ADDRESS01: Name server address must be globally reachable
Test case identifier
ADDRESS01
Table of contents
Objective
In order for the domain and its resources to be accessible, authoritative name servers must have addresses in the reachable public addressing space.
IANA is responsible for global coordination of the IP addressing system. Aside its address allocation activities, it maintains reserved address ranges for special uses. These ranges can be categorized into two types: Special purpose IPv4 addresses and Special purpose IPv6 addresses.
This test checks the name server IP addresses, both those derived from delegation and those derived from the name servers listed in the zone (NS records). Each address is compared against the IANA databases. If an address is not globally reachable, a message is outputted.
Scope
This test case does not do any actual connectivity test, which is done by other test cases.
Inputs
- "Child Zone" -- the domain name to be tested.
- Special purpose IPv4 addresses
- Special purpose IPv6 addresses
Summary
| Message Tag | Level | Arguments | Message ID for message tag |
|---|---|---|---|
| A01_ADDR_NOT_GLOBALLY_REACHABLE | ERROR | ns_list | IP address(es) not listed as globally reachable: "{ns_list}". |
| A01_DOCUMENTATION_ADDR | ERROR | ns_list | IP address(es) intended for documentation purposes: "{ns_list}". |
| A01_GLOBALLY_REACHABLE_ADDR | INFO | ns_list | Globally reachable IP address(es): "{ns_list}". |
| A01_LOCAL_USE_ADDR | ERROR | ns_list | IP address(es) intended for local use on network or service provider level: "{ns_list}". |
| A01_NO_GLOBALLY_REACHABLE_ADDR | ERROR | None of the name servers IP addresses are listed as globally reachable. | |
| A01_NO_NAME_SERVERS_FOUND | CRITICAL | No name servers found. |
The value in the Level column is the default severity level of the message. The severity level can be changed in the Zonemaster-Engine profile. Also see the Severity Level Definitions document.
The argument names in the Arguments column lists the arguments used in the message. The argument names are defined in the Argument list.
Test procedure
-
Create the following empty sets:
- Name server name and IP address ("Name Server IP").
- Name server name and IP address ("Documentation Address").
- Name server name and IP address ("Local Use Address").
- Name server name and IP address ("Not Globally Reachable").
- Name server name and IP address ("Globally Reachable").
-
Retrieve all name server names and IP addresses for Child Zone using methods Get-Del-NS-Names-and-IPs and Get-Zone-NS-Names-and-IPs, and add them to the Name Server IP set.
-
If the Name Server IP set is empty, output A01_NO_NAME_SERVERS_FOUND and exit the test.
-
For each name server in Name Server IP do:
- Match the IP address against the IP ranges specified in
Special purpose IPv4 addresses and Special purpose IPv6 addresses
- If the IP address falls within any of the address ranges reserved for Documentation, add the name server name and IP address to the Documentation Address set,
- Else, if it falls within an address range belonging to any of the
following categories, add the name server name and IP address to the
Local Use Adddress set:
- Private-Use (IPv4)
- Loopback (IPv4)
- Loopback Address (IPv6)
- Link Local (IPv4)
- Link-Local Unicast (IPv6)
- Unique-Local (IPv6)
- Shared Address Space (IPv6)
- Else, if it falls within any other range that is not registered as Globally Reachable, add the name server name and IP address to the Not Globally Reachable set.
- Else, add the name server name and IP address to the Globally Reachable set.
- Go to the next server.
- Match the IP address against the IP ranges specified in
Special purpose IPv4 addresses and Special purpose IPv6 addresses
-
If the Documentation Address set is non-empty, then output A01_DOCUMENTATION_ADDR with a list of name server names and IP addresses from the set.
-
If the Local Use Address set is non-empty, then output A01_LOCAL_USE_ADDR with a list of name server names and IP addresses from the set.
-
If the Not Globally Reachable set is non-empty, then output A01_ADDR_NOT_GLOBALLY_REACHABLE with a list of name server names and IP addresses from the set.
-
If the Globally Reachable set is non-empty, then output A01_GLOBALLY_REACHABLE_ADDR with a list of name server names and IP addresses from the set.
-
If the Globally Reachable set is empty, then output A01_NO_GLOBALLY_REACHABLE_ADDR
Outcome(s)
The outcome of this Test Case is "fail" if there is at least one message with the severity level ERROR or CRITICAL.
The outcome of this Test Case is "warning" if there is at least one message with the severity level WARNING, but no message with severity level ERROR or CRITICAL.
In other cases, no message or only messages with severity level INFO or NOTICE the outcome of this Test Case is "pass".
Special procedural requirements
The registries Special purpose IPv4 addresses and Special purpose IPv6 addresses have to be fetched prior to testing.
Intercase dependencies
None.