NAME

Zonemaster::Engine::Test::DNSSEC - dnssec module showing the expected structure of Zonemaster test modules

SYNOPSIS

my @results = Zonemaster::Engine::Test::DNSSEC->all($zone);

METHODS

all($zone)

Runs the default set of tests and returns a list of log entries made by the tests.

metadata()

Returns a reference to a hash, the keys of which are the names of all test methods in the module, and the corresponding values are references to lists with all the tags that the method can use in log entries.

tag_descriptions()

Returns a refernce to a hash with translation functions. Used by the builtin translation system.

policy()

Returns a reference to a hash with the default policy for the module. The keys are message tags, and the corresponding values are their default log levels.

version()

Returns a version string for the module.

TESTS

dnssec01($zone)

Verifies that all DS records have digest types registered with IANA.

dnssec02($zone)

Verifies that all DS records have a matching DNSKEY.

dnssec03($zone)

Check iteration counts for NSEC3.

dnssec04($zone)

Checks the durations of the signatures for the DNSKEY and SOA RRsets.

dnssec05($zone)

Check DNSKEY algorithms.

dnssec06($zone)

Check for DNSSEC extra processing at child nameservers.

dnssec07($zone)

Check that both DS and DNSKEY are present.

dnssec08($zone)

Check that the DNSKEY RRset is signed.

dnssec09($zone)

Check that the SOA RRset is signed.

dnssec10($zone)

Check for the presence of either NSEC or NSEC3, with proper coverage and signatures.

dnssec11($zone)

Check that the delegation step from parent is properly signed.

dnssec13($zone)

Check that all DNSKEY algorithms are used to sign the zone.

dnssec14($zone)

Check for valid RSA DNSKEY key size

dnssec15($zone)

Check existence of CDS and CDNSKEY

dnssec16($zone)

Validate CDS

dnssec17($zone)

Validate CDNSKEY

dnssec18($zone)

Validate trust from DS to CDS and CDNSKEY