NAME

Zonemaster::Engine::Test::DNSSEC - dnssec module showing the expected structure of Zonemaster test modules

SYNOPSIS

my @results = Zonemaster::Engine::Test::DNSSEC->all($zone);

METHODS

all($zone)

Runs the default set of tests and returns a list of log entries made by the tests.

metadata()

Returns a reference to a hash, the keys of which are the names of all test methods in the module, and the corresponding values are references to lists with all the tags that the method can use in log entries.

translation()

Returns a reference to a nested hash, where the outermost keys are language codes, the keys below that are message tags and their values are translation strings.

policy()

Returns a reference to a hash with the default policy for the module. The keys are message tags, and the corresponding values are their default log levels.

version()

Returns a version string for the module.

TESTS

dnssec01($zone)

Verifies that all DS records have digest types registered with IANA.

dnssec02($zone)

Verifies that all DS records have a matching DNSKEY.

dnssec03($zone)

Check iteration counts for NSEC3.

dnssec04($zone)

Checks the durations of the signatures for the DNSKEY and SOA RRsets.

dnssec05($zone)

Check DNSKEY algorithms.

dnssec06($zone)

Check for DNSSEC extra processing at child nameservers.

dnssec07($zone)

Check that both DS and DNSKEY are present.

dnssec08($zone)

Check that the DNSKEY RRset is signed.

dnssec09($zone)

Check that the SOA RRset is signed.

dnssec10($zone)

Check for the presence of either NSEC or NSEC3, with proper coverage and signatures.

dnssec11($zone)

Check that the delegation step from parent is properly signed.