maybe chmod 0644 './xml/.keep_app-text_docbook-xml-dtd-4.5'
maybe chmod 0644 './xml/catalog'
maybe chmod 0644 './xml/docbook'
+maybe chmod 0755 './zonecheck'
+maybe chmod 0644 './zonecheck/afnic.profile'
+maybe chmod 0644 './zonecheck/de.profile'
+maybe chmod 0644 './zonecheck/default.profile'
+maybe chmod 0644 './zonecheck/reverse.profile'
+maybe chmod 0644 './zonecheck/rootservers'
+maybe chmod 0644 './zonecheck/zc.conf'
--- /dev/null
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: afnic.profile,v 1.8 2008/10/29 17:02:11 redon Exp $ -->
+
+ <profile name="afnic"
+ longdesc="delegation under .fr/.re done by AFNIC registry">
+ <const name="registry" value="AFNIC"/>
+
+ <!-- Minimum and maximum for SOA fields -->
+ <!-- min: 0 / max: 2147483647 -->
+ <const name="soa:expire:min" value="604800"/>
+ <const name="soa:expire:max" value="60480000"/>
+ <const name="soa:minimum:min" value="180"/>
+ <const name="soa:minimum:max" value="604800"/>
+ <const name="soa:refresh:min" value="3600"/>
+ <const name="soa:refresh:max" value="172800"/>
+ <const name="soa:retry:min" value="900"/>
+ <const name="soa:retry:max" value="86400"/>
+
+ <rules class="generic">
+ <!-- Domain name check -->
+ <check name="dn_sntx" severity="f" category="dns:sntx"/>
+ <check name="dn_orp_hyph" severity="f" category="dns:sntx"/>
+ <check name="dn_dbl_hyph" severity="w" category="dns:sntx"/>
+ <check name="one_ns" severity="f" category="dns"/>
+ <check name="several_ns" severity="f" category="dns"/>
+
+ <!-- IP address check -->
+ <check name="ip_distinct" severity="f" category="ip"/>
+ <check name="ip_all_same_net" severity="w" category="ip"/>
+ </rules>
+
+ <rules class="nameserver">
+ <!-- IP address check -->
+ <check name="ip_private" severity="w" category="ip"/>
+ <check name="ip_bogon" severity="w" category="ip"/>
+ </rules>
+
+
+ <rules class="address">
+ <!-- Connectivity -->
+ <check name="icmp" severity="w" category="connectivity:l3"/>
+ <check name="udp" severity="f" category="connectivity:l4"/>
+ <check name="tcp" severity="f" category="connectivity:l4"/>
+
+ <!-- Interoperability -->
+ <check name="aaaa" severity="f" category="dns:interop"/>
+
+ <!-- SOA -->
+ <check name="soa" severity="f" category="dns"/>
+ <check name="soa_auth" severity="f" category="dns"/>
+ <check name="given_nsprim_vs_soa" severity="w" category="dns"/>
+ <check name="soa_master_fq" severity="w" category="dns:soa"/>
+ <check name="soa_master_sntx" severity="f" category="dns:soa"/>
+ <check name="soa_contact_sntx_at" severity="f" category="dns:soa"/>
+ <check name="soa_contact_sntx" severity="f" category="dns:soa"/>
+ <check name="soa_serial_fmt_YYYYMMDDnn" severity="w" category="dns:soa"/>
+ <check name="soa_expire" severity="f" category="dns:soa"/>
+ <check name="soa_minimum" severity="w" category="dns:soa"/>
+ <check name="soa_refresh" severity="w" category="dns:soa"/>
+ <check name="soa_retry" severity="w" category="dns:soa"/>
+ <check name="soa_retry_refresh" severity="f" category="dns:soa"/>
+ <check name="soa_expire_7refresh" severity="f" category="dns:soa"/>
+ <check name="soa_ns_cname" severity="w" category="dns:soa"/>
+ <check name="soa_vs_any" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_serial" severity="w" category="dns:soa"/>
+ <check name="soa_coherence_contact" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_master" severity="f" category="dns:soa"/>
+ <check name="soa_coherence" severity="w" category="dns:soa"/>
+
+ <!-- NS -->
+ <check name="ns" severity="f" category="dns:ns"/>
