NAME¶
Zonemaster::Test::DNSSEC - dnssec module showing the expected structure of
Zonemaster test modules
SYNOPSIS¶
my @results = Zonemaster::Test::DNSSEC->all($zone);
METHODS¶
- all($zone)
- Runs the default set of tests and returns a list of log entries made by
the tests.
- metadata()
- Returns a reference to a hash, the keys of which are the names of all test
methods in the module, and the corresponding values are references to
lists with all the tags that the method can use in log entries.
- translation()
- Returns a reference to a nested hash, where the outermost keys are
language codes, the keys below that are message tags and their values are
translation strings.
- policy()
- Returns a reference to a hash with the default policy for the module. The
keys are message tags, and the corresponding values are their default log
levels.
- version()
- Returns a version string for the module.
TESTS¶
- dnssec01($zone)
- Verifies that all DS records have digest types registered with IANA.
- dnssec02($zone)
- Verifies that all DS records have a matching DNSKEY.
- dnssec03($zone)
- Check iteration counts for NSEC3.
- dnssec04($zone)
- Checks the durations of the signatures for the DNSKEY and SOA RRsets.
- dnssec05($zone)
- Check DNSKEY algorithms.
- dnssec06($zone)
- Check for DNSSEC extra processing at child nameservers.
- dnssec07($zone)
- Check that both DS and DNSKEY are present.
- dnssec08($zone)
- Check that the DNSKEY RRset is signed.
- dnssec09($zone)
- Check that the SOA RRset is signed.
- dnssec10($zone)
- Check for the presence of either NSEC or NSEC3, with proper coverage and
signatures.
- dnssec11($zone)
- Check that the delegation step from parent is properly signed.