]> Frank Brehm's Git Trees - config/bruni/etc.git/commitdiff
committing changes in /etc after emerge run
authorfrank <frank@bruni.home.brehm-online.com>
Mon, 16 Jan 2012 20:21:24 +0000 (21:21 +0100)
committerFrank Brehm <root@bruni.home.brehm-online.com>
Mon, 16 Jan 2012 20:21:24 +0000 (21:21 +0100)
Package changes:
+dev-ruby/zonecheck-3.0.4

.etckeeper
zonecheck/afnic.profile [new file with mode: 0644]
zonecheck/de.profile [new file with mode: 0644]
zonecheck/default.profile [new file with mode: 0644]
zonecheck/reverse.profile [new file with mode: 0644]
zonecheck/rootservers [new file with mode: 0644]
zonecheck/zc.conf [new file with mode: 0644]

index bdbb1e32f09525ce6c02d1ba782646489c26151e..5d6ba8eef2a40d337a25be72cc26245988d82f76 100755 (executable)
@@ -1424,3 +1424,10 @@ maybe chmod 0644 './xml/.keep_app-text_docbook-xml-dtd-4.4'
 maybe chmod 0644 './xml/.keep_app-text_docbook-xml-dtd-4.5'
 maybe chmod 0644 './xml/catalog'
 maybe chmod 0644 './xml/docbook'
+maybe chmod 0755 './zonecheck'
+maybe chmod 0644 './zonecheck/afnic.profile'
+maybe chmod 0644 './zonecheck/de.profile'
+maybe chmod 0644 './zonecheck/default.profile'
+maybe chmod 0644 './zonecheck/reverse.profile'
+maybe chmod 0644 './zonecheck/rootservers'
+maybe chmod 0644 './zonecheck/zc.conf'
diff --git a/zonecheck/afnic.profile b/zonecheck/afnic.profile
new file mode 100644 (file)
index 0000000..7dc1a9c
--- /dev/null
@@ -0,0 +1,129 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: afnic.profile,v 1.8 2008/10/29 17:02:11 redon Exp $ -->
+
+  <profile name="afnic"
+           longdesc="delegation under .fr/.re done by AFNIC registry">
+    <const name="registry" value="AFNIC"/>
+
+    <!-- Minimum and maximum for SOA fields -->
+    <!--  min: 0  / max: 2147483647         -->
+    <const name="soa:expire:min"  value="604800"/>
+    <const name="soa:expire:max"  value="60480000"/>
+    <const name="soa:minimum:min" value="180"/>
+    <const name="soa:minimum:max" value="604800"/>
+    <const name="soa:refresh:min" value="3600"/>
+    <const name="soa:refresh:max" value="172800"/>
+    <const name="soa:retry:min"   value="900"/>
+    <const name="soa:retry:max"   value="86400"/>
+
+    <rules class="generic">
+      <!-- Domain name check -->
+      <check name="dn_sntx"     severity="f" category="dns:sntx"/>
+      <check name="dn_orp_hyph" severity="f" category="dns:sntx"/>
+      <check name="dn_dbl_hyph" severity="w" category="dns:sntx"/>
+      <check name="one_ns"      severity="f" category="dns"/>
+      <check name="several_ns"  severity="f" category="dns"/>
+
+      <!-- IP address check -->
+      <check name="ip_distinct"     severity="f" category="ip"/>
+      <check name="ip_all_same_net" severity="w" category="ip"/>
+    </rules>
+
+    <rules class="nameserver">
+      <!-- IP address check -->
+      <check name="ip_private" severity="w" category="ip"/>
+      <check name="ip_bogon"   severity="w" category="ip"/>
+    </rules>
+
+
+    <rules class="address">
+      <!-- Connectivity -->
+      <check name="icmp" severity="w" category="connectivity:l3"/>
+      <check name="udp"  severity="f" category="connectivity:l4"/>
+      <check name="tcp"  severity="f" category="connectivity:l4"/>
+
+      <!-- Interoperability -->
+      <check name="aaaa" severity="f" category="dns:interop"/>
+
+      <!-- SOA -->
+      <check name="soa"                       severity="f" category="dns"/>
+      <check name="soa_auth"                  severity="f" category="dns"/>
+      <check name="given_nsprim_vs_soa"       severity="w" category="dns"/>
+      <check name="soa_master_fq"             severity="w" category="dns:soa"/>
+      <check name="soa_master_sntx"           severity="f" category="dns:soa"/>
+      <check name="soa_contact_sntx_at"       severity="f" category="dns:soa"/>
+      <check name="soa_contact_sntx"          severity="f" category="dns:soa"/>
+      <check name="soa_serial_fmt_YYYYMMDDnn" severity="w" category="dns:soa"/>
+      <check name="soa_expire"                severity="f" category="dns:soa"/>
+      <check name="soa_minimum"               severity="w" category="dns:soa"/>
+      <check name="soa_refresh"               severity="w" category="dns:soa"/>
+      <check name="soa_retry"                 severity="w" category="dns:soa"/>
+      <check name="soa_retry_refresh"         severity="f" category="dns:soa"/>