+ <check name="ns_auth" severity="f" category="dns:ns"/>
+ <check name="given_ns_vs_ns" severity="f" category="dns"/>
+ <check name="ns_sntx" severity="f" category="dns:ns"/>
+ <check name="ns_cname" severity="f" category="dns:ns"/>
+ <check name="ns_vs_any" severity="f" category="dns:ns"/>
+ <check name="ns_ip" severity="f" category="dns:ns"/>
+ <check name="ns_reverse" severity="w" category="dns:ns"/>
+ <check name="ns_matching_reverse" severity="w" category="dns:ns"/>
+
+ <case test="mail_by_mx_or_a">
+ <when value="MX">
+ <check name="mx" severity="f" category="dns:mx"/>
+ <check name="mx_auth" severity="f" category="dns:mx"/>
+ <check name="mx_sntx" severity="f" category="dns:mx"/>
+ <check name="mx_cname" severity="f" category="dns:mx"/>
+ <check name="mx_no_wildcard" severity="i" category="dns:mx"/>
+ <check name="mx_ip" severity="f" category="dns:mx"/>
+ <check name="mx_vs_any" severity="f" category="dns:mx"/>
+ </when>
+ </case>
+
+ <check name="correct_recursive_flag" severity="f" category="dns"/>
+
+ <check name="not_recursive" severity="w" category="dns"/>
+
+ <case test="recursive_server">
+ <when value="true">
+ <!-- Loopback -->
+ <check name="loopback_delegation" severity="w" category="dns:loopback"/>
+ <check name="loopback_host" severity="w" category="dns:loopback"/>
+
+ <!-- Root servers -->
+ <check name="root_servers" severity="f" category="dns:root"/>
+ <check name="root_servers_ns_vs_icann" severity="f" category="dns:root"/>
+ <check name="root_servers_ip_vs_icann" severity="w" category="dns:root"/>
+ </when>
+ </case>
+ </rules>
+
+ <rules class="extra">
+ <!-- Mail -->
+ <check name="mail_mx_or_addr" severity="w" category="mail"/>
+ <case test="mail_delivery">
+ <when value="nodelivery"/>
+ <else>
+ <check name="mail_delivery_postmaster" severity="w" category="mail:delivery"/>
+ </else>
+ </case>
+ <check name="mail_hostmaster_mx_cname" severity="f" category="mail"/>
+ </rules>
+ </profile>
+
+ <!-- Local Variables: -->
+ <!-- mode: xml -->
+ <!-- End: -->
+</config>
--- /dev/null
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: de.profile,v 1.6 2010/06/01 15:36:07 chabannf Exp $ -->
+
+ <profile name="de"
+ longdesc="delegation under .de done by DENIC registry">
+ <const name="registry" value="DENIC"/>
+
+ <!-- min: 0 / max: 2147483647 -->
+ <const name="soa:expire:min" value="604800"/>
+ <const name="soa:expire:max" value="3600000"/>
+ <const name="soa:minimum:min" value="180"/>
+ <const name="soa:minimum:max" value="345600"/>
+ <const name="soa:refresh:min" value="3600"/>
+ <const name="soa:refresh:max" value="86400"/>
+ <const name="soa:retry:min" value="900"/>
+ <const name="soa:retry:max" value="28800"/>
+
+ <rules class="generic">
+ <!-- Domain name check -->
+ <check name="dn_sntx" severity="f" category="dns:sntx"/>
+ <check name="dn_orp_hyph" severity="f" category="dns:sntx"/>
+ <check name="dn_dbl_hyph" severity="w" category="dns:sntx"/>
+ <check name="one_ns" severity="f" category="dns"/>
+ <check name="several_ns" severity="f" category="dns"/>
+
+ <!-- IP address check -->
+ <check name="ip_distinct" severity="f" category="ip"/>
+ <check name="ip_all_same_net" severity="w" category="ip"/>
+
+ <!-- Interop -->
+ <check name="delegation_udp512" severity="f" category="dns:interop"/>
+ <check name="delegation_udp512_additional" severity="f" category="dns:interop"/>
+ </rules>
+
+ <rules class="nameserver">
+ <!-- IP address check -->
+ <check name="ip_private" severity="w" category="ip"/>
