Skip to content

Update DNSSEC07 implementation #1476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tgreenx merged 1 commit into from
Nov 14, 2025
Merged

Update DNSSEC07 implementation #1476

tgreenx merged 1 commit into from
Nov 14, 2025

Conversation

@tgreenx
Copy link
Contributor

@tgreenx tgreenx commented Oct 30, 2025

Purpose

This PR proposes an update of test case DNSSEC07 implementation.

Context

Test case specification: zonemaster/zonemaster#1425
Test scenarios specification: zonemaster/zonemaster#1432

Changes

  • Update implementation (test case, message tags, profile, DNSSEC module test plan)
  • Update unit tests
  • Update unit test data

How to test this PR

Unit tests are updated and should pass.

@tgreenx tgreenx added this to the v2025.2 milestone Oct 30, 2025
@tgreenx tgreenx added A-TestCase Area: Test case specification or implementation of test case V-Patch Versioning: The change gives an update of patch in version. RC-Features Release category: Features. labels Oct 30, 2025
This was referenced Oct 30, 2025
Merged
Merged
@tgreenx tgreenx force-pushed the update-dnssec07 branch 2 times, most recently from 08f9bf8 to d816b18 Compare October 30, 2025 17:08
matsduf
matsduf requested changes Nov 2, 2025
View reviewed changes
Copy link
Contributor

@matsduf matsduf left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the description of zonemaster/zonemaster#1425:

After this update, DNSSEC07 should still be run first, and then DNSSEC11. If updated DNSSEC07 outputs DS07_NOT_SIGNED then no other test cases, besides DNSSEC11, in DNSSEC module should be run.

I.e. DNSSEC07 and DNSSEC11 should always be run.

Should that be included in the specification? I do not think so, but it should be stated somewhere.

matsduf
matsduf reviewed Nov 2, 2025
View reviewed changes
Copy link
Contributor

@matsduf matsduf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides that DNSSEC11 should always be run it looks fine. All scenarios pass.

@tgreenx
Copy link
Contributor Author

tgreenx commented Nov 4, 2025

From the description of zonemaster/zonemaster#1425:

After this update, DNSSEC07 should still be run first, and then DNSSEC11. If updated DNSSEC07 outputs DS07_NOT_SIGNED then no other test cases, besides DNSSEC11, in DNSSEC module should be run.

I.e. DNSSEC07 and DNSSEC11 should always be run.

Should that be included in the specification? I do not think so, but it should be stated somewhere.

For that purpose with have the "Special procedural requirements" section in the specification, which I followed. But it seems it was not entirely updated correctly then.

@tgreenx tgreenx requested a review from matsduf November 4, 2025 10:01
@tgreenx
Copy link
Contributor Author

tgreenx commented Nov 4, 2025

Besides that DNSSEC11 should always be run it looks fine. All scenarios pass.

Updated and rebased on top of #1475

@tgreenx
Copy link
Contributor Author

tgreenx commented Nov 4, 2025

Unit test data for t/Test-dnssec.t needs to be re-recorded in order for all unit tests to pass, but that can't be done right now (zut-root.rd.nic.fr is temporarily offline). It will be done at a later time.

@matsduf
Copy link
Contributor

matsduf commented Nov 4, 2025

Unit test data for t/Test-dnssec.t needs to be re-recorded in order for all unit tests to pass, but that can't be done right now (zut-root.rd.nic.fr is temporarily offline). It will be done at a later time.

I suggest that the failing tests are marked as TODO. What test cases are affected? I could possibly create scenarios for them.

@tgreenx
Copy link
Contributor Author

tgreenx commented Nov 13, 2025

@matsduf please re-review, unit tests have been re-recorded (the test zones are back online).

matsduf
matsduf reviewed Nov 13, 2025
View reviewed changes
Copy link
Contributor

@matsduf matsduf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does not look like the tag NOT_SIGNED show up in the output, which seems strange.

@matsduf matsduf mentioned this pull request Nov 13, 2025
Merged
@matsduf
Copy link
Contributor

matsduf commented Nov 14, 2025

It does not look like the tag NOT_SIGNED show up in the output, which seems strange.

It is not strange. It is outputted, but on DEBUG level. If level is set to DEBUG in zonemaster-cli it is outputted.

matsduf
matsduf previously approved these changes Nov 14, 2025
View reviewed changes
Copy link
Contributor

@matsduf matsduf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The NOT_SIGNED tag should be cleaned away, but it does no harm. The cleaning could also be done later.

@tgreenx
Copy link
Contributor Author

tgreenx commented Nov 14, 2025
edited
Loading

The NOT_SIGNED tag should be cleaned away, but it does no harm. The cleaning could also be done later.

Done (removed). I've also rebased and fixed several conflicts. Please re-review

@tgreenx tgreenx requested a review from matsduf November 14, 2025 09:44
@tgreenx tgreenx merged commit 254e4e4 into zonemaster:develop Nov 14, 2025
3 checks passed
@tgreenx tgreenx deleted the update-dnssec07 branch November 14, 2025 10:51
@tolvmannen tolvmannen added the S-ReleaseTested Status: The PR has been successfully tested in release testing label Dec 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matsduf matsduf matsduf approved these changes

@mattias-p mattias-p Awaiting requested review from mattias-p

@tolvmannen tolvmannen Awaiting requested review from tolvmannen

@marc-vanderwal marc-vanderwal Awaiting requested review from marc-vanderwal

@MichaelTimbert MichaelTimbert Awaiting requested review from MichaelTimbert

Assignees

No one assigned

Labels

A-TestCase Area: Test case specification or implementation of test case RC-Features Release category: Features. S-ReleaseTested Status: The PR has been successfully tested in release testing V-Patch Versioning: The change gives an update of patch in version.

Projects

None yet

Milestone

v2025.2

Development

Successfully merging this pull request may close these issues.

3 participants

@tgreenx @matsduf @tolvmannen