+      <check name="soa_expire_7refresh"       severity="f" category="dns:soa"/>
+      <check name="soa_ns_cname"              severity="w" category="dns:soa"/>
+      <check name="soa_vs_any"                severity="f" category="dns:soa"/>
+      <check name="soa_coherence_serial"      severity="w" category="dns:soa"/>
+      <check name="soa_coherence_contact"     severity="f" category="dns:soa"/>
+      <check name="soa_coherence_master"      severity="f" category="dns:soa"/>
+      <check name="soa_coherence"             severity="w" category="dns:soa"/>
+
+      <!-- NS -->
+      <check name="ns"                  severity="f" category="dns:ns"/>
+      <check name="ns_auth"             severity="f" category="dns:ns"/>
+      <check name="given_ns_vs_ns"      severity="f" category="dns"/>
+      <check name="ns_sntx"             severity="f" category="dns:ns"/>
+      <check name="ns_cname"            severity="f" category="dns:ns"/>
+      <check name="ns_vs_any"           severity="f" category="dns:ns"/>
+      <check name="ns_ip"               severity="f" category="dns:ns"/>
+      <check name="ns_reverse"          severity="w" category="dns:ns"/>
+      <check name="ns_matching_reverse" severity="w" category="dns:ns"/>
+
+      <case test="mail_by_mx_or_a">
+        <when value="MX">
+          <check name="mx"             severity="f" category="dns:mx"/>
+          <check name="mx_auth"        severity="f" category="dns:mx"/>
+          <check name="mx_sntx"        severity="f" category="dns:mx"/>
+          <check name="mx_cname"       severity="f" category="dns:mx"/>
+          <check name="mx_no_wildcard" severity="i" category="dns:mx"/>
+          <check name="mx_ip"          severity="f" category="dns:mx"/>
+          <check name="mx_vs_any"      severity="f" category="dns:mx"/>
+        </when>
+      </case>
+
+      <check name="correct_recursive_flag" severity="f" category="dns"/>
+
+      <check name="not_recursive" severity="w" category="dns"/>
+
+      <case test="recursive_server">
+        <when value="true">
+          <!-- Loopback -->
+          <check name="loopback_delegation" severity="w" category="dns:loopback"/>
+          <check name="loopback_host"       severity="w" category="dns:loopback"/>
+
+          <!-- Root servers -->
+          <check name="root_servers"             severity="f" category="dns:root"/>
+          <check name="root_servers_ns_vs_icann" severity="f" category="dns:root"/>
+          <check name="root_servers_ip_vs_icann" severity="w" category="dns:root"/>
+        </when>
+      </case>
+    </rules>
+
+    <rules class="extra">
+    <!-- Mail -->
+      <check name="mail_mx_or_addr" severity="w" category="mail"/>
+      <case test="mail_delivery">
+        <when value="nodelivery"/>
+        <else>
+          <check name="mail_delivery_postmaster" severity="w" category="mail:delivery"/>
+        </else>
+      </case>
+      <check name="mail_hostmaster_mx_cname" severity="f" category="mail"/>
+    </rules>
+  </profile>
+
+  <!-- Local Variables: -->
+  <!-- mode: xml        -->
+  <!-- End:             -->
+</config>
diff --git a/zonecheck/de.profile b/zonecheck/de.profile
new file mode 100644 (file)
index 0000000..7e8a5a5
--- /dev/null
@@ -0,0 +1,134 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: de.profile,v 1.6 2010/06/01 15:36:07 chabannf Exp $ -->
+
+  <profile name="de"
+           longdesc="delegation under .de done by DENIC registry">
+    <const name="registry" value="DENIC"/>
+
+    <!-- min: 0  / max: 2147483647 -->
+    <const name="soa:expire:min"  value="604800"/>
+    <const name="soa:expire:max"  value="3600000"/>
+    <const name="soa:minimum:min" value="180"/>
+    <const name="soa:minimum:max" value="345600"/>
+    <const name="soa:refresh:min" value="3600"/>
+    <const name="soa:refresh:max" value="86400"/>
+    <const name="soa:retry:min"   value="900"/>
+    <const name="soa:retry:max"   value="28800"/>
+
+    <rules class="generic">
+      <!-- Domain name check -->
+      <check name="dn_sntx"     severity="f" category="dns:sntx"/>
+      <check name="dn_orp_hyph" severity="f" category="dns:sntx"/>
+      <check name="dn_dbl_hyph" severity="w" category="dns:sntx"/>
+      <check name="one_ns"      severity="f" category="dns"/>
+      <check name="several_ns"  severity="f" category="dns"/>
+
+      <!-- IP address check -->
+      <check name="ip_distinct"     severity="f" category="ip"/>
