Updates DNSSEC07 test case specification

[matsduf]

Purpose

This PR updates the specification of DNSSEC07 in several ways:

• It updates the specification to modern standards.
• It raises absence of DNSSEC signing to WARNING.
• It raises absence of DS to WARNING if the zone is signed.

Currently in the implementation, DNSSEC07 is run first, and if DNSSEC07 outputs NOT_SIGNED then no other test case in DNSSEC module is run.

After this update, DNSSEC07 should still be run first, and then DNSSEC11. If updated DNSSEC07 outputs DS07_NOT_SIGNED then no other test cases, besides DNSSEC11, in DNSSEC module should be run.

For the future, I think all test cases should be run for every test. For that all DNSSEC test cases should be updated to output a good INFO message for unsigned zones. All other test cases should be updated to always output an INFO message if no other message is outputted. In that way all tests will show the same number of test cases. (Except if the test breaks in Basic because it cannot be run.)

With the update, DNSSEC07 will always output one of the following messages (besides possibly other messages):

• DS07_NOT_SIGNED
• DS07_SIGNED
• DS07_INCONSISTENT_SIGNED

Test scenarios are available by #1432.

How to test this PR

Review.

[matsduf]

@peterthomassen, please review this PR. For the test scenarios for the test case, see #1432, and in that see docs/public/specifications/test-zones/DNSSEC-TP/dnssec07.md for the specification of the test scenarios (and test zones).

[peterthomassen]

thank you for working on this!

[matsduf]

@peterthomassen, thank you for the review. I have updated the text based on your comments.

[tgreenx]

Implementation in zonemaster/zonemaster-engine#1476.

[marc-vanderwal]

The test procedure looks good to me. I have some comments and suggestions though.

[marc-vanderwal]

Two more little typos, including I didn’t see last time. Sorry!

[matsduf]

@marc-vanderwal, please re-review.