+ <check name="ip_bogon" severity="w" category="ip"/>
+ </rules>
+
+
+ <rules class="address">
+ <!-- Connectivity -->
+ <check name="icmp" severity="w" category="connectivity:l3"/>
+ <check name="udp" severity="f" category="connectivity:l4"/>
+ <check name="tcp" severity="f" category="connectivity:l4"/>
+
+ <!-- Interoperability -->
+ <check name="aaaa" severity="f" category="dns:interop"/>
+
+ <!-- SOA -->
+ <check name="soa" severity="f" category="dns"/>
+ <check name="soa_auth" severity="f" category="dns"/>
+ <check name="given_nsprim_vs_soa" severity="f" category="dns"/>
+ <check name="soa_master_fq" severity="w" category="dns:soa"/>
+ <check name="soa_master_sntx" severity="f" category="dns:soa"/>
+ <check name="soa_contact_sntx_at" severity="f" category="dns:soa"/>
+ <check name="soa_contact_sntx" severity="f" category="dns:soa"/>
+ <check name="soa_serial_fmt_YYYYMMDDnn" severity="w" category="dns:soa"/>
+ <check name="soa_expire" severity="f" category="dns:soa"/>
+ <check name="soa_minimum" severity="w" category="dns:soa"/>
+ <check name="soa_refresh" severity="w" category="dns:soa"/>
+ <check name="soa_retry" severity="w" category="dns:soa"/>
+ <check name="soa_retry_refresh" severity="f" category="dns:soa"/>
+ <check name="soa_expire_7refresh" severity="f" category="dns:soa"/>
+ <check name="soa_ns_cname" severity="w" category="dns:soa"/>
+ <check name="soa_vs_any" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_serial" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_contact" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_master" severity="f" category="dns:soa"/>
+ <check name="soa_coherence" severity="f" category="dns:soa"/>
+
+ <!-- NS -->
+ <check name="ns" severity="f" category="dns:ns"/>
+ <check name="ns_auth" severity="f" category="dns:ns"/>
+ <check name="given_ns_vs_ns" severity="f" category="dns"/>
+ <check name="ns_sntx" severity="f" category="dns:ns"/>
+ <check name="ns_cname" severity="f" category="dns:ns"/>
+ <check name="ns_vs_any" severity="f" category="dns:ns"/>
+ <check name="ns_ip" severity="f" category="dns:ns"/>
+ <check name="ns_reverse" severity="w" category="dns:ns"/>
+ <check name="ns_matching_reverse" severity="w" category="dns:ns"/>
+
+ <case test="mail_by_mx_or_a">
+ <when value="MX">
+ <check name="mx" severity="f" category="dns:mx"/>
+ <check name="mx_auth" severity="f" category="dns:mx"/>
+ <check name="mx_sntx" severity="f" category="dns:mx"/>
+ <check name="mx_cname" severity="f" category="dns:mx"/>
+ <check name="mx_no_wildcard" severity="i" category="dns:mx"/>
+ <check name="mx_ip" severity="f" category="dns:mx"/>
+ <check name="mx_vs_any" severity="f" category="dns:mx"/>
+ </when>
+ </case>
+
+ <check name="not_recursive" severity="w" category="dns"/>
+ <check name="correct_recursive_flag" severity="f" category="dns"/>
+
+ <case test="recursive_server">
+ <when value="true">
+ <!-- Loopback -->
+ <check name="loopback_delegation" severity="w" category="dns:loopback"/>
+ <check name="loopback_host" severity="f" category="dns:loopback"/>
+
+ <!-- Root servers -->
+ <check name="root_servers" severity="f" category="dns:root"/>
+ <check name="root_servers_ns_vs_icann" severity="f" category="dns:root"/>
+ <check name="root_servers_ip_vs_icann" severity="w" category="dns:root"/>
+ </when>
+ </case>
+ </rules>
+
+ <rules class="extra">
+ <!-- Mail -->
+ <check name="mail_mx_or_addr" severity="w" category="mail"/>
+ <case test="mail_delivery">
+ <when value="nodelivery"/>
+ <else>