+      <check name="ip_all_same_net" severity="w" category="ip"/>
+
+      <!-- Interop -->
+      <check name="delegation_udp512" severity="f" category="dns:interop"/>
+      <check name="delegation_udp512_additional" severity="f" category="dns:interop"/>
+    </rules>
+
+    <rules class="nameserver">
+      <!-- IP address check -->
+      <check name="ip_private" severity="w" category="ip"/>
+      <check name="ip_bogon"   severity="w" category="ip"/>
+    </rules>
+
+
+    <rules class="address">
+      <!-- Connectivity -->
+      <check name="icmp" severity="w" category="connectivity:l3"/>
+      <check name="udp"  severity="f" category="connectivity:l4"/>
+      <check name="tcp"  severity="f" category="connectivity:l4"/>
+
+      <!-- Interoperability -->
+      <check name="aaaa"                severity="f" category="dns:interop"/>
+
+      <!-- SOA -->
+      <check name="soa"                 severity="f" category="dns"/>
+      <check name="soa_auth"            severity="f" category="dns"/>
+      <check name="given_nsprim_vs_soa" severity="f" category="dns"/>
+      <check name="soa_master_fq"       severity="w" category="dns:soa"/>
+      <check name="soa_master_sntx"     severity="f" category="dns:soa"/>
+      <check name="soa_contact_sntx_at" severity="f" category="dns:soa"/>
+      <check name="soa_contact_sntx"    severity="f" category="dns:soa"/>
+      <check name="soa_serial_fmt_YYYYMMDDnn" severity="w" category="dns:soa"/>
+      <check name="soa_expire"          severity="f" category="dns:soa"/>
+      <check name="soa_minimum"         severity="w" category="dns:soa"/>
+      <check name="soa_refresh"         severity="w" category="dns:soa"/>
+      <check name="soa_retry"           severity="w" category="dns:soa"/>
+      <check name="soa_retry_refresh"   severity="f" category="dns:soa"/>
+      <check name="soa_expire_7refresh" severity="f" category="dns:soa"/>
+      <check name="soa_ns_cname"        severity="w" category="dns:soa"/>
+      <check name="soa_vs_any"          severity="f" category="dns:soa"/>
+      <check name="soa_coherence_serial" severity="f" category="dns:soa"/>
+      <check name="soa_coherence_contact" severity="f" category="dns:soa"/>
+      <check name="soa_coherence_master" severity="f" category="dns:soa"/>
+      <check name="soa_coherence"       severity="f" category="dns:soa"/>
+
+      <!-- NS -->
+      <check name="ns"             severity="f" category="dns:ns"/>
+      <check name="ns_auth"        severity="f" category="dns:ns"/>
+      <check name="given_ns_vs_ns" severity="f" category="dns"/>
+      <check name="ns_sntx"        severity="f" category="dns:ns"/>
+      <check name="ns_cname"       severity="f" category="dns:ns"/>
+      <check name="ns_vs_any"      severity="f" category="dns:ns"/>
+      <check name="ns_ip"          severity="f" category="dns:ns"/>
+      <check name="ns_reverse"     severity="w" category="dns:ns"/>
+      <check name="ns_matching_reverse" severity="w" category="dns:ns"/>
+
+      <case test="mail_by_mx_or_a">
+        <when value="MX">
+          <check name="mx"             severity="f" category="dns:mx"/>
+          <check name="mx_auth"        severity="f" category="dns:mx"/>
+          <check name="mx_sntx"        severity="f" category="dns:mx"/>
+          <check name="mx_cname"                  severity="f" category="dns:mx"/>
+          <check name="mx_no_wildcard"            severity="i" category="dns:mx"/>
+          <check name="mx_ip"                     severity="f" category="dns:mx"/>
+          <check name="mx_vs_any"                 severity="f" category="dns:mx"/>
+        </when>
+      </case>
+
+      <check name="not_recursive"             severity="w" category="dns"/>
+      <check name="correct_recursive_flag"    severity="f" category="dns"/>
+
+      <case test="recursive_server">
+        <when value="true">
+          <!-- Loopback -->
+          <check name="loopback_delegation"       severity="w" category="dns:loopback"/>
+          <check name="loopback_host"             severity="f" category="dns:loopback"/>
+
+          <!-- Root servers -->
+          <check name="root_servers"              severity="f" category="dns:root"/>
+          <check name="root_servers_ns_vs_icann"  severity="f" category="dns:root"/>
+          <check name="root_servers_ip_vs_icann"  severity="w" category="dns:root"/>
