Implementation of DNSSEC10 with new specifications #995
Conversation
|
@matsduf message are not yet defined (any proposal are welcomed), but I face a problem with DS10_INCONSISTENT_NSEC_NSEC3. It is not possible to have 2 arguments with same label (ns_ip_list). Should we have 2 messages or 2 labels (to define in https://github.com/zonemaster/zonemaster-engine/blob/master/docs/logentry_args.md). |
@vlevigneron, the messages should be one to make it clear. My suggestion is the the arguments are called "ns_ip_list_nsec" and "ns_ip_list_nsec3", respectively, to make the distinction. I have discussed this with @mattias-p too. If you agree that it is a good idea, I will create a proposed update to logentry_args that states that such suffix can be added if the same argument is used more than once. Added 2021-11-05: #997 has been created. |
- Add new unit tests
|
The specification has also been updated by zonemaster/zonemaster#1008. |
|
@matsduf Do you think we can merge it ? |
Testing v2021.2LGTM. I tested available test zones and compared with the output when using dig.
|
matsduf
added
the
S-ReleaseTested
Purpose
This PR is the implementation of zonemaster/zonemaster#875
Context
fixes issue #992
fixes issue #722 (no longer relevant)
Changes
method Zonemaster::Engine::Test::DNSSEC::dnssec10 complete rewrite
15 new messages tag implemented (no translation yet)
15 old messages removed
Unit tests updated but many missing
How to test this PR
Use one of the following domains to do the tests:
dnssec10-non-existent-domain-name-exists-01.zft-root.rd.nic.fr
dnssec10-non-existent-domain-name-exists-02.zft-root.rd.nic.fr
dnssec10-non-existent-domain-name-exists-03.zft-root.rd.nic.fr
dnssec10-non-existent-domain-name-exists-04.zft-root.rd.nic.fr
dnssec10-non-existent-domain-name-exists-05.zft-root.rd.nic.fr
dnssec11-inconsistent-dnskey.zft-root.rd.nic.fr
dnssec10-inconsistent-nsec-nsec3.zft-root.rd.nic.fr
nic.se
zonemaster.fr