Skip to end of metadata
Go to start of metadata

1. Introduction 

This document details the tests required to check that the OpenDNSSEC software conforms to the specified requirements. The tests fall into two groups:

  • Checking the overall operation of the system.
  • Checking specific requirements not covered in normal operation (such as start-up and shut-down).

This version of the document is applicable to the Alpha release of the software.


1.1 Installation 

The software should be installed according to the specified instructions.

1.2 Test Data 

The following sets of data will be used. and other data files can be found in the repository.

  • LargeZone - a zone file holding 100 000 RR. The data should comprise solely delegations - a mixture of NS records and glue records. (This is intended to simulate a large TLD.). Roughly 10% of the names should have a DS record associated with them.

  perl --zonename <ZONE NAME> --nzones 1 --nrr 100000 --nns 2 --pns 100 --pds 10 --output <DIRECTORY>

  • MediumZone - a zone file holding a single zone with about a hundred names. The resource records should be of a variety of types. (This is intended to simulate the zone file of a medium to large company.)

  perl --zonename <ZONE NAME> --nzones 1 --nrr 150 --nns 2 --pns 5 --pds 50 -pa 100 -paaaa 10 --output <DIRECTORY>

  • SmallZone - One thousand files, each holding a small zone. (This is intended to simulate the zone file of an ISP hosting web sites for a large number of customers.) Each zone should be a "typical" small zone comprising:
    • SOA record
    • two or three NS records (with at least one associated glue record)
    • MX record
    • A/AAAA for labels

  perl --zonename <ZONE NAME SUFFIX> --nzones 1000 --nrr 4 -pa 100 -paaaa 10 --output <DIRECTORY>

If you want to add the zones automatically to OpenDNSSEC then add these flags:

  --addtoksm --config <DIRECTORY> --signeroutput <DIRECTORY> --policy <POLICY NAME>

2 Operations Tests 

2.1 Basic Test 

The basic test runs the system for a period of time (with very short key and signature lifetimes) to check that OpenDNSSEC can:

  • Sign multiple zones
  • Correctly handles key rollovers

It tests a number of the requirements in sections 2.3 (Signing Process) and 2.4 (Key Management) of the requirements document.

3. Other Tests 

3.1 Startup/Shutdown? 

The startup and shutdown test tests the requirements in section 2.2.1 concerning the startup and shutdown of the system.

  • No labels