+        </when>
+      </case>
+    </rules>
+
+    <rules class="extra">
+    <!-- Mail -->
+      <check name="mail_mx_or_addr" severity="w" category="mail"/>
+      <case test="mail_delivery">
+        <when value="nodelivery"/>
+        <else>
+          <check name="mail_openrelay_domain"     severity="w" category="mail:openrelay"/>
+          <check name="mail_delivery_postmaster"  severity="w" category="mail:delivery"/>
+        </else>
+      </case>
+      <check name="mail_hostmaster_mx_cname"     severity="f" category="mail"/>
+      <check name="mail_openrelay_hostmaster"    severity="w" category="mail:openrelay"/>
+      <check name="mail_delivery_hostmaster"     severity="f" category="mail:delivery"/>
+    </rules>
+  </profile>
+
+  <!-- Local Variables: -->
+  <!-- mode: xml        -->
+  <!-- End:             -->
+</config>
diff --git a/zonecheck/default.profile b/zonecheck/default.profile
new file mode 100644 (file)
index 0000000..6902e1f
--- /dev/null
@@ -0,0 +1,174 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: default.profile,v 1.7 2010/06/29 13:12:22 chabannf Exp $ -->
+
+  <profile name="default"
+           longdesc="default profile for checking delegations">
+    <const name="registry" value="default"/>
+
+    <rules class="generic">
+      <!-- Domain name check -->
+      <check name="dn_sntx"     severity="f" category="dns:sntx"/>
+      <check name="dn_orp_hyph" severity="f" category="dns:sntx"/>
+      <check name="dn_dbl_hyph" severity="w" category="dns:sntx"/>
+      <check name="one_ns"      severity="f" category="dns">
+        <check name="several_ns"  severity="f" category="dns"/>
+      </check>
+
+      <!-- IP address check -->
+      <check name="ip_distinct"     severity="f" category="ip"/>
+      <check name="ip_all_same_net" severity="w" category="ip"/>
+      <check name="all_same_asn"    severity="w" category="ip"/>
+
+      <!-- Interop -->
+      <check name="delegation_udp512" severity="f" category="dns:interop"/>
+      <check name="delegation_udp512_additional" severity="w" category="dns:interop"/>
+    </rules>
+
+    <rules class="nameserver">
+      <!-- IP address check -->
+      <check name="ip_private" severity="w" category="ip"/>
+      <check name="ip_bogon"   severity="w" category="ip"/>
+    </rules>
+
+
+    <rules class="address">
+      <!-- Connectivity -->
+      <check name="icmp" severity="w" category="connectivity:l3"/>
+      <check name="udp"  severity="f" category="connectivity:l4"/>
+      <check name="tcp"  severity="f" category="connectivity:l4"/>
+
+      <!-- Interoperability -->
+      <check name="aaaa"                severity="f" category="dns:interop"/>
+
+      <!-- SOA -->
+      <check name="soa"                 severity="f" category="dns">
+        <check name="soa_auth"            severity="f" category="dns"/>
+        <check name="given_nsprim_vs_soa" severity="f" category="dns"/>
+        <check name="soa_master_fq"       severity="w" category="dns:soa"/>
+        <check name="soa_master_sntx"     severity="f" category="dns:soa"/>
+        <check name="soa_contact_sntx_at" severity="f" category="dns:soa"/>
+        <check name="soa_contact_sntx"    severity="f" category="dns:soa"/>
+        <check name="soa_serial_fmt_YYYYMMDDnn" severity="w" category="dns:soa"/>
+        <check name="soa_expire"          severity="f" category="dns:soa"/>
+        <check name="soa_minimum"         severity="w" category="dns:soa"/>
+        <check name="soa_refresh"         severity="w" category="dns:soa"/>
+        <check name="soa_retry"           severity="w" category="dns:soa"/>
+        <check name="soa_retry_refresh"   severity="f" category="dns:soa"/>
+        <check name="soa_expire_7refresh" severity="f" category="dns:soa"/>
+        <check name="soa_ns_cname"        severity="w" category="dns:soa"/>
+        <check name="soa_vs_any"          severity="f"      category="dns:soa"/>
+        <check name="soa_drift_serial"    severity="w" category="dns:soa"/>
+        <check name="soa_coherence_serial" severity="f" category="dns:soa"/>
+        <check name="soa_coherence_contact" severity="f" category="dns:soa"/>
+        <check name="soa_coherence_master" severity="w" category="dns:soa"/>
+        <check name="soa_coherence"       severity="w" category="dns:soa"/>
+      </check>
+
+      <!-- NS -->
+      <check name="ns"             severity="f" category="dns:ns">