+ <check name="mail_openrelay_domain" severity="w" category="mail:openrelay"/>
+ <check name="mail_delivery_postmaster" severity="w" category="mail:delivery"/>
+ </else>
+ </case>
+ <check name="mail_hostmaster_mx_cname" severity="f" category="mail"/>
+ <check name="mail_openrelay_hostmaster" severity="w" category="mail:openrelay"/>
+ <check name="mail_delivery_hostmaster" severity="f" category="mail:delivery"/>
+ </rules>
+ </profile>
+
+ <!-- Local Variables: -->
+ <!-- mode: xml -->
+ <!-- End: -->
+</config>
--- /dev/null
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: default.profile,v 1.7 2010/06/29 13:12:22 chabannf Exp $ -->
+
+ <profile name="default"
+ longdesc="default profile for checking delegations">
+ <const name="registry" value="default"/>
+
+ <rules class="generic">
+ <!-- Domain name check -->
+ <check name="dn_sntx" severity="f" category="dns:sntx"/>
+ <check name="dn_orp_hyph" severity="f" category="dns:sntx"/>
+ <check name="dn_dbl_hyph" severity="w" category="dns:sntx"/>
+ <check name="one_ns" severity="f" category="dns">
+ <check name="several_ns" severity="f" category="dns"/>
+ </check>
+
+ <!-- IP address check -->
+ <check name="ip_distinct" severity="f" category="ip"/>
+ <check name="ip_all_same_net" severity="w" category="ip"/>
+ <check name="all_same_asn" severity="w" category="ip"/>
+
+ <!-- Interop -->
+ <check name="delegation_udp512" severity="f" category="dns:interop"/>
+ <check name="delegation_udp512_additional" severity="w" category="dns:interop"/>
+ </rules>
+
+ <rules class="nameserver">
+ <!-- IP address check -->
+ <check name="ip_private" severity="w" category="ip"/>
+ <check name="ip_bogon" severity="w" category="ip"/>
+ </rules>
+
+
+ <rules class="address">
+ <!-- Connectivity -->
+ <check name="icmp" severity="w" category="connectivity:l3"/>
+ <check name="udp" severity="f" category="connectivity:l4"/>
+ <check name="tcp" severity="f" category="connectivity:l4"/>
+
+ <!-- Interoperability -->
+ <check name="aaaa" severity="f" category="dns:interop"/>
+
+ <!-- SOA -->
+ <check name="soa" severity="f" category="dns">
+ <check name="soa_auth" severity="f" category="dns"/>
+ <check name="given_nsprim_vs_soa" severity="f" category="dns"/>
+ <check name="soa_master_fq" severity="w" category="dns:soa"/>
+ <check name="soa_master_sntx" severity="f" category="dns:soa"/>
+ <check name="soa_contact_sntx_at" severity="f" category="dns:soa"/>
+ <check name="soa_contact_sntx" severity="f" category="dns:soa"/>
+ <check name="soa_serial_fmt_YYYYMMDDnn" severity="w" category="dns:soa"/>
+ <check name="soa_expire" severity="f" category="dns:soa"/>
+ <check name="soa_minimum" severity="w" category="dns:soa"/>
+ <check name="soa_refresh" severity="w" category="dns:soa"/>
+ <check name="soa_retry" severity="w" category="dns:soa"/>
+ <check name="soa_retry_refresh" severity="f" category="dns:soa"/>
+ <check name="soa_expire_7refresh" severity="f" category="dns:soa"/>
+ <check name="soa_ns_cname" severity="w" category="dns:soa"/>
+ <check name="soa_vs_any" severity="f" category="dns:soa"/>
+ <check name="soa_drift_serial" severity="w" category="dns:soa"/>
+ <check name="soa_coherence_serial" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_contact" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_master" severity="w" category="dns:soa"/>
+ <check name="soa_coherence" severity="w" category="dns:soa"/>
+ </check>
+
+ <!-- NS -->
+ <check name="ns" severity="f" category="dns:ns">
+ <check name="ns_auth" severity="f" category="dns:ns"/>
