template IN DNSKEY no-response-dnskey-1.dnssec07.xa. {
answer "no-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "no-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "no-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 no-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
# ### UNEXP-RCODE-RESP-DNSKEY-1
unexp-rcode-resp-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.41 # ns1
bind fda1:b2:c3:0:127:15:7:41 # ns1
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unexp-rcode-resp-dnskey-1.dnssec07.xa
template IN DNSKEY unexp-rcode-resp-dnskey-1.dnssec07.xa. {
rcode "REFUSED"
}
}
unexp-rcode-resp-dnskey-1.dnssec07.xa:53 {
bind 127.15.7.42 # ns2
bind fda1:b2:c3:0:127:15:7:42 # ns2
log
file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unexp-rcode-resp-dnskey-1.dnssec07.xa
template IN DNSKEY unexp-rcode-resp-dnskey-1.dnssec07.xa. {
answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 unexp-rcode-resp-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
}
}
Reference in New Issue View Git Blame Copy Permalink