+           <check name="ns_auth"        severity="f" category="dns:ns"/>
+           <check name="given_ns_vs_ns" severity="f" category="dns"/>
+           <check name="ns_sntx"        severity="f" category="dns:ns"/>
+           <check name="ns_cname"       severity="f" category="dns:ns"/>
+           <check name="ns_vs_any"      severity="f" category="dns:ns"/>
+           <check name="ns_ip"          severity="f" category="dns:ns"/>
+           <check name="ns_reverse"     severity="w" category="dns:ns"/>
+           <check name="ns_matching_reverse" severity="w" category="dns:ns"/>
+      </check>
+
+      <case test="mail_by_mx_or_a">
+        <when value="MX">
+          <check name="mx"             severity="f" category="dns:mx">
+            <check name="mx_auth"        severity="f" category="dns:mx"/>
+            <check name="mx_sntx"        severity="f" category="dns:mx"/>
+            <check name="mx_cname"                  severity="f" category="dns:mx"/>
+            <check name="mx_no_wildcard"            severity="i" category="dns:mx"/>
+            <check name="mx_ip"                     severity="f" category="dns:mx"/>
+            <check name="mx_vs_any"                 severity="f" category="dns:mx"/>
+          </check>
+        </when>
+      </case>
+
+      <check name="correct_recursive_flag"    severity="f" category="dns"/>
+
+      <case test="recursive_server">
+        <when value="true">
+          <!-- Loopback -->
+          <check name="loopback_delegation"       severity="w" category="dns:loopback"/>
+          <check name="loopback_host"             severity="f" category="dns:loopback"/>
+
+          <!-- Root servers -->
+          <check name="root_servers"              severity="f" category="dns:root">
+            <check name="root_servers_ns_vs_icann"  severity="f" category="dns:root"/>
+            <check name="root_servers_ip_vs_icann"  severity="w" category="dns:root"/>
+          </check>
+        </when>
+      </case>
+    </rules>
+    
+   
+    <rules class="extra">
+    <!-- Mail -->
+      <check name="mail_mx_or_addr" severity="w" category="mail"/>
+      <case test="mail_delivery">
+        <when value="nodelivery"/>
+        <else>
+          <check name="mail_openrelay_domain"     severity="w" category="mail:openrelay"/>
+          <check name="mail_delivery_postmaster"  severity="w" category="mail:delivery"/>
+        </else>
+      </case>
+      <check name="mail_hostmaster_mx_cname"     severity="f" category="mail"/>
+      <check name="mail_openrelay_hostmaster"    severity="w" category="mail:openrelay"/>
+      <check name="mail_delivery_hostmaster"     severity="f" category="mail:delivery"/>
+    </rules>
+    
+    <rules class="dnssec">
+      <case test="dnssec_policy">
+      <when value="full">
+        <case test="a_ds_or_dnskey_is_given">
+        <when value="true">
+          <check name="ds_and_dnskey_coherence" severity="f" category="dns:dnssec"/>
+        </when>
+        </case>
+        <check name="edns" severity="f" category="dns:dnssec">
+          <check name="one_dnskey"         severity="f" category="dns:dnssec">
+            <check name="several_dnskey"         severity="w" category="dns:dnssec"/>
+          </check>
+          <check name="has_soa_rrsig"      severity="f" category="dns:dnssec">
+            <check name="zsk_and_ksk"            severity="w" category="dns:dnssec"/>
+            <check name="key_length"             severity="w" category="dns:dnssec"/>
+            <check name="soa_rrsig_expiration"   severity="w" category="dns:dnssec"/>
+            <check name="soa_rrsig_validity_period" severity="w" category="dns:dnssec"/>
+            <check name="algorithm"              severity="w" category="dns:dnssec">
+              <check name="verify_soa_rrsig"       severity="f" category="dns:dnssec"/>
+            </check>
+          </check>
+        </check>
+      </when>
+      <when value="lax">
+        <check name="edns" severity="w" category="dns:dnssec">
+          <check name="one_dnskey"         severity="w" category="dns:dnssec">
+            <check name="several_dnskey"         severity="w" category="dns:dnssec"/>
+          </check>
+          <check name="has_soa_rrsig"      severity="w" category="dns:dnssec">
+            <check name="zsk_and_ksk"            severity="w" category="dns:dnssec"/>
