Merge pull request zonemaster#347 from tgreenx/update-faq

Update English FAQ
marc-vanderwal · Nov 7, 2022 · da8527c · da8527c
2 parents f80be57 + b853ccd
commit da8527c
Showing 1 changed file with 118 additions and 101 deletions.
diff --git a/docs/FAQ/gui-faq-en.md b/docs/FAQ/gui-faq-en.md
@@ -4,163 +4,180 @@ Zonemaster
 1. [What is Zonemaster?](#q1)
 2. [Who is behind Zonemaster?](#q2)
 3. [How can Zonemaster help me?](#q3)
-4. [Zonemaster returns "Error" or "Warning" on my domain. What does it mean?](#q4)
-5. [How can Zonemaster judge what is right and wrong?](#q5)
-6. [Does Zonemaster handle IPv6?](#q6)
-7. [Does Zonemaster handle DNSSEC?](#q7)
+4. [Zonemaster returns "Error" or "Warning" on my domain name. What does it mean?](#q4)
+5. [How can Zonemaster distinguish between what is right and wrong?](#q5)
+6. [Does Zonemaster support IPv6?](#q6)
+7. [Does Zonemaster verify DNSSEC?](#q7)
 8. [What makes Zonemaster differ from other DNS zone validating software?](#q8)
 9. [Zonemaster and privacy](#q9)
-10. [How come I cannot test my domain?](#q10)
+10. [How come my domain name cannot be tested?](#q10)
 11. [What kind of queries does Zonemaster generate?](#q11)
 12. [What is an undelegated domain test?](#q12)
-13. [How can I test a reverse zone with Zonemaster?](#q13)
+13. [Can I test the DS records before they are published?](#q13)
+14. [How can I test a reverse zone with Zonemaster?](#q14)
 
 Zonemaster
 ----------
 
 <a name="q1"></a>
 #### 1. What is Zonemaster?
-Zonemaster is a program that was designed to help people check, measure and
-hopefully also understand how DNS (Domain Name System) works.
+Zonemaster is a program designed to help people check, measure and
+hopefully also understand how the DNS (Domain Name System) works.
 
-It consists of four basic parts:
+It consists of several components:
 
   1. Engine - a test framework that supports all functionality to perform DNS tests.
-  2. The CLI interface to the Engine.
-  3. Backend, a server that allows you to run Zonemaster tests and save results using
+  2. CLI - a command-line interface to the Engine.
+  3. Backend - a server that allows you to run Zonemaster tests and save results using
      a JSON-RPC API and a database.
-  4. GUI - a web interface to the backend.
+  4. GUI - a web interface to the Backend.
 
-When a domain (such as "zonemaster.net") is submitted to Zonemaster (CLI or
-GUI) it will investigate the domain’s general health by traversing the DNS from root
-(.) via the TLD (Top Level Domain, like .net) to the nameserver(s) that hosts
-the information about the specific domain (zonemaster.net). The different sanity checks
-conducted by the Zonemaster tool is documented in the [Test Requirements
-document](https://github.com/zonemaster/zonemaster/blob/master/docs/requirements/TestRequirements.md).
+When a domain name (such as 'zonemaster.net') is submitted to Zonemaster (using CLI or
+GUI), it will verify the domain name’s general health with a series of tests.
+The tests conducted by Zonemaster can be found in the [Defined Test Cases] document.
 
 <a name="q2"></a>
 #### 2. Who is behind Zonemaster?
-Zonemaster is a joint project between [Afnic](https://www.afnic.fr/en/)
-(registry operator of .fr TLD and several other
-TLDs, e.g. .re, .pm, .tf, .wf, .yt and .paris) and
-[The Swedish Internet Foundation](https://internetstiftelsen.se/en/)
-(registry
-operator of .se and .nu TLDs).
+Zonemaster is a joint project between [AFNIC] (registry of '.fr' TLD and several other
+TLDs, e.g. '.re', '.pm', '.tf', '.wf', '.yt' and '.paris') and [The Swedish Internet Foundation]
+(registry of '.se' and '.nu' TLDs).
 
 <a name="q3"></a>
 #### 3. How can Zonemaster help me?
 The Zonemaster tool is oriented towards two user categories:
 
   - Users who are knowledgable about the DNS protocol.
-  - Users who just want to know whether the the domains owned or used by them
+  - Users who just want to know whether the domain name they own or use
     have any issues or not.
 
 Users of the second category should contact their DNS operator
-as soon as they get the results other than "green" for any
-test of their domain name.
+in case there are errors or warnings for any test of their domain name.
 
 <a name="q4"></a>
-#### 4. Zonemaster returns "Error" or "Warning" for my domain. What does it mean?
-It depends on which test failed for your domain.
+#### 4. Zonemaster returns "Error" or "Warning" for my domain name. What does it mean?
+It depends on which test failed for your domain name.
+Each test are accompanied with one or several messages describing the issues found.
+You can also get further insight about each test from the [Defined Test Cases] document.
 
