Zone
The domain that should be tested
The Zone name must be either a Domain Name (not a hostname or subdomain), or a correctly formatted in-addr Zone,
eg:
- example.com
- 10.10.10.in-addr.arpa
- 4.2.5.0.7.6.0.0.0.7.4.0.1.0.0.2.ip6.arpa
Primary
The nameserver that is considered primary as per the SOA record.
Secondary
The secondary nameserver(s) (all the NS records associated
with the zone, except for the primary as listed above).
IPs
List of IP addresses associated with the nameserver.
- these are only required if they can't be resolved
(ie: they are in the zone that you want to register, or delegate).
- if you have several IP addresses, you must use a space or
a comma as the separator.
- the form accepts IPv4 and IPv6 addresses, example:
- 10.10.10.53
- fd1d:c01d:1ce::53
- 10.10.10.53 fd1d:c01d:1ce::53
- 10.10.10.53, fd1d:c01d:1ce::53
mail delivery
Perform extra checking on mail delivery for typical
mail accounts (hostmaster, postmaster, ...) associated with
domain names.
zone transfer
Perform additional tests on the zone retrieved after
a zone transfer.
RIR databases
Check that IP addresses used are registered in the RIR
databases
IPv4, IPv6
Select the routing layer (if none are selected it will
default to IPv4 and IPv6).
STD, UDP, TCP
Select the transport layer you want for interrogating
your nameservers.
DNSSEC tests
Set the DNSSEC tests policy to mandatory, if not tests will be warnings
DS and Hash Algorithm
Gives the hash of the public key and the algorithm used to do that
The hash of the key must be encoded in hexadecimal (blanks are removed).
The Hash Algorithm is the number given by IANA and corresponding to the algorithm.
DNSKEY
Gives the public key used as a Security Entry Point (encoded in base64)
Success
Success with no warnings, indicates your zone is well configured and you should
have no problems.
Note:Currently, we do not warn or fail on lack of IPv6, as IPv4 is now depleted you must
obtain IPv6 addresses. The tests will during 2014, start issuing a Fatal failure, with no IPv6 IP's found.
Info
This shows informational problems, that will not really affect your Zone,
but you might want to consider if its the correct way to go.
An example of this would be
firewalls, may seem appropriate, but if you block FRAG ICMP types, it may result in problems.
Warning
This indicates your zone has errors, that in all likelihood will only have
a minor affect on you, they need to be corrected when you get a chance.
Failure
This indicates your zone is in urgent need of repair, you should
resolve these errors immediately without delay.
These errors can result in reachability issues.
Generic
The word generic means that the error is either
unrelated or present on all nameservers
Bracket Error
When an error is between [square brackets], it means the test
failed for external reasons, the reason is displayed next to it.