+            <check name="key_length"             severity="w" category="dns:dnssec"/>
+            <check name="soa_rrsig_expiration"   severity="w" category="dns:dnssec"/>
+            <check name="soa_rrsig_validity_period" severity="w" category="dns:dnssec"/>
+            <check name="algorithm"              severity="w" category="dns:dnssec">
+              <check name="verify_soa_rrsig"       severity="w" category="dns:dnssec"/>
+            </check>
+          </check>
+           </check>
+      </when>
+         </case>
+    </rules>
+    
+  </profile>
+
+  <!-- Local Variables: -->
+  <!-- mode: xml        -->
+  <!-- End:             -->
+</config>
diff --git a/zonecheck/reverse.profile b/zonecheck/reverse.profile
new file mode 100644 (file)
index 0000000..2b5dc0d
--- /dev/null
@@ -0,0 +1,108 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: reverse.profile,v 1.4 2010/06/01 15:36:07 chabannf Exp $ -->
+
+  <profile name="reverse"
+           longdesc="default profile for checking reverse delegations">
+    <const name="registry" value="reverse"/>
+
+    <rules class="generic">
+      <!-- Domain name check -->
+      <check name="dn_sntx"     severity="f" category="dns:sntx"/>
+      <check name="dn_orp_hyph" severity="f" category="dns:sntx"/>
+      <check name="dn_dbl_hyph" severity="w" category="dns:sntx"/>
+      <check name="one_ns"      severity="f" category="dns"/>
+      <check name="several_ns"  severity="f" category="dns"/>
+
+      <!-- IP address check -->
+      <check name="ip_distinct"     severity="f" category="ip"/>
+      <check name="ip_all_same_net" severity="w" category="ip"/>
+    </rules>
+
+
+    <rules class="nameserver">
+      <!-- IP address check -->
+      <check name="ip_private" severity="w" category="ip"/>
+      <check name="ip_bogon"   severity="w" category="ip"/>
+    </rules>
+
+
+    <rules class="address">
+      <!-- Connectivity -->
+      <check name="icmp" severity="w" category="connectivity:l3"/>
+      <check name="udp"  severity="f" category="connectivity:l4"/>
+      <check name="tcp"  severity="f" category="connectivity:l4"/>
+
+      <!-- Interoperability -->
+      <check name="aaaa"                severity="f" category="dns:interop"/>
+
+      <!-- SOA -->
+      <check name="soa"                 severity="f" category="dns"/>
+      <check name="soa_auth"            severity="f" category="dns"/>
+      <check name="given_nsprim_vs_soa" severity="f" category="dns"/>
+      <check name="soa_master_fq"       severity="w" category="dns:soa"/>
+      <check name="soa_master_sntx"     severity="f" category="dns:soa"/>
+      <check name="soa_contact_sntx_at" severity="f" category="dns:soa"/>
+      <check name="soa_contact_sntx"    severity="f" category="dns:soa"/>
+      <check name="soa_serial_fmt_YYYYMMDDnn" severity="w" category="dns:soa"/>
+      <check name="soa_expire"          severity="f" category="dns:soa"/>
+      <check name="soa_minimum"         severity="w" category="dns:soa"/>
+      <check name="soa_refresh"         severity="w" category="dns:soa"/>
+      <check name="soa_retry"           severity="w" category="dns:soa"/>
+      <check name="soa_retry_refresh"   severity="f" category="dns:soa"/>
+      <check name="soa_expire_7refresh" severity="f" category="dns:soa"/>
+      <check name="soa_ns_cname"        severity="w" category="dns:soa"/>
+      <check name="soa_vs_any"          severity="f" category="dns:soa"/>
+      <check name="soa_coherence_serial" severity="f" category="dns:soa"/>
+      <check name="soa_coherence_contact" severity="f" category="dns:soa"/>
+      <check name="soa_coherence_master" severity="f" category="dns:soa"/>
+      <check name="soa_coherence"       severity="f" category="dns:soa"/>
+
+      <!-- NS -->
+      <check name="ns"             severity="f" category="dns:ns"/>
+      <check name="ns_auth"        severity="f" category="dns:ns"/>
+      <check name="given_ns_vs_ns" severity="f" category="dns"/>
+      <check name="ns_sntx"        severity="f" category="dns:ns"/>
+      <check name="ns_cname"       severity="f" category="dns:ns"/>
+      <check name="ns_vs_any"      severity="f" category="dns:ns"/>
+      <check name="ns_ip"          severity="f" category="dns:ns"/>
+      <check name="ns_reverse"     severity="w" category="dns:ns"/>
+      <check name="ns_matching_reverse" severity="w" category="dns:ns"/>
+
