Adds test scenarios for DNSSEC10

[matsduf]

Purpose

The specification of DNSSEC10 has been rewritten in PR #1179 (not yet merged or implemented). This PR defines test scenarios for DNSSEC10 based on the mentioned PR. This PR is not yet complete since all test zones are not yet created.

Context

#1179

Status of PR

The content of the PR is complete. There are two scenarios for which it does not seem to be possible to create test zones with the current tools. My plan is to rearrange the commits and also review what to save in Git. The keys for the Bind zone can probably be left out and recreated each time. Some documentation around Bind and its files will also be updated. None of this affects the test zones for the unit tests.

Changes

All planned scenarios have been defined. Ticked scenarios have complete test zone data and can be used for preliminary unit tests.

• GOOD-NSEC-1
• GOOD-NSEC3-1
• ALGO-NOT-SUPP-BY-ZM-1
• ALGO-NOT-SUPP-BY-ZM-2
• ERR-MULT-NSEC-1
• ERR-MULT-NSEC3-1
• EXP-NSEC-NSEC3-MISS-1
• INCONSISTENT-NSEC-1
• INCONSISTENT-NSEC3-1
• INCONSIST-NSEC-NSEC3-1
• INCONSIST-NSEC-NSEC3-2
• MIXED-NSEC-NSEC3-1
• MIXED-NSEC-NSEC3-1
• NSEC3PARAM-GIVES-ERR-ANSWER-1
• NSEC3PARAM-GIVES-ERR-ANSWER-2
• NSEC3PARAM-GIVES-ERR-ANSWER-3
• NSEC3PARAM-Q-RESPONSE-ERR-1
• NSEC3PARAM-Q-RESPONSE-ERR-2
• NSEC3PARAM-Q-RESPONSE-ERR-3 (maybe not possible in coredns()?)
• NSEC3-ERR-TYPE-LIST-1
• NSEC3-ERR-TYPE-LIST-2
• NSEC3-MISMATCHES-APEX-1
• NSEC3-MISSING-SIGNATURE-1
• NSEC3-NODATA-MISSING-SOA-1
• NSEC3-NODATA-WRONG-SOA-1
• NSEC3-NO-VERIFIED-SIGNATURE-1
• NSEC3-NO-VERIFIED-SIGNATURE-2
• NSEC3-NO-VERIFIED-SIGNATURE-3
• NSEC3-NO-VERIFIED-SIGNATURE-4
• NSEC-ERR-TYPE-LIST-1
• NSEC-ERR-TYPE-LIST-2
• NSEC-GIVES-ERR-ANSWER-1
• NSEC-GIVES-ERR-ANSWER-2
• NSEC-MISMATCHES-APEX-1
• NSEC-MISMATCHES-APEX-2
• NSEC-MISSING-SIGNATURE-1
• NSEC-NODATA-MISSING-SOA-1
• NSEC-NODATA-WRONG-SOA-1
• NSEC-NO-VERIFIED-SIGNATURE-1
• NSEC-NO-VERIFIED-SIGNATURE-2
• NSEC-NO-VERIFIED-SIGNATURE-3
• NSEC-NO-VERIFIED-SIGNATURE-4
• NSEC-QUERY-RESPONSE-ERR-1
• NSEC-QUERY-RESPONSE-ERR-2
• NSEC-QUERY-RESPONSE-ERR-3 (maybe not possible in coredns()?)
• SERVER-NO-DNSSEC-1
• SERVER-NO-DNSSEC-2
• ZONE-NO-DNSSEC-1

How to test this PR

Review the test scenarios. Files under the Bind directory are not meaningful to review.

[matsduf]

@tgreenx, all test zones are created for updated DNSSEC10.

[marc-vanderwal]

I see no obvious issues except for a little typo.

[matsduf]

Commit 1aaab82 adds scenarios ERR-MULT-NSEC3PARAM-1 and MISMATCHES-APEX-1. Scenario GIVES-ERR-ANSWER-3 has been removed.

[tgreenx]

Suggested change

	* The NSEC3PARAM RRset has been signed with the normal DNSKEY.
	* The NSEC3PARAM RRset has been signed with the correct DNSKEY.

[matsduf]

I am not sure that "correct" is more correct than "normal". I will update.

[tgreenx]

The file docs/public/SUMMARY.md should be updated too.

[matsduf]

The file docs/public/SUMMARY.md should be updated too.

Fixed. That is easy to miss. We need a script to search for unlinked documents.