+ <check name="given_ns_vs_ns" severity="f" category="dns"/>
+ <check name="ns_sntx" severity="f" category="dns:ns"/>
+ <check name="ns_cname" severity="f" category="dns:ns"/>
+ <check name="ns_vs_any" severity="f" category="dns:ns"/>
+ <check name="ns_ip" severity="f" category="dns:ns"/>
+ <check name="ns_reverse" severity="w" category="dns:ns"/>
+ <check name="ns_matching_reverse" severity="w" category="dns:ns"/>
+ </check>
+
+ <case test="mail_by_mx_or_a">
+ <when value="MX">
+ <check name="mx" severity="f" category="dns:mx">
+ <check name="mx_auth" severity="f" category="dns:mx"/>
+ <check name="mx_sntx" severity="f" category="dns:mx"/>
+ <check name="mx_cname" severity="f" category="dns:mx"/>
+ <check name="mx_no_wildcard" severity="i" category="dns:mx"/>
+ <check name="mx_ip" severity="f" category="dns:mx"/>
+ <check name="mx_vs_any" severity="f" category="dns:mx"/>
+ </check>
+ </when>
+ </case>
+
+ <check name="correct_recursive_flag" severity="f" category="dns"/>
+
+ <case test="recursive_server">
+ <when value="true">
+ <!-- Loopback -->
+ <check name="loopback_delegation" severity="w" category="dns:loopback"/>
+ <check name="loopback_host" severity="f" category="dns:loopback"/>
+
+ <!-- Root servers -->
+ <check name="root_servers" severity="f" category="dns:root">
+ <check name="root_servers_ns_vs_icann" severity="f" category="dns:root"/>
+ <check name="root_servers_ip_vs_icann" severity="w" category="dns:root"/>
+ </check>
+ </when>
+ </case>
+ </rules>
+
+
+ <rules class="extra">
+ <!-- Mail -->
+ <check name="mail_mx_or_addr" severity="w" category="mail"/>
+ <case test="mail_delivery">
+ <when value="nodelivery"/>
+ <else>
+ <check name="mail_openrelay_domain" severity="w" category="mail:openrelay"/>
+ <check name="mail_delivery_postmaster" severity="w" category="mail:delivery"/>
+ </else>
+ </case>
+ <check name="mail_hostmaster_mx_cname" severity="f" category="mail"/>
+ <check name="mail_openrelay_hostmaster" severity="w" category="mail:openrelay"/>
+ <check name="mail_delivery_hostmaster" severity="f" category="mail:delivery"/>
+ </rules>
+
+ <rules class="dnssec">
+ <case test="dnssec_policy">
+ <when value="full">
+ <case test="a_ds_or_dnskey_is_given">
+ <when value="true">
+ <check name="ds_and_dnskey_coherence" severity="f" category="dns:dnssec"/>
+ </when>
+ </case>
+ <check name="edns" severity="f" category="dns:dnssec">
+ <check name="one_dnskey" severity="f" category="dns:dnssec">
+ <check name="several_dnskey" severity="w" category="dns:dnssec"/>
+ </check>
+ <check name="has_soa_rrsig" severity="f" category="dns:dnssec">
+ <check name="zsk_and_ksk" severity="w" category="dns:dnssec"/>
+ <check name="key_length" severity="w" category="dns:dnssec"/>
+ <check name="soa_rrsig_expiration" severity="w" category="dns:dnssec"/>
+ <check name="soa_rrsig_validity_period" severity="w" category="dns:dnssec"/>
+ <check name="algorithm" severity="w" category="dns:dnssec">
+ <check name="verify_soa_rrsig" severity="f" category="dns:dnssec"/>
+ </check>
+ </check>
+ </check>
+ </when>
+ <when value="lax">
+ <check name="edns" severity="w" category="dns:dnssec">
+ <check name="one_dnskey" severity="w" category="dns:dnssec">
+ <check name="several_dnskey" severity="w" category="dns:dnssec"/>
+ </check>
+ <check name="has_soa_rrsig" severity="w" category="dns:dnssec">
+ <check name="zsk_and_ksk" severity="w" category="dns:dnssec"/>
+ <check name="key_length" severity="w" category="dns:dnssec"/>
