zonemaster · vlevigneron · Oct 4, 2019 · Oct 3, 2019 · Oct 3, 2019 · Oct 4, 2019
diff --git a/lib/Zonemaster/Engine/Test/Zone.pm b/lib/Zonemaster/Engine/Test/Zone.pm
@@ -1,6 +1,6 @@
 package Zonemaster::Engine::Test::Zone;
 
-use version; our $VERSION = version->declare("v1.0.7");
+use version; our $VERSION = version->declare("v1.0.8");
 
 use strict;
 use warnings;
@@ -28,7 +28,6 @@ sub all {
 
     push @results, $class->zone01( $zone ) if Zonemaster::Engine::Util::should_run_test( q{zone01} );
     if ( none { $_->tag eq q{NO_RESPONSE_SOA_QUERY} } @results ) {
-
         push @results, $class->zone02( $zone ) if Zonemaster::Engine::Util::should_run_test( q{zone02} );
         push @results, $class->zone03( $zone ) if Zonemaster::Engine::Util::should_run_test( q{zone03} );
         push @results, $class->zone04( $zone ) if Zonemaster::Engine::Util::should_run_test( q{zone04} );
@@ -44,7 +43,9 @@ sub all {
             push @results, $class->zone09( $zone ) if Zonemaster::Engine::Util::should_run_test( q{zone09} );
         }
     }
-
+    if ( none { $_->tag eq q{NO_RESPONSE_SOA_QUERY} } @results ) {
+        push @results, $class->zone10( $zone ) if Zonemaster::Engine::Util::should_run_test( q{zone10} );
+    }
     return @results;
 } ## end sub all
 
@@ -125,6 +126,15 @@ sub metadata {
               NO_RESPONSE_MX_QUERY
               )
         ],
+        zone10 => [
+            qw(
+              MULTIPLE_SOA
+              NO_RESPONSE
+              NO_RESPONSE_SOA_QUERY
+              ONE_SOA
+              WRONG_SOA
+              )
+        ],
     };
 } ## end sub metadata
 
@@ -217,6 +227,14 @@ Readonly my %TAG_DESCRIPTIONS => (
         __x    # MNAME_IS_AUTHORITATIVE
           'SOA \'mname\' nameserver ({mname}) is authoritative for \'{zone}\' zone.', @_;
     },
+    MULTIPLE_SOA => sub {
+        __x    # MULTIPLE_SOA
+          'Nameserver {ns}/{address} responds with multiple ({count}) SOA records on SOA queries.', @_;
+    },
+    NO_RESPONSE => sub {
+        __x    # NO_RESPONSE
+          'Nameserver {ns}/{address} did not respond.', @_;
+    },
     NO_RESPONSE_SOA_QUERY => sub {
         __x    # NO_RESPONSE_SOA_QUERY
           'No response from nameserver(s) on SOA queries.';
@@ -229,12 +247,20 @@ Readonly my %TAG_DESCRIPTIONS => (
         __x    # MNAME_HAS_NO_ADDRESS
           'No IP address found for SOA \'mname\' nameserver ({mname}).', @_;
     },
+    ONE_SOA => sub {
+        __x    # ONE_SOA
+          'A unique SOA record is returned by all nameservers of the zone.', @_;
+    },
     EXPIRE_MINIMUM_VALUE_OK => sub {
         __x    # EXPIRE_MINIMUM_VALUE_OK
           'SOA \'expire\' value ({expire}) is higher than the minimum recommended value ({required_expire}) '
           . 'and not lower than the \'refresh\' value ({refresh}).',
           @_;
     },
+    WRONG_SOA => sub {
+        __x    # WRONG_SOA
+          '', @_;
+    },
 );
 
 sub tag_descriptions {
@@ -566,7 +592,7 @@ sub zone08 {
     if ( $p ) {
         my @mx = $p->get_records_for_name( q{MX}, $zone->name );
         for my $mx ( @mx ) {
-	    my $p2 = $zone->query_auth( $mx->exchange, q{CNAME} );
+            my $p2 = $zone->query_auth( $mx->exchange, q{CNAME} );
             if ( $p2->has_rrs_of_type_for_name( q{CNAME}, $mx->exchange ) ) {
                 push @results, info( MX_RECORD_IS_CNAME => {} );
             }
@@ -628,6 +654,66 @@ sub zone09 {
     return @results;
 } ## end sub zone09
 
