DNS Server Suite Data Sheet
Test Suite:
DNS Server Suite
Direction:
Server

Domain Name Service (DNS) is a protocol originally intended to translate Internet domain names to Internet Protocol(IP) addresses and vice versa, evolved since to provide many additional types of information related to hosts, networks, and domains. Since the proper functioning of DNS is vital to many Internet application services such as WWW and email, the dependability of DNS implementations must be verified. This test application can be used to test DNS server implementations for security flaws and robustness problems.

Used specifications

Specification
Title
RFC1035

Domain Names - Implementation and Specification

RFC1183

New DNS RR Definitions

RFC1348

DNS NSAP Resource Records

RFC1706

DNS NSAP Resource Records

RFC1712

DNS Encoding of Geographical Location

RFC1876

A means for expressing Location information in the Domain Name System

RFC1995

Incremental Zone Transfer in DNS

RFC1996

A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)

RFC2136

Dynamic Updates in the domain name system (DNS UPDATE)

RFC2163

Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM)

RFC2230

Key Exchange delegation record for the DNS

RFC2535

Domain Name System Security Extensions

RFC2671

Extension Mechanisms for DNS (EDNS0)

RFC2672

Non-Terminal DNS Name Redirection

RFC2673

Binary Labels in the Domain Name System

RFC2782

A DNS RR for specifying the location of services (DNS SRV)

RFC2845

Secret Key Transaction Authentication for DNS (TSIG)

RFC2874

DNS Extensios to support IPv6 Address Aggregation and renumbering

RFC2930

Secret Key Establishment for DNS (TKEY RR)

RFC3123

A DNSS RR Type for Lists of Address Prefixes (APL RR)

RFC3226

DNSSEC and IPv6 A6 aware server/resolver message size requirements

RFC3403

DDDS Part Three DNS Database

RFC3490

Internationalizing Domain Names in Applications (IDNA)

RFC3492

Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)

RFC3596

DNS extensions to support IPv6

RFC3761

The E.164 to Uniform Resource Identifiers DDDS

RFC4025

A Method for Storing IPsec Keying Material in DNS

RFC4034

Resource Records for the DNS Security Extensions

RFC4255

SSHFP RR types for fingerprint types

RFC4398

Storing Certificates in the Domain Name System (DNS)

RFC4255

SSHFP RR types for fingerprint types

RFC4398

Storing Certificates in the Domain Name System (DNS)

RFC4408

Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1

RFC4635

HMAC SHA TSIG Algorithm Identifiers

RFC4701

DHCID RR type codes

RFC5001

DNS Name Server Identifier (NSID) Option

RFC5155

DNS Security (DNSSEC) Hashed Authenticated Denial of Existence

RFC5205

Host Identity Protocol (HIP) Domain Name System (DNS) Extension

RFC5855

Nameservers for IPv4 and IPv6 Reverse Zones

RFC5864

DNS SRV Resource Records for AFS

RFC5936

DNS Zone Transfer Protocol (AXFR)

RFC6116

The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)

draft-sekar-dns-llq-01.txt

DNS Long-Lived Queries

draft-sekar-dns-ul-01.txt

Dynamic DNS Update Leases

draft-cheshire-edns0-owner-option-00

EDNS0 OWNER Option

Tool-specific information

Tested messages
Notes
Specifications
DNS Query
RFC1035
DNS IQuery
Obsolete
RFC1035
DNS Notify
RFC1996
DNS Update
RFC2136

Supported SafeGuard Checks

Amplification

Unexpected Data

Compressed Signer's name in RRSIG record

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis