remove DLV system tests

2025-08-31 06:25:31 +00:00 · 2019-08-06 09:28:14 -07:00
parent f9c07c78bc
commit 2c87ab1cca
49 changed files with 8 additions and 1752 deletions
--- a/bin/tests/system/conf.sh.common
+++ b/bin/tests/system/conf.sh.common
@@ -59,7 +59,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
 	acl additional addzone allow-query auth autosign \
 	builtin cacheclean case catz cds chain \
 	checkconf checknames checkzone \
-	cookie database digdelv dlv dlz dlzexternal \
+	cookie database digdelv dlz dlzexternal \
 	dns64 dscp dsdigest dyndb \
 	ednscompliance emptyzones \
 	fetchlimit filter-aaaa formerr forward \
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -55,7 +55,7 @@ check_ttl_range() {
 # using delv insecure mode as not testing dnssec here
 delv_with_opts() {
-    "$DELV" +noroot +nodlv -p "$PORT" "$@"
+    "$DELV" +noroot -p "$PORT" "$@"
 }
 KEYID="$(cat ns2/keyid)"
--- a/bin/tests/system/dlv/clean.sh
+++ b/bin/tests/system/dlv/clean.sh
@@ -1,45 +0,0 @@
 #!/bin/sh
 #
 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 rm -f ns*/named.run
 rm -f ns*/named.conf
 rm -f ns1/K*
 rm -f ns1/dsset-*
 rm -f ns1/*.signed
 rm -f ns1/signer.err
 rm -f ns1/root.db
 rm -f ns1/trusted.conf
 rm -f ns2/K*
 rm -f ns2/dlvset-*
 rm -f ns2/dsset-*
 rm -f ns2/*.signed
 rm -f ns2/*.pre
 rm -f ns2/signer.err
 rm -f ns2/druz.db
 rm -f ns3/K*
 rm -f ns3/*.db
 rm -f ns3/*.signed ns3/*.signed.tmp
 rm -f ns3/dlvset-*
 rm -f ns3/dsset-*
 rm -f ns3/keyset-*
 rm -f ns3/trusted*.conf
 rm -f ns3/signer.err
 rm -f ns5/trusted*.conf
 rm -f ns6/K*
 rm -f ns6/*.db
 rm -f ns6/*.signed
 rm -f ns6/dsset-*
 rm -f ns6/signer.err
 rm -f ns7/trusted*.conf ns8/trusted*.conf
 rm -f */named.memstats
 rm -f dig.out.ns*.test*
 rm -f ns*/named.lock
 rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dlv/ns1/named.conf.in
+++ b/bin/tests/system/dlv/ns1/named.conf.in
@@ -1,25 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 options {
 	query-source address 10.53.0.1;
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
 };
 zone "." { type master; file "root.signed"; };
 zone "rootservers.utld" { type master; file "rootservers.utld.db"; };
--- a/bin/tests/system/dlv/ns1/root.db.in
+++ b/bin/tests/system/dlv/ns1/root.db.in
@@ -1,26 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL	120
@		SOA	ns.rootservers.utld hostmaster.ns.rootservers.utld (
 			1 3600 1200 604800 60 )
@		NS	ns.rootservers.utld
 ns		A	10.53.0.1
 ;
 ; A zone that is unsigned (utld=unsigned tld) that will include a second level
 ; zone that acts as a DLV.
 ;
 utld		NS	ns.utld
 ns.utld		A	10.53.0.2
 ;
 ; A zone that has a bad DNSKEY RRset but has good DLV records for its child
 ; zones.
