@@ -3145,80 +3145,80 @@ sub dnssec10 {
31453145 my ( @nsec_response_error , @nsec3param_response_error );
31463146 my ( @with_dnskey , @without_dnskey );
31473147
3148- my @nss = grep { $_ -> isa(' Zonemaster::Engine::Nameserver'
3148+ my @nameservers = grep { $_ -> isa(' Zonemaster::Engine::Nameserver'
31493149 @{ Zonemaster::Engine::TestMethodsV2-> get_del_ns_names_and_ips( $zone ) // [] },
31503150 @{ Zonemaster::Engine::TestMethodsV2-> get_zone_ns_names_and_ips( $zone ) // [] }
31513151 );
3152+
31523153 my @ignored_nss ;
3153- my @unique_ip_nss ;
3154+ my %nss ;
3155+ push @{ $nss {$_ -> address-> short} }, $_ for ( uniq @nameservers );
31543156
3155- my %ip_already_processed ;
31563157 my $testing_time = time ;
31573158
3158- for my $ns ( @nss ) {
3159- next if exists $ip_already_processed {$ns -> address-> short};
3160- $ip_already_processed {$ns -> address-> short} = 1;
3161- push @unique_ip_nss , $ns ;
3159+ for my $ns_ip ( keys %nss ) {
3160+ my $ns = $nss {$ns_ip }[0];
3161+ my @all_ns_for_ip = @{ $nss {$ns_ip } };
31623162
31633163 if ( _ip_disabled_message( \@results , $ns , @query_types ) ) {
3164- push @ignored_nss , $ns ;
3164+ push @ignored_nss , @all_ns_for_ip ;
31653165 next ;
31663166 }
31673167
31683168 my $dnskey_p = $ns -> query( $zone -> name, $type_dnskey , { dnssec => 1 } );
31693169
31703170 if ( not $dnskey_p or $dnskey_p -> rcode ne q{ NOERROR} or not $dnskey_p -> aa ) {
3171- push @ignored_nss , $ns ;
3171+ push @ignored_nss , @all_ns_for_ip ;
31723172 next ;
31733173 }
31743174
31753175 my @dnskey_records = $dnskey_p -> get_records_for_name( $type_dnskey , $zone -> name-> string, q{ answer}
31763176
31773177 if ( not scalar @dnskey_records ) {
3178- push @without_dnskey , $ns ;
3178+ push @without_dnskey , @all_ns_for_ip ;
31793179 next ;
31803180 }
31813181
3182- push @with_dnskey , $ns ;
3182+ push @with_dnskey , @all_ns_for_ip ;
31833183
31843184 my $nsec_p = $ns -> query( $zone -> name, $type_nsec , { dnssec => 1 } );
31853185
31863186 if ( not $nsec_p or $nsec_p -> rcode ne q{ NOERROR} or not $nsec_p -> aa ) {
3187- push @nsec_response_error , $ns ;
3187+ push @nsec_response_error , @all_ns_for_ip ;
31883188 }
31893189 elsif ( $nsec_p -> answer ) {
31903190 if ( scalar $nsec_p -> get_records( $type_nsec , q{ answer}
3191- push @nsec_in_answer , $ns ;
3191+ push @nsec_in_answer , @all_ns_for_ip ;
31923192
31933193 if ( scalar $nsec_p -> get_records( $type_nsec , q{ answer}
3194- push @erroneous_multiple_nsec , $ns ;
3194+ push @erroneous_multiple_nsec , @all_ns_for_ip ;
31953195 }
31963196 elsif ( ($nsec_p -> get_records( $type_nsec , q{ answer} -> owner ne $zone -> name ) {
3197- push @nsec_mismatches_apex , $ns ;
3197+ push @nsec_mismatches_apex , @all_ns_for_ip ;
31983198 }
31993199 }
32003200 else {
3201- push @nsec_erroneous_answer , $ns ;
3201+ push @nsec_erroneous_answer , @all_ns_for_ip ;
32023202 }
32033203 }
32043204 elsif ( not $nsec_p -> answer and scalar $nsec_p -> get_records( $type_nsec3 , q{ authority}