+ <check name="soa_rrsig_expiration" severity="w" category="dns:dnssec"/>
+ <check name="soa_rrsig_validity_period" severity="w" category="dns:dnssec"/>
+ <check name="algorithm" severity="w" category="dns:dnssec">
+ <check name="verify_soa_rrsig" severity="w" category="dns:dnssec"/>
+ </check>
+ </check>
+ </check>
+ </when>
+ </case>
+ </rules>
+
+ </profile>
+
+ <!-- Local Variables: -->
+ <!-- mode: xml -->
+ <!-- End: -->
+</config>
--- /dev/null
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: reverse.profile,v 1.4 2010/06/01 15:36:07 chabannf Exp $ -->
+
+ <profile name="reverse"
+ longdesc="default profile for checking reverse delegations">
+ <const name="registry" value="reverse"/>
+
+ <rules class="generic">
+ <!-- Domain name check -->
+ <check name="dn_sntx" severity="f" category="dns:sntx"/>
+ <check name="dn_orp_hyph" severity="f" category="dns:sntx"/>
+ <check name="dn_dbl_hyph" severity="w" category="dns:sntx"/>
+ <check name="one_ns" severity="f" category="dns"/>
+ <check name="several_ns" severity="f" category="dns"/>
+
+ <!-- IP address check -->
+ <check name="ip_distinct" severity="f" category="ip"/>
+ <check name="ip_all_same_net" severity="w" category="ip"/>
+ </rules>
+
+
+ <rules class="nameserver">
+ <!-- IP address check -->
+ <check name="ip_private" severity="w" category="ip"/>
+ <check name="ip_bogon" severity="w" category="ip"/>
+ </rules>
+
+
+ <rules class="address">
+ <!-- Connectivity -->
+ <check name="icmp" severity="w" category="connectivity:l3"/>
+ <check name="udp" severity="f" category="connectivity:l4"/>
+ <check name="tcp" severity="f" category="connectivity:l4"/>
+
+ <!-- Interoperability -->
+ <check name="aaaa" severity="f" category="dns:interop"/>
+
+ <!-- SOA -->
+ <check name="soa" severity="f" category="dns"/>
+ <check name="soa_auth" severity="f" category="dns"/>
+ <check name="given_nsprim_vs_soa" severity="f" category="dns"/>
+ <check name="soa_master_fq" severity="w" category="dns:soa"/>
+ <check name="soa_master_sntx" severity="f" category="dns:soa"/>
+ <check name="soa_contact_sntx_at" severity="f" category="dns:soa"/>
+ <check name="soa_contact_sntx" severity="f" category="dns:soa"/>
+ <check name="soa_serial_fmt_YYYYMMDDnn" severity="w" category="dns:soa"/>
+ <check name="soa_expire" severity="f" category="dns:soa"/>
+ <check name="soa_minimum" severity="w" category="dns:soa"/>
+ <check name="soa_refresh" severity="w" category="dns:soa"/>
+ <check name="soa_retry" severity="w" category="dns:soa"/>
+ <check name="soa_retry_refresh" severity="f" category="dns:soa"/>
+ <check name="soa_expire_7refresh" severity="f" category="dns:soa"/>
+ <check name="soa_ns_cname" severity="w" category="dns:soa"/>
+ <check name="soa_vs_any" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_serial" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_contact" severity="f" category="dns:soa"/>
+ <check name="soa_coherence_master" severity="f" category="dns:soa"/>
+ <check name="soa_coherence" severity="f" category="dns:soa"/>
+
+ <!-- NS -->
+ <check name="ns" severity="f" category="dns:ns"/>
+ <check name="ns_auth" severity="f" category="dns:ns"/>
+ <check name="given_ns_vs_ns" severity="f" category="dns"/>
+ <check name="ns_sntx" severity="f" category="dns:ns"/>
+ <check name="ns_cname" severity="f" category="dns:ns"/>
+ <check name="ns_vs_any" severity="f" category="dns:ns"/>
+ <check name="ns_ip" severity="f" category="dns:ns"/>
+ <check name="ns_reverse" severity="w" category="dns:ns"/>
+ <check name="ns_matching_reverse" severity="w" category="dns:ns"/>