 <a name="q5"></a>
-#### 5. How can Zonemaster judge what is right and wrong?
-There is no final judgement of the health of a domain that can be bestowed by
-anyone. The people behind Zonemaster do not claim that the tool is correct in
-every aspect. Sometimes opinions differ. We have done our very best to create a
-default policy for found errors within
-this project. Hopefully this is a good compromise between what is an actual
-potentially dangerous error and what could be merely seen as a notice or warning.
-The added advantage of the tool is that one can add a policy file suited to
-one's necessity to a specified directory and ask the tool to use that policy
-file when running the tests.
-But as with all things as evolving as DNS the situation is most likely
-changing, what is a notice today could be an error tomorrow. If you really think
-we have made a mistake in our judgement please do not hesitate to drop us an email
-at [[email protected]](mailto:[email protected]) (moderated
-mailing list) with a link to your test and an explanation why you think it
-shows something that you consider incorrect.
+#### 5. How can Zonemaster distinguish between what is right and wrong?
+The judgement of Zonemaster is primarily based on the DNS standards as defined in [RFCs].
+It also bases its judgement on DNS best practices, which can be more loosely defined.
+All Zonemaster tests are defined in [Test Case Specifications][Defined Test Cases]
+in which the references to the standard documents for that test case are found.
+
+The descriptions of message levels such as *notice*, *warning* and *error* are found 
+in [Severity Level Definitions].
+
+Sometimes there are different interpretations of the standards or opinions on what is best practice,
+and the Zonemaster team is always open to input.
+If you think we have made a mistake in our judgement please do not hesitate to send us an email
+at [[email protected]] (moderated mailing list) with a link to your test result
+and an explanation as to why you think it shows something that you consider incorrect.
 
 <a name="q6"></a>
-#### 6. Does Zonemaster handle IPv6?
-Yes, it does. All tests run over IPv4 will also be run over IPv6 if Zonemaster
-is configured to do so.
+#### 6. Does Zonemaster support IPv6?
+Yes.
+By default Zonemaster will query name servers both over IPv4 and IPv6, unless explicitly
+configured otherwise.
+Such configuration is accessible through the "Options" button.
 
 <a name="q7"></a>
-#### 7. Does Zonemaster handle DNSSEC?
-Yes, if DNSSEC is available for a domain that is tested by Zonemaster, it will be
+#### 7. Does Zonemaster verify DNSSEC?
+Yes.
+If DNSSEC is available for a domain name that is tested by Zonemaster, it will be
 checked automatically.
 
 <a name="q8"></a>
 #### 8. What makes Zonemaster differ from other DNS zone validating software?
 Firstly, Zonemaster saves all history from earlier tests based on the tested
-domain, which means you can go back to a test you did a week ago and compare it
-to the test you ran a moment ago.
+domain name, which means you can go back to a test you did some time ago and compare it
+to the test you ran just a moment ago.
 
-All tests that Zonemaster runs are defined in test case specifications that
-are linked from [Test Requirements
-document](https://github.com/zonemaster/zonemaster/blob/master/docs/requirements/TestRequirements.md)
+Secondly, all tests that Zonemaster runs are defined in Test Case specifications that
+can be found in the [Defined Test Cases] document.
 
-Zonemaster could be used to test undelegated domains. More about undelegated
-domains in [Question 12](#q12).
+Thirdly, Zonemaster can be used to test undelegated domain names.
+See [Question 12].
+
+Fourthly, Zonemaster can be used to test DS records before their publication in the parent zone
+(which is required to enable DNSSEC for a signed zone).
+See [Question 13].
 
 Lastly, this open source version of Zonemaster was built using modular code
-which, basically, means you can use parts of it in your systems, if you would want
-to. It is quite rare that you'd want a complete program just to check for example
+which basically means that you can integrate parts of it in your own systems, if you wish.
+For example, it is quite rare that you would want a complete program just to check for
 redelegations.
 
 <a name="q9"></a>
 #### 9. Zonemaster and privacy
-Since Zonemaster is open to everyone it is possible for anyone to check your
-domain and also see previous tests, however there is no way to tell
-who has run a specific test since nothing is logged except the time of the test.
+Since [Zonemaster.net] is open to everyone it is possible for anyone to check your
+domain and its history of tests.
+However there is no way to tell who has run a specific test since nothing more than the test
+parameters and results are stored.
+Specifically, no cookies or information on the user's IP address is stored in the database.
+The user who initiated the test cannot be traced back from the information in the database.
 