32053205 my @nsec3_rrs = $nsec_p -> get_records( $type_nsec3 , q{ authority}
32063206
3207- push @nsec_nsec3_nodata , $ns ;
3207+ push @nsec_nsec3_nodata , @all_ns_for_ip ;
32083208
32093209 unless ( scalar $nsec_p -> get_records( $type_soa , q{ authority}
3210- push @nsec3_nodata_missing_soa , $ns ;
3210+ push @nsec3_nodata_missing_soa , @all_ns_for_ip ;
32113211 }
32123212 elsif ( ($nsec_p -> get_records( $type_soa , q{ authority} -> owner ne $zone -> name ) {
3213- push @{ $nsec3_nodata_wrong_soa {$zone -> name} }, $ns ;
3213+ push @{ $nsec3_nodata_wrong_soa {$zone -> name} }, @all_ns_for_ip ;
32143214 }
32153215
32163216 if ( scalar @nsec3_rrs > 1 ) {
3217- push @erroneous_multiple_nsec3 , $ns ;
3217+ push @erroneous_multiple_nsec3 , @all_ns_for_ip ;
32183218 }
32193219 else {
32203220 unless ( $nsec3_rrs [0]-> hash_name( $zone -> name ) eq lc ( @{ name($nsec3_rrs [0]-> owner)-> labels }[0] ) ) {
3221- push @nsec3_mismatches_apex , $ns ;
3221+ push @nsec3_mismatches_apex , @all_ns_for_ip ;
32223222 }
32233223 else {
32243224 my @mandatory_typelist = qw( SOA NS DNSKEY NSEC3PARAM RRSIG )
@@ -3227,14 +3227,14 @@ sub dnssec10 {
32273227
32283228 foreach my $type ( @mandatory_typelist ) {
32293229 if ( not exists $typelist {$type } ) {
3230- push @nsec3_incorrect_type_list , $ns ;
3230+ push @nsec3_incorrect_type_list , @all_ns_for_ip ;
32313231 last ;
32323232 }
32333233 }
32343234
32353235 foreach my $type ( @forbidden_typelist ) {
32363236 if ( exists $typelist {$type } ) {
3237- push @nsec3_incorrect_type_list , $ns ;
3237+ push @nsec3_incorrect_type_list , @all_ns_for_ip ;
32383238 last ;
32393239 }
32403240 }
@@ -3243,20 +3243,20 @@ sub dnssec10 {
32433243 my @nsec3_rrsig_rrs = grep { $_ -> typecovered eq q{ NSEC3} $nsec_p -> get_records_for_name( q{ RRSIG} $nsec3_rrs [0]-> name );
32443244
32453245 unless ( scalar @nsec3_rrsig_rrs ) {
3246- push @nsec3_missing_signature , $ns ;
3246+ push @nsec3_missing_signature , @all_ns_for_ip ;
32473247 }
32483248 else {
32493249 foreach my $rr ( @nsec3_rrsig_rrs ) {
32503250 my @matching_dnskeys = grep { $rr -> keytag == $_ -> keytag } @dnskey_records ;
32513251
32523252 unless ( scalar @matching_dnskeys ) {
3253- push @{ $nsec3_rrsig_no_dnskey {$rr -> keytag} }, $ns ;
3253+ push @{ $nsec3_rrsig_no_dnskey {$rr -> keytag} }, @all_ns_for_ip ;
32543254 }
32553255 elsif ( $rr -> expiration < $testing_time ) {
3256- push @{ $nsec3_rrsig_expired {$rr -> keytag} }, $ns ;
3256+ push @{ $nsec3_rrsig_expired {$rr -> keytag} }, @all_ns_for_ip ;
32573257 }
32583258 elsif ( $rr -> inception > $testing_time ) {
3259- push @{ $nsec3_rrsig_not_yet_valid {$rr -> keytag} }, $ns ;
3259+ push @{ $nsec3_rrsig_not_yet_valid {$rr -> keytag} }, @all_ns_for_ip ;
32603260 }
32613261 else {
32623262 my $i = 1;
@@ -3265,16 +3265,16 @@ sub dnssec10 {
32653265 my $validated = $rr -> verify_time( [grep { name( $_ -> name ) eq name( $rr -> name ) } @nsec3_rrs ], [ $dnskey ], $testing_time , $msg );
32663266
32673267 if ( $validated ) {
3268- push @nsec3_rrsig_verified , $ns ;