+sub zone10 {
+    my ( $class, $zone ) = @_;
+    my $name = name( $zone );
+    my @results;
+
+    foreach my $ns ( @{ Zonemaster::Engine::TestMethods->method4and5( $zone ) } ) {
+
+        if ( _is_ip_version_disabled( $ns ) ) {
+            next;
+        }
+
+        my $p = $ns->query( $name, q{SOA} );
+
+        if ( not $p ) {
+            push @results,
+              info(
+                NO_RESPONSE => {
+                    ns      => $ns->name->string,
+                    address => $ns->address->short,
+                }
+              );
+            next;
+        }
+        else {
+            my @soa = $p->get_records( q{SOA}, q{answer} );
+            if ( scalar @soa ) {
+                if ( scalar @soa > 1 ) {
+                    push @results,
+                      info(
+                        MULTIPLE_SOA => {
+                            ns      => $ns->name->string,
+                            address => $ns->address->short,
+                            count   => scalar @soa,
+                        }
+                      );
+                }
+                elsif ( $soa[0]->owner ne $name->fqdn ) {
+                    push @results,
+                      info(
+                        WRONG_SOA => {
+                            ns      => $ns->name->string,
+                            address => $ns->address->short,
+                            owner   => $soa[0]->owner,
+                            name    => $name->fqdn,
+                        }
+                      );
+                }
+            }
+            else {
+                push @results, info( NO_RESPONSE_SOA_QUERY => {} );
+            }
+        }
+    }
+    if ( not scalar @results ) {
+        push @results, info( ONE_SOA => {} );
+    }
+
+    return @results;
+} ## end sub zone10
+
 sub _retrieve_record_from_zone {
     my ( $zone, $name, $type ) = @_;
 
@@ -737,6 +823,10 @@ Verify that MX records does not resolve to a CNAME.
 
 Verify that there is a target host (MX, A or AAAA) to deliver e-mail for the domain name.
 
+=item zone10($zone)
+
+Verify that the zone of the domain to be tested return exactly one SOA record.
+
 =back
 
 =cut
diff --git a/share/profile.json b/share/profile.json
@@ -135,7 +135,7 @@
             "SOA_NOT_EXISTS" : "ERROR",
             "TOTAL_NAME_MISMATCH" : "ERROR"
         },
-	"DNSSEC" : {
+        "DNSSEC" : {
             "ADDITIONAL_DNSKEY_SKIPPED" : "DEBUG",
             "ALGORITHM_DELETE_DS" : "ERROR",
             "ALGORITHM_DEPRECATED" : "WARNING",
@@ -334,9 +334,12 @@
             "MX_RECORD_EXISTS" : "INFO",
             "MX_RECORD_IS_CNAME" : "INFO",
             "MX_RECORD_IS_NOT_CNAME" : "INFO",
+            "MULTIPLE_SOA" : "ERROR",
             "NO_MX_RECORD" : "NOTICE",
-            "NO_RESPONSE_SOA_QUERY" : "DEBUG",
+            "NO_RESPONSE" : "WARNING",
+            "NO_RESPONSE_SOA_QUERY" : "NOTICE",
             "NO_RESPONSE_MX_QUERY" : "DEBUG",
+            "ONE_SOA" : "INFO",
             "REFRESH_HIGHER_THAN_RETRY" : "INFO",
             "REFRESH_LOWER_THAN_RETRY" : "INFO",
             "REFRESH_MINIMUM_VALUE_LOWER" : "NOTICE",
@@ -345,7 +348,8 @@
             "RETRY_MINIMUM_VALUE_OK" : "INFO",
             "SOA_DEFAULT_TTL_MAXIMUM_VALUE_OK" : "INFO",
             "SOA_DEFAULT_TTL_MAXIMUM_VALUE_HIGHER" : "NOTICE",
-            "SOA_DEFAULT_TTL_MAXIMUM_VALUE_LOWER" : "NOTICE"
+            "SOA_DEFAULT_TTL_MAXIMUM_VALUE_LOWER" : "NOTICE",
+            "WRONG_SOA" : "ERROR"
         }
     },
     "test_cases": [
@@ -410,6 +414,7 @@
         "zone06",
         "zone07",
         "zone08",
-        "zone09"
+        "zone09",
+        "zone10"
     ]
 }
diff --git a/t/Test-zone.data b/t/Test-zone.data
diff --git a/t/Test-zone.t b/t/Test-zone.t
@@ -34,6 +34,7 @@ ok( $res{REFRESH_HIGHER_THAN_RETRY},        q{SOA 'refresh' value is higher than
 ok( $res{EXPIRE_MINIMUM_VALUE_OK},
     q{SOA 'expire' value is higher than the minimum recommended value and lower than 'refresh' value} );
 ok( $res{MX_RECORD_IS_NOT_CNAME}, q{MX record for the domain is not pointing to a CNAME} );
+ok( $res{ONE_SOA} , q{Unique SOA returned} );
 
 $zone = Zonemaster::Engine->zone( q{zone01.zut-root.rd.nic.fr} );
 %res = map { $_->tag => 1 } Zonemaster::Engine->test_method( q{Zone}, q{zone01}, $zone );

diff --git a/t/profiles/Test-zone-all.json b/t/profiles/Test-zone-all.json
@@ -8,6 +8,7 @@
         "zone06",
         "zone07",
         "zone08",
-        "zone09"
+        "zone09",
+        "zone10"
     ]
 }