+
+ <case test="mail_by_mx_or_a">
+ <when value="MX">
+ <check name="mx" severity="f" category="dns:mx"/>
+ <check name="mx_auth" severity="f" category="dns:mx"/>
+ <check name="mx_sntx" severity="f" category="dns:mx"/>
+ <check name="mx_cname" severity="f" category="dns:mx"/>
+ <check name="mx_no_wildcard" severity="i" category="dns:mx"/>
+ <check name="mx_ip" severity="f" category="dns:mx"/>
+ <check name="mx_vs_any" severity="f" category="dns:mx"/>
+ </when>
+ </case>
+
+ <check name="correct_recursive_flag" severity="f" category="dns"/>
+
+ <case test="recursive_server">
+ <when value="true">
+ <!-- Loopback -->
+ <check name="loopback_delegation" severity="w" category="dns:loopback"/>
+ <check name="loopback_host" severity="f" category="dns:loopback"/>
+
+ <!-- Root servers -->
+ <check name="root_servers" severity="f" category="dns:root"/>
+ <check name="root_servers_ns_vs_icann" severity="f" category="dns:root"/>
+ <check name="root_servers_ip_vs_icann" severity="w" category="dns:root"/>
+ </when>
+ </case>
+ </rules>
+
+
+ <rules class="extra"/>
+ </profile>
+
+ <!-- Local Variables: -->
+ <!-- mode: xml -->
+ <!-- End: -->
+</config>
--- /dev/null
+# $Id: rootservers,v 1.8 2010/06/18 13:28:09 bortzmeyer Exp $
+#
+# This file is in YAML format
+# ( for more information about YAML see: http://yaml.org/ )
+#
+# Tips:
+# - don't use tabulation
+# - don't forget the final dot of the name servers
+#
+#
+# This list can be generated by the following shell-script (sh):
+#
+# for ns in `dig +short . ns | tr 'A-Z' 'a-z' | sort` ; do
+# ips=`(dig +short $ns a; dig +short $ns aaaa) | tr '\n' ',' | sed 's/,$//'`
+# echo "$ns: [ $ips ]"
+# done
+# TODO: bad syntax?
+
+a.root-servers.net.: [ 198.41.0.4 , 2001:503:ba3e::2:30 ]
+b.root-servers.net.: [ 192.228.79.201 ]
+c.root-servers.net.: [ 192.33.4.12 ]
+d.root-servers.net.: [ 128.8.10.90 ]
+e.root-servers.net.: [ 192.203.230.10 ]
+f.root-servers.net.: [ 192.5.5.241 , 2001:500:2f::f ]
+g.root-servers.net.: [ 192.112.36.4 ]
+h.root-servers.net.: [ 128.63.2.53 , 2001:500:1::803f:235 ]
+i.root-servers.net.: [ 192.36.148.17, 2001:7FE:0:0:0:0:0:53 ]
+j.root-servers.net.: [ 192.58.128.30 , 2001:503:c27::2:30 ]
+k.root-servers.net.: [ 193.0.14.129 , 2001:7fd::1 ]
+l.root-servers.net.: [ 199.7.83.42 , 2001:500:3::42 ]
+m.root-servers.net.: [ 202.12.27.33 , 2001:dc3::35 ]
--- /dev/null
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE config PUBLIC "-//ZoneCheck//DTD Config V1.0//EN" "config.dtd">
+<config>
+<!-- $Id: zc.conf,v 1.23 2010/06/17 08:22:56 chabannf Exp $ -->
+
+ <!-- [ Preset configurations ] -->
+ <!-- -->
+ <!-- Can be reverted -->
+ <!-- verbose: intro,testname,explain,details,reportok,fatalonly -->
+ <!-- testdesc,counter -->
+ <!-- transp : ipv4,ipv6,udp,tcp,std -->
+ <!-- output : byseverity,byhost,text,html -->
+ <!-- error : allfatal,allwarning,dfltseverity,stop,nostop -->
+ <!-- Cannot be reverted -->
+ <!-- quiet : any values enable this mode -->
+ <!-- one : any values enable this mode -->
+ <!-- -->
+ <preset name="default">
+ <param name="verbose" value="explain,details,intro,counter"/>
+ </preset>
+
+ <preset name="verbose">
+ <param name="transp" value="ipv4,ipv6,std"/>
+ <param name="output" value="byseverity,text"/>
+ <param name="verbose" value="explain,details,intro,counter"/>
+ <param name="error" value="dfltseverity"/>
+ </preset>
+
+ <preset name="minimal">
+ <param name="verbose" value="explain,details,fatalonly"/>
+ <param name="error" value="stop"/>