 ;
 druz		NS	ns.druz
 ns.druz		A	10.53.0.2
--- a/bin/tests/system/dlv/ns1/rootservers.utld.db
+++ b/bin/tests/system/dlv/ns1/rootservers.utld.db
@@ -1,13 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL	120
@	SOA	ns hostmaster.ns 1 3600 1200 604800 60
@	NS	ns
 ns	A	10.53.0.1
--- a/bin/tests/system/dlv/ns1/sign.sh
+++ b/bin/tests/system/dlv/ns1/sign.sh
@@ -1,38 +0,0 @@
 #!/bin/sh
 #
 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
 SYSTESTDIR=dlv
 (cd ../ns2 && $SHELL -e ./sign.sh || exit 1)
 echo_i "dlv/ns1/sign.sh"
 zone=.
 infile=root.db.in
 zonefile=root.db
 outfile=root.signed
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 keyfile_to_static_keys $keyname2 > trusted.conf
 cp trusted.conf ../ns5
 cp trusted.conf ../ns7
 cp trusted.conf ../ns8
--- a/bin/tests/system/dlv/ns2/druz.db.in
+++ b/bin/tests/system/dlv/ns2/druz.db.in
@@ -1,47 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL	120
@		SOA	ns hostmaster.ns 1 3600 1200 604800 60
@		NS	ns
 ns		A	10.53.0.2
 ;
 rootservers	NS	ns.rootservers
 ns.rootservers	A	10.53.0.1
 ;
 ;
 child1		NS	ns.child1
 ns.child1	A	10.53.0.3
 ;
 child2		NS	ns.child2
 ns.child2	A	10.53.0.4
 ;
 child3		NS	ns.child3
 ns.child3	A	10.53.0.3
 ;
 child4		NS	ns.child4
 ns.child4	A	10.53.0.3
 ;
 child5		NS	ns.child5
 ns.child5	A	10.53.0.3
 ;
 child6		NS	ns.child6
 ns.child6	A	10.53.0.4
 ;
 child7		NS	ns.child7
 ns.child7	A	10.53.0.3
 ;
 child8		NS	ns.child8
 ns.child8	A	10.53.0.3
 ;
 child9		NS	ns.child9
 ns.child9	A	10.53.0.3
 ;
 child10		NS	ns.child10
 ns.child10	A	10.53.0.3
--- a/bin/tests/system/dlv/ns2/hints
+++ b/bin/tests/system/dlv/ns2/hints
@@ -1,11 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 . 0 NS ns.rootservers.utld.
 ns.rootservers.utld. 0 A 10.53.0.1
--- a/bin/tests/system/dlv/ns2/named.conf.in
+++ b/bin/tests/system/dlv/ns2/named.conf.in
@@ -1,37 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 options {
 	query-source address 10.53.0.2;
 	notify-source 10.53.0.2;
 	transfer-source 10.53.0.2;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
 };
 /* Root hints. */
 zone "." { type hint; file "hints"; };
 /*
 * A zone that is unsigned (utld=unsigned tld) that will include a second level
 * zone that acts as a DLV.
 */
 zone "utld" { type master; file "utld.db"; };
 /*
 * A zone that has a bad DNSKEY RRset but has good DLV records for its child
 * zones.
 */
 zone "druz" { type master; file "druz.signed"; };
--- a/bin/tests/system/dlv/ns2/sign.sh
+++ b/bin/tests/system/dlv/ns2/sign.sh
@@ -1,37 +0,0 @@
 #!/bin/sh
 #
 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
 SYSTESTDIR=dlv
 (cd ../ns3 && $SHELL -e ./sign.sh || exit 1)
 echo_i "dlv/ns2/sign.sh"
 zone=druz.
 infile=druz.db.in
 zonefile=druz.db
 outfile=druz.pre
 dlvzone=utld.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 $CHECKZONE -q -D -i none druz druz.pre |
 sed '/IN DNSKEY/s/\([a-z0-9A-Z+/]\{10\}\)[a-z0-9A-Z+/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
 echo_i "signed $zone"
--- a/bin/tests/system/dlv/ns2/utld.db
+++ b/bin/tests/system/dlv/ns2/utld.db
@@ -1,61 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL	120
@		SOA	ns hostmaster.ns 1 3600 1200 604800 60
@		NS	ns
 ns		A	10.53.0.2
 ;
 rootservers	NS	ns.rootservers
 ns.rootservers	A	10.53.0.1
 ;
 dlv		NS	ns.dlv
 ns.dlv		A	10.53.0.3
 ;
 disabled-algorithm-dlv		NS	ns.disabled-algorithm-dlv
 ns.disabled-