+      <case test="mail_by_mx_or_a">
+        <when value="MX">
+          <check name="mx"             severity="f" category="dns:mx"/>
+          <check name="mx_auth"        severity="f" category="dns:mx"/>
+          <check name="mx_sntx"        severity="f" category="dns:mx"/>
+          <check name="mx_cname"                  severity="f" category="dns:mx"/>
+          <check name="mx_no_wildcard"            severity="i" category="dns:mx"/>
+          <check name="mx_ip"                     severity="f" category="dns:mx"/>
+          <check name="mx_vs_any"                 severity="f" category="dns:mx"/>
+        </when>
+      </case>
+
+      <check name="correct_recursive_flag"    severity="f" category="dns"/>
+
+      <case test="recursive_server">
+        <when value="true">
+          <!-- Loopback -->
+          <check name="loopback_delegation"       severity="w" category="dns:loopback"/>
+          <check name="loopback_host"             severity="f" category="dns:loopback"/>
+
+          <!-- Root servers -->
+          <check name="root_servers"              severity="f" category="dns:root"/>
+          <check name="root_servers_ns_vs_icann"  severity="f" category="dns:root"/>
+          <check name="root_servers_ip_vs_icann"  severity="w" category="dns:root"/>
+        </when>
+      </case>
+    </rules>
+
+
+    <rules class="extra"/>
+  </profile>
+
+  <!-- Local Variables: -->
+  <!-- mode: xml        -->
+  <!-- End:             -->
+</config>
diff --git a/zonecheck/rootservers b/zonecheck/rootservers
new file mode 100644 (file)
index 0000000..239cd20
--- /dev/null
@@ -0,0 +1,31 @@
+# $Id: rootservers,v 1.8 2010/06/18 13:28:09 bortzmeyer Exp $
+# 
+# This file is in YAML format 
+#   ( for more information about YAML see: http://yaml.org/ )
+# 
+# Tips:
+#   - don't use tabulation
+#   - don't forget the final dot of the name servers
+#
+#
+# This list can be generated by the following shell-script (sh):
+#
+#  for ns in `dig +short . ns | tr 'A-Z' 'a-z' | sort` ; do
+#    ips=`(dig +short $ns a; dig +short $ns aaaa) | tr '\n' ',' | sed 's/,$//'`
+#    echo "$ns: [ $ips ]"
+#  done
+# TODO: bad syntax?
+
+a.root-servers.net.: [ 198.41.0.4 , 2001:503:ba3e::2:30 ]
+b.root-servers.net.: [ 192.228.79.201 ]
+c.root-servers.net.: [ 192.33.4.12 ]
+d.root-servers.net.: [ 128.8.10.90 ]
+e.root-servers.net.: [ 192.203.230.10 ]
+f.root-servers.net.: [ 192.5.5.241 , 2001:500:2f::f ]
+g.root-servers.net.: [ 192.112.36.4 ]
+h.root-servers.net.: [ 128.63.2.53 , 2001:500:1::803f:235 ]
+i.root-servers.net.: [ 192.36.148.17, 2001:7FE:0:0:0:0:0:53 ]
+j.root-servers.net.: [ 192.58.128.30 , 2001:503:c27::2:30 ]
+k.root-servers.net.: [ 193.0.14.129 , 2001:7fd::1 ]
+l.root-servers.net.: [ 199.7.83.42 , 2001:500:3::42 ]
+m.root-servers.net.: [ 202.12.27.33 , 2001:dc3::35 ]
diff --git a/zonecheck/zc.conf b/zonecheck/zc.conf
new file mode 100644 (file)
index 0000000..d7fc6b9
--- /dev/null
@@ -0,0 +1,122 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: zc.conf,v 1.23 2010/06/17 08:22:56 chabannf Exp $ -->
+
+  <!-- [ Preset configurations ]                                      -->
+  <!--                                                                -->
+  <!--   Can be reverted                                              -->
+  <!--     verbose: intro,testname,explain,details,reportok,fatalonly -->
+  <!--              testdesc,counter                                  -->
+  <!--     transp : ipv4,ipv6,udp,tcp,std                             -->
+  <!--     output : byseverity,byhost,text,html                       -->
+  <!--     error  : allfatal,allwarning,dfltseverity,stop,nostop      -->
+  <!--   Cannot be reverted                                           -->
+  <!--     quiet  : any values enable this mode                       -->
+  <!--     one    : any values enable this mode                       -->
+  <!--                                                                -->
+  <preset name="default">
+    <param name="verbose" value="explain,details,intro,counter"/>
+  </preset>
+
+  <preset name="verbose">
+    <param name="transp"  value="ipv4,ipv6,std"/>
+    <param name="output"  value="byseverity,text"/>
+    <param name="verbose" value="explain,details,intro,counter"/>
+    <param name="error"   value="dfltseverity"/>
+  </preset>
+
+  <preset name="minimal">
+    <param name="verbose" value="explain,details,fatalonly"/>