 <a name="q10"></a>
-#### 10. How come I cannot test my domain?
-If we disregard the situation where the domain does not exist, as in when you input a
-non-existing domain to Zonemaster, there are 2 other possibilites:
-  - To protect the engine from multiple identical inputs, that is the same IP
-    checking the same zone several times, there is a delay of 5 minutes between
-    identical subsequent tests. This means that you can only test the
-    same domain once every 5 minutes, if you try and test it again within 5 minutes
-    the last results will be displayed instead.
-  - Because Zonemaster was made to check domains or DNS zones, like zonemaster.net, and
-    not hostnames in a domain (zone), like www.zonemaster.net, the Zonemaster will
-    report a failure if you try to test a host name instead of a domain matching a
-    DNS zone.
+#### 10. How come my domain name cannot be tested?
+There are several possibilities:
+
+- Your domain name is not yet delegated.
+- Your domain name is not reachable from public Internet.
+- Zonemaster can only test what is called a DNS zone (e.g. 'zonemaster.net') and not host names (e.g. 'www.zonemaster.net')
+- There is a 10 minutes protection between consecutive tests for a given domain name (with same test parameters).
+  Running a test within that window will instead show the last available test for that domain name (and parameters).
+- You have misspelled your domain name.
 
 <a name="q11"></a>
 #### 11. What kind of queries does Zonemaster generate?
-Zonemaster send multiple DNS queries to the name servers hosting the domain name and
-also to the name servers hosting the parent zone of the domain name.
+Zonemaster send multiple DNS queries to the name servers hosting the domain name being tested and
+also to the name servers hosting the parent zone of that domain name.
 
-To get a full
-view of what queries and results are generated you can run the
-CLI interface (and in order to run the CLI interface you need to download the
-complete package and install it) and select full output.
-The output from the CLI tool is quite heavily technical
-so unless you are into bits and bytes you might want to skip this step.
+The GUI interface of Zonemaster does not show any queries sent, only the CLI interface can.
+If you want to see such queries, you will have to locally install
+a minimally working Zonemaster instance with both the Engine and CLI components (a Docker image is also available).
+Queries sent can be shown using the 'DEBUG' level option.
+Fair warning, the output from the CLI can be quite heavy.
+For more information see [Using The CLI].
 
 <a name="q12"></a>
 #### 12. What is an undelegated domain test?
-An undelegated domain test is a test performed on a domain that may, or may not,
-be fully published in the DNS. This can be quite useful if one is going to move
-one's domain from one registrar to another,
-e.g., move zone example.com from the nameserver
-"ns.example.com" to the nameserver "ns.example.org". In this scenario one could perform
-an undelegated domain test providing the zone (example.com) and the nameserver you are moving to
-(ns.example.org) *before* you move your domain.
-When the results of the test are colour coded in green one can be fairly certain
-that the domain's new location is working well. However there
-might still be other problems in the zone data itself that this test is unaware of.
+An undelegated domain test is a test performed on a domain name that may, or may not,
+be fully published in the DNS.
+This can be quite useful if one is going to migrate one's domain from one registrar to another,
+e.g., migrate zone 'example.com' from the name server 'ns.example.com' to the name server 'ns.example.org'.
+In this scenario one could perform an undelegated domain test providing the zone ('example.com')
+and the name server you are migrating to ('ns.example.org') *before* you migrate your domain.
+When the results of the test doesn't show any errors or warnings one can be fairly certain that the
+domain's new location is working well.
+However there might still be other problems in the zone data itself that this test is unaware of.
 
 <a name="q13"></a>
-#### 13. How can I test a "reverse" zone with Zonemaster?
-To check a reverse zone with Zonemaster one need to first know what the
-reverse zone is. If you want to check the reverse zone, you have to enter
-it in the format that it has in DNS, e.g.:
-
-  - 3.2.1.in-addr.arpa
-  - 6.0.1.0.0.2.ip6.arpa
-
-
+#### 13. Can I test the DS records before they are published?
+Yes.
+Use the "Options" button and there add the Delegation Signer (DS) records to be tested.
+Zonemaster will then use those in the same way as if they were already added in the parent zone.
+
+<a name="q14"></a>
+#### 14. How can I test a "reverse" zone with Zonemaster?
+To check a reverse zone with Zonemaster, one first needs to know what the
+reverse zone is, and enter it in the format it has in the DNS.
+A reserve zone is obtained by reversing an IP address and adding a suffix.
+IPv4 addresses use the suffix "in-addr.arpa" while IPv6 addresses
+use "ip6.arpa".
+
+Examples:
+  - For IPv4 prefix '198.51.100.0/24': 100.51.198.in-addr.arpa
+  - For IPv6 prefix '2001:db8::/32': 8.b.d.0.1.0.0.2.ip6.arpa
+
+[AFNIC]:                                 https://www.afnic.fr/en/
+[Defined Test Cases]:                    https://github.com/zonemaster/zonemaster/tree/master/docs/specifications/tests#list-of-defined-test-cases
+[Question 12]:                           #q12
+[Question 13]:                           #q13
+[RFCs]:                                  https://www.ietf.org/standards/rfcs/
+[Severity Level Definitions]:            https://github.com/zonemaster/zonemaster/blob/master/docs/specifications/tests/SeverityLevelDefinitions.md
+[The Swedish Internet Foundation]:       https://internetstiftelsen.se/en/
+[Using The CLI]:                         https://github.com/zonemaster/zonemaster-cli/blob/master/USING.md
+[Zonemaster.net]:                        https://zonemaster.net/
+[[email protected]]:         mailto:[email protected]