+ <param name="quiet" value=""/>
+ </preset>
+
+
+ <!-- [ Constants ] -->
+ <!-- -->
+ <!-- We are providing here default values that can be -->
+ <!-- overwritten in the different profiles -->
+ <!-- -->
+
+ <!-- For connectivity testing -->
+ <!-- the '%s' will be replaced by the IP address -->
+ <const name="ping4" value="ping -n -q -w 5 -c 5 %s >/dev/null"/>
+ <const name="ping6" value="ping6 -n -q -w 5 -c 5 %s >/dev/null"/>
+
+ <const name="dnsruby:retrytimes" value="1"/>
+ <const name="dnsruby:retrydelay" value="1"/>
+ <const name="dnsruby:querytimeout" value="2"/>
+
+ <!-- For openrelay testing -->
+ <const name="fake_mail_user" value="zonecheck"/>
+ <const name="fake_mail_dest" value="nic.fr"/>
+ <const name="fake_mail_from" value="afnic.fr"/>
+ <const name="fake_mail_host" value="relay2.nic.fr"/>
+
+ <!-- For delegation in 512 bytes tests -->
+ <const name="inexistant_hostname" value="doesntexist"/>
+ <const name="delegation_query_size" value="255"/>
+
+ <!-- Minimum and maximum for SOA fields -->
+ <!-- min: 0 / max: 2147483647 -->
+ <const name="soa:expire:min" value="604800"/>
+ <const name="soa:expire:max" value="3628800"/>
+ <const name="soa:minimum:min" value="180"/>
+ <const name="soa:minimum:max" value="604800"/>
+ <const name="soa:refresh:min" value="3600"/>
+ <const name="soa:refresh:max" value="172800"/>
+ <const name="soa:retry:min" value="900"/>
+ <const name="soa:retry:max" value="86400"/>
+ <const name="rrsig:validityperiod:min" value="259560"/>
+ <const name="rrsig:validityperiod:max" value="16070400"/>
+
+ <!-- Allowed serial drift for SOA -->
+ <!-- . A drift of the serial number can be allowed between -->
+ <!-- the master and its slaves, to try avoiding reporting errors -->
+ <!-- due to the zone transfert being done -->
+ <!-- . If the serial follow rfc1912 recommandation and use the -->
+ <!-- YYYYMMDDnn format the soa:serial:drift_days will be applied -->
+ <!-- otherwise the soa:serial:drift_ticks -->
+ <!-- Value must be >= 0 (use carefully) -->
+ <const name="soa:serial:drift_days" value="200"/>
+ <const name="soa:serial:drift_ticks" value="100"/>
+
+ <!-- SMTP testing -->
+ <!-- The following timeout value (in seconds) can be specified -->
+ <!-- . open: time allowed to TCP for establishing the connection -->
+ <!-- . session: time allowed for the whole session -->
+ <!-- (note: time required for establishing the TCP session -->
+ <!-- is not taken into account) -->
+ <const name="smtp:open:timeout" value="10"/>
+ <const name="smtp:session:timeout" value="40"/>
+
+ <!-- [ Mapping ] -->
+ <!-- -->
+ <!-- Allow to automatically apply a particular test profile -->
+ <!-- by looking at the zone in which the domain belongs -->
+ <!-- -->
+
+ <!-- Reverse -->
+ <map zone="in-addr.arpa." profile="reverse"/>
+ <map zone="ip6.arpa." profile="reverse"/>
+ <map zone="ip6.int." profile="reverse"/>
+
+ <!-- TLD / ccTLD -->
+ <!-- You need to realize that you can obtain different results -->
+ <!-- for the same zone configuration if they belong to different -->
+ <!-- TLD /ccTLD as they will now use a different profile -->
+ <!-- Now that you have been informed, you can uncomment the -->
+ <!-- following lines -->
+<!-- <map zone="fr." profile="afnic"/> -->
+<!-- <map zone="re." profile="afnic"/> -->
+<!-- <map zone="de." profile="de"/> -->
+
+ <!-- Default -->
+ <map zone="." profile="default"/>
+
+
+ <!-- Local Variables: -->
+ <!-- mode: xml -->
+ <!-- End: -->
+</config>
projects / config / samara / etc.git / commitdiff