Zone Signing Tests 1. sign zone with one label depth, no delegations
Succeeded
2. sign zone with one label depth, with secure and insecure delegations (i.e. at least one delegation as a DS RR)
Succeeded
3. sign zone with multiple label depth (including empty non-terminals)
Succeeded
4. sign zone with very long zone name (over 222 bytes in length)
Failed (was supposed to fail due to length of NSEC3 hash names
- implementation tested failed ungracefully
- also tested zone with name that was exactly 222 octets, which was successfully signed
Open questions: range of fields
Iterations: 1..n or 0..n what is n Salt: length 0..k or 1..k what is k.
[Not performed -- future work]
Checking results of Zone Signing Tests: TBD 1. Test if NSEC[3] chain of names is correctly sorted
[currently developing perl script for automated testing]
2. Test if the chain is circular
[currently developing perl script for automated testing]
3. Test that all RRsets to be covered are reflected in the bitmaps.
[currently developing perl script for automated testing]
4. [Optional] if output is in "DNS presentation format" check if it is importable to other implementations.