3268+ push @nsec3_rrsig_verified , @all_ns_for_ip ;
32693269 last ;
32703270 }
32713271
32723272 if ( $i >= scalar @matching_dnskeys ) {
32733273 if ( $msg =~ / Unknown cryptographic algorithm/
3274- push @{ $algo_not_supported_by_zm {$dnskey -> keytag}{$dnskey -> algorithm} }, $ns ;
3274+ push @{ $algo_not_supported_by_zm {$dnskey -> keytag}{$dnskey -> algorithm} }, @all_ns_for_ip ;
32753275 }
32763276 else {
3277- push @{ $nsec3_rrsig_verify_error {$dnskey -> keytag} }, $ns ;
3277+ push @{ $nsec3_rrsig_verify_error {$dnskey -> keytag} }, @all_ns_for_ip ;
32783278 }
32793279 }
32803280
@@ -3289,41 +3289,41 @@ sub dnssec10 {
32893289 my $nsec3param_p = $ns -> query( $zone -> name, $type_nsec3param , { dnssec => 1 } );
32903290
32913291 if ( not $nsec3param_p or $nsec3param_p -> rcode ne q{ NOERROR} or not $nsec3param_p -> aa ) {
3292- push @nsec3param_response_error , $ns ;
3292+ push @nsec3param_response_error , @all_ns_for_ip ;
32933293 }
32943294 elsif ( $nsec3param_p -> answer ) {
32953295 if ( scalar $nsec3param_p -> get_records( $type_nsec3param , q{ answer}
3296- push @nsec3param_in_answer , $ns ;
3296+ push @nsec3param_in_answer , @all_ns_for_ip ;
32973297
32983298 if ( scalar $nsec3param_p -> get_records( $type_nsec3param , q{ answer}
3299- push @erroneous_multiple_nsec3param , $ns ;
3299+ push @erroneous_multiple_nsec3param , @all_ns_for_ip ;
33003300 }
33013301 elsif ( ($nsec3param_p -> get_records( $type_nsec3param , q{ answer} -> owner ne $zone -> name ) {
3302- push @nsec3param_mismatches_apex , $ns ;
3302+ push @nsec3param_mismatches_apex , @all_ns_for_ip ;
33033303 }
33043304 }
33053305 else {
3306- push @nsec3param_erroneous_answer , $ns ;
3306+ push @nsec3param_erroneous_answer , @all_ns_for_ip ;
33073307 }
33083308 }
33093309 elsif ( not $nsec3param_p -> answer and scalar $nsec3param_p -> get_records( $type_nsec , q{ authority}
33103310 my @nsec_rrs = $nsec3param_p -> get_records( $type_nsec , q{ authority}
33113311
3312- push @nsec3param_nsec_nodata , $ns ;
3312+ push @nsec3param_nsec_nodata , @all_ns_for_ip ;
33133313
33143314 unless ( scalar $nsec3param_p -> get_records( $type_soa , q{ authority}
3315- push @nsec_nodata_missing_soa , $ns ;
3315+ push @nsec_nodata_missing_soa , @all_ns_for_ip ;
33163316 }
33173317 elsif ( ($nsec3param_p -> get_records( $type_soa , q{ authority} -> owner ne $zone -> name ) {
3318- push @{ $nsec_nodata_wrong_soa {$zone -> name} }, $ns ;
3318+ push @{ $nsec_nodata_wrong_soa {$zone -> name} }, @all_ns_for_ip ;
33193319 }
33203320
33213321 if ( scalar @nsec_rrs > 1 ) {
3322- push @erroneous_multiple_nsec , $ns ;
3322+ push @erroneous_multiple_nsec , @all_ns_for_ip ;
33233323 }
33243324 else {
33253325 unless ( $nsec_rrs [0]-> owner eq $zone -> name ) {
3326- push @nsec_mismatches_apex , $ns ;
3326+ push @nsec_mismatches_apex , @all_ns_for_ip ;
33273327 }
33283328 else {
33293329 my @mandatory_typelist = qw( SOA NS DNSKEY NSEC RRSIG )
@@ -3332,14 +3332,14 @@ sub dnssec10 {
33323332
