NAME
Zonemaster::Engine::Test::DNSSEC - dnssec module showing the expected structure of Zonemaster test modules
SYNOPSIS
my @results = Zonemaster::Engine::Test::DNSSEC->all($zone);
METHODS
- all($zone)
-
Runs the default set of tests and returns a list of log entries made by the tests.
- metadata()
-
Returns a reference to a hash, the keys of which are the names of all test methods in the module, and the corresponding values are references to lists with all the tags that the method can use in log entries.
- tag_descriptions()
-
Returns a refernce to a hash with translation functions. Used by the builtin translation system.
- policy()
-
Returns a reference to a hash with the default policy for the module. The keys are message tags, and the corresponding values are their default log levels.
- version()
-
Returns a version string for the module.
TESTS
- dnssec01($zone)
-
Verifies that all DS records have digest types registered with IANA.
- dnssec02($zone)
-
Verifies that all DS records have a matching DNSKEY.
- dnssec03($zone)
-
Check iteration counts for NSEC3.
- dnssec04($zone)
-
Checks the durations of the signatures for the DNSKEY and SOA RRsets.
- dnssec05($zone)
-
Check DNSKEY algorithms.
- dnssec06($zone)
-
Check for DNSSEC extra processing at child nameservers.
- dnssec07($zone)
-
Check that both DS and DNSKEY are present.
- dnssec08($zone)
-
Check that the DNSKEY RRset is signed.
- dnssec09($zone)
-
Check that the SOA RRset is signed.
- dnssec10($zone)
-
Check for the presence of either NSEC or NSEC3, with proper coverage and signatures.
- dnssec11($zone)
-
Check that the delegation step from parent is properly signed.
- dnssec13($zone)
-
Check that all DNSKEY algorithms are used to sign the zone.
- dnssec14($zone)
-
Check for valid RSA DNSKEY key size
- dnssec15($zone)
-
Check existence of CDS and CDNSKEY
- dnssec16($zone)
-
Validate CDS
- dnssec17($zone)
-
Validate CDNSKEY
- dnssec18($zone)
-
Validate trust from DS to CDS and CDNSKEY