+    <param name="error"   value="stop"/>
+    <param name="quiet"   value=""/>
+  </preset>
+
+
+  <!-- [ Constants ]                                                  -->
+  <!--                                                                -->
+  <!-- We are providing here default values that can be               -->
+  <!-- overwritten in the different profiles                          -->
+  <!--                                                                -->
+
+  <!-- For connectivity testing -->
+  <!--  the '%s' will be replaced by the IP address -->
+  <const name="ping4" value="ping  -n -q -w 5 -c 5 %s >/dev/null"/>
+  <const name="ping6" value="ping6 -n -q -w 5 -c 5 %s >/dev/null"/>
+
+  <const name="dnsruby:retrytimes" value="1"/>
+  <const name="dnsruby:retrydelay" value="1"/>
+  <const name="dnsruby:querytimeout" value="2"/>
+
+  <!-- For openrelay testing -->
+  <const name="fake_mail_user" value="zonecheck"/>
+  <const name="fake_mail_dest" value="nic.fr"/>
+  <const name="fake_mail_from" value="afnic.fr"/>
+  <const name="fake_mail_host" value="relay2.nic.fr"/>
+
+  <!-- For delegation in 512 bytes tests -->
+  <const name="inexistant_hostname"   value="doesntexist"/>
+  <const name="delegation_query_size" value="255"/>
+
+  <!-- Minimum and maximum for SOA fields -->
+  <!--  min: 0  / max: 2147483647         -->
+  <const name="soa:expire:min"  value="604800"/>
+  <const name="soa:expire:max"  value="3628800"/>
+  <const name="soa:minimum:min" value="180"/>
+  <const name="soa:minimum:max" value="604800"/>
+  <const name="soa:refresh:min" value="3600"/>
+  <const name="soa:refresh:max" value="172800"/>
+  <const name="soa:retry:min"   value="900"/>
+  <const name="soa:retry:max"   value="86400"/>
+  <const name="rrsig:validityperiod:min"   value="259560"/>
+  <const name="rrsig:validityperiod:max"   value="16070400"/>
+
+  <!-- Allowed serial drift for SOA                                   -->
+  <!--  . A drift of the serial number can be allowed between         -->
+  <!--    the master and its slaves, to try avoiding reporting errors -->
+  <!--    due to the zone transfert being done                        -->
+  <!--  . If the serial follow rfc1912 recommandation and use the     -->
+  <!--    YYYYMMDDnn format the soa:serial:drift_days will be applied -->
+  <!--    otherwise the soa:serial:drift_ticks                        -->
+  <!--  Value must be >= 0 (use carefully)                            -->
+  <const name="soa:serial:drift_days"  value="200"/>
+  <const name="soa:serial:drift_ticks" value="100"/>
+
+  <!-- SMTP testing                                                   -->
+  <!-- The following timeout value (in seconds) can be specified      -->
+  <!--  . open: time allowed to TCP for establishing the connection   -->
+  <!--  . session: time allowed for the whole session                 -->
+  <!--     (note: time required for establishing the TCP session      -->
+  <!--      is not taken into account)                                -->
+  <const name="smtp:open:timeout"    value="10"/>
+  <const name="smtp:session:timeout" value="40"/>
+
+  <!-- [ Mapping ]                                                    -->
+  <!--                                                                -->
+  <!-- Allow to automatically apply a particular test profile         -->
+  <!--  by looking at the zone in which the domain belongs            -->
+  <!--                                                                -->
+
+  <!-- Reverse -->
+  <map zone="in-addr.arpa." profile="reverse"/>
+  <map zone="ip6.arpa."     profile="reverse"/>
+  <map zone="ip6.int."      profile="reverse"/>
+
+  <!-- TLD / ccTLD -->
+  <!--  You need to realize that you can obtain different results    -->
+  <!--   for the same zone configuration if they belong to different -->
+  <!--   TLD /ccTLD as they will now use a different profile         -->
+  <!--  Now that you have been informed, you can uncomment the       -->
+  <!--   following lines                                             -->
+<!--  <map zone="fr."           profile="afnic"/> -->
+<!--  <map zone="re."           profile="afnic"/> -->
+<!--  <map zone="de."           profile="de"/>    -->
+
+  <!-- Default -->
+  <map zone="."             profile="default"/>
+
+
+  <!-- Local Variables: -->
+  <!-- mode: xml        -->
+  <!-- End:             -->
+</config>