33333333 foreach my $type ( @mandatory_typelist ) {
33343334 if ( not exists $typelist {$type } ) {
3335- push @nsec_incorrect_type_list , $ns ;
3335+ push @nsec_incorrect_type_list , @all_ns_for_ip ;
33363336 last ;
33373337 }
33383338 }
33393339
33403340 foreach my $type ( @forbidden_typelist ) {
33413341 if ( exists $typelist {$type } ) {
3342- push @nsec_incorrect_type_list , $ns ;
3342+ push @nsec_incorrect_type_list , @all_ns_for_ip ;
33433343 last ;
33443344 }
33453345 }
@@ -3348,20 +3348,20 @@ sub dnssec10 {
33483348 my @nsec_rrsig_rrs = grep { $_ -> typecovered eq q{ NSEC} $nsec3param_p -> get_records_for_name( q{ RRSIG} $nsec_rrs [0]-> name );
33493349
33503350 unless ( scalar @nsec_rrsig_rrs ) {
3351- push @nsec_missing_signature , $ns ;
3351+ push @nsec_missing_signature , @all_ns_for_ip ;
33523352 }
33533353 else {
33543354 foreach my $rr ( @nsec_rrsig_rrs ) {
33553355 my @matching_dnskeys = grep { $rr -> keytag == $_ -> keytag } @dnskey_records ;
33563356
33573357 unless ( scalar @matching_dnskeys ) {
3358- push @{ $nsec_rrsig_no_dnskey {$rr -> keytag} }, $ns ;
3358+ push @{ $nsec_rrsig_no_dnskey {$rr -> keytag} }, @all_ns_for_ip ;
33593359 }
33603360 elsif ( $rr -> expiration < $testing_time ) {
3361- push @{ $nsec_rrsig_expired {$rr -> keytag} }, $ns ;
3361+ push @{ $nsec_rrsig_expired {$rr -> keytag} }, @all_ns_for_ip ;
33623362 }
33633363 elsif ( $rr -> inception > $testing_time ) {
3364- push @{ $nsec_rrsig_not_yet_valid {$rr -> keytag} }, $ns ;
3364+ push @{ $nsec_rrsig_not_yet_valid {$rr -> keytag} }, @all_ns_for_ip ;
33653365 }
33663366 else {
33673367 my $i = 1;
@@ -3370,16 +3370,16 @@ sub dnssec10 {
33703370 my $validated = $rr -> verify_time( [grep { name( $_ -> name ) eq name( $rr -> name ) } @nsec_rrs ], [ $dnskey ], $testing_time , $msg );
33713371
33723372 if ( $validated ) {
3373- push @nsec_rrsig_verified , $ns ;
3373+ push @nsec_rrsig_verified , @all_ns_for_ip ;
33743374 last ;
33753375 }
33763376
33773377 if ( $i >= scalar @matching_dnskeys ) {
33783378 if ( $msg =~ / Unknown cryptographic algorithm/
3379- push @{ $algo_not_supported_by_zm {$dnskey -> keytag}{$dnskey -> algorithm} }, $ns ;
3379+ push @{ $algo_not_supported_by_zm {$dnskey -> keytag}{$dnskey -> algorithm} }, @all_ns_for_ip ;
33803380 }
33813381 else {
3382- push @{ $nsec_rrsig_verify_error {$dnskey -> keytag} }, $ns ;
3382+ push @{ $nsec_rrsig_verify_error {$dnskey -> keytag} }, @all_ns_for_ip ;
33833383 }
33843384 }
33853385
@@ -3790,7 +3790,9 @@ sub dnssec10 {
37903790 );
37913791 }
37923792
3793- $lc = List::Compare-> new( [ @unique_ip_nss ], [ @ignored_nss , @without_dnskey , @nsec_in_answer , @nsec3param_nsec_nodata , @nsec3param_in_answer , @nsec_nsec3_nodata ] );
3793+ my @all_ns = map { $_ } ( map { @{ $_ } } values %nss );
3794+
3795+ $lc = List::Compare-> new( [ @all_ns ], [ @ignored_nss , @without_dnskey , @nsec_in_answer , @nsec3param_nsec_nodata , @nsec3param_in_answer , @nsec_nsec3_nodata ] );
37943796 @first = $lc -> get_unique;
37953797
37963798 if ( @first ) {
0 commit comments