Zonemaster Test Case Specifications
Table of contents
- Background
- Mapping the Test Requirements to Test Case
- Elaboration of the test case
- Document hierarchy
- Other documents
- List of Defined Test Cases
Background
This is the collection of Test Case specifications for the Zonemaster project. All the details are in the Master Test Plan.
- The test cases that has been elaborated as Test Case specifications have been defined as a list of test requirements. Each test falls under a specific category.
- The document hierarchy of the Test Case specifications could be found in the Master Test Plan.
Mapping the Test Requirements to Test Case
- Each test level has been separated into a separate directory below this directory.
- Under each test level directory there is a level document (README.md) describing the test level. Links are found below.
- The Test Cases are listed below. The mapping from Test Requirement to Test Case is found in the Test requirements document.
Elaboration of the Test Case
Test cases are written for almost all Test Requirements. There could be the case that a requirement can be implemented by doing more test cases than one, or that several requirements are solved by only one test case.
Document hierarchy
Each Test Level described in Master Test Plan should be linked directly to the correct level document (the README.md in the test level directory). The level documents are found here:
- Address-TP
- Basic-TP
- Connectivity-TP
- Consistency-TP
- DNSSEC-TP
- Delegation-TP
- Nameserver-TP
- Syntax-TP
- Zone-TP
Other documents
The following documents are linked from and used by the Test Case specifications listed in the table below:
- DNS Query and Response Defaults
- Methods common to Test Case Specifications (version 1)
- Methods common to Test Case Specifications (version 2)
- Requirements and normalization of domain names in input
- Severity Level Definitions
The following documents are useful documents when studying the Test Case specifications:
List of Defined Test Cases
| Test Plan/Test Case | Test Case Description |
|---|---|
| Address-TP | |
| ADDRESS01 | Name server address must be globally routable |
| ADDRESS02 | Reverse DNS entry exists for name server IP address |
| ADDRESS03 | Reverse DNS entry matches name server name |
| Basic-TP | |
| BASIC01 | Check for the parent zone and the zone itself |
| BASIC02 | The domain must have at least one working name server |
| BASIC03 | The Broken but functional test |
| Connectivity-TP | |
| CONNECTIVITY01 | UDP connectivity to name servers |
| CONNECTIVITY02 | TCP connectivity to name servers |
| CONNECTIVITY03 | AS Diversity |
| CONNECTIVITY04 | IP Prefix Diversity |
| Consistency-TP | |
| CONSISTENCY01 | SOA serial number consistency |
| CONSISTENCY02 | SOA RNAME consistency |
| CONSISTENCY03 | SOA timers consistency |
| CONSISTENCY04 | Name server NS consistency |
| CONSISTENCY05 | Consistency between glue and authoritative data |
| CONSISTENCY06 | SOA MNAME consistency |
| DNSSEC-TP | |
| DNSSEC01 | Legal values for the DS hash digest algorithm |
| DNSSEC02 | DS must match a valid DNSKEY in the child zone |
| DNSSEC03 | Verify NSEC3 parameters |
| DNSSEC04 | Check for too short or too long RRSIG lifetimes |
| DNSSEC05 | Check for invalid DNSKEY algorithms |
| DNSSEC06 | Verify DNSSEC additional processing |
| DNSSEC07 | If DNSKEY at child, parent should have DS |
| DNSSEC08 | Valid RRSIG for DNSKEY |
| DNSSEC09 | RRSIG(SOA) must be valid and created by a valid DNSKEY |
| DNSSEC10 | Zone contains NSEC or NSEC3 records |
| DNSSEC11 | DS in delegation requires signed zone |
| DNSSEC12 | Test for DNSSEC Algorithm Completeness |
| DNSSEC13 | All DNSKEY algorithms used to sign the zone |
| DNSSEC14 | Check for valid RSA DNSKEY key size |
| DNSSEC15 | Existence of CDS and CDNSKEY |
| DNSSEC16 | Validate CDS |
| DNSSEC17 | Validate CDNSKEY |
| DNSSEC18 | Validate trust from DS to CDS and CDNSKEY |
| Delegation-TP | |
| DELEGATION01 | Minimum number of name servers |
| DELEGATION02 | Name servers must have distinct IP addresses |
| DELEGATION03 | No truncation of referrals |
| DELEGATION04 | Name server is authoritative |
| DELEGATION05 | Name server must not point at CNAME alias |
| DELEGATION06 | Existence of SOA |
| DELEGATION07 | Parent glue name records present in child |
| Nameserver-TP | |
| NAMESERVER01 | A name server should not be a recursor |
| NAMESERVER02 | Test of EDNS0 support |
| NAMESERVER03 | Test availability of zone transfer (AXFR) |
| NAMESERVER04 | Same source address |
| NAMESERVER05 | Behaviour against AAAA query |
| NAMESERVER06 | NS can be resolved |
| NAMESERVER07 | To check whether authoritative name servers return an upward referral |
| NAMESERVER08 | Testing QNAME case insensitivity |
| NAMESERVER09 | Testing QNAME case sensitivity |
| NAMESERVER10 | Test for undefined EDNS version |
| NAMESERVER11 | Test for unknown EDNS OPTION-CODE |
| NAMESERVER12 | Test for unknown EDNS flags |
| NAMESERVER13 | Test for truncated response on EDNS query |
| NAMESERVER15 | Checking for revealed software version |
| Syntax-TP | |
| SYNTAX01 | No illegal characters in the domain name |
| SYNTAX02 | No hyphen ('-') at the start or end of the domain name |
| SYNTAX03 | There must be no double hyphen ('--') in position 3 and 4 of the domain name |
| SYNTAX04 | The NS name must have a valid domain/hostname |
| SYNTAX05 | Misuse of '@' character in the SOA RNAME field |
| SYNTAX06 | No illegal characters in the SOA RNAME field |
| SYNTAX07 | No illegal characters in the SOA MNAME field |
| SYNTAX08 | MX name must have a valid hostname |
| Zone-TP | |
| ZONE01 | Fully qualified master nameserver in SOA |
| ZONE02 | SOA 'refresh' minimum value |
| ZONE03 | SOA 'retry' lower than 'refresh' |
| ZONE04 | SOA 'retry' at least 1 hour |
| ZONE05 | SOA 'expire' minimum value |
| ZONE06 | SOA 'minimum' maximum value |
| ZONE07 | SOA master is not an alias |
| ZONE08 | MX is not an alias |
| ZONE09 | MX record present |
| ZONE10 | No multiple SOA records |
| ZONE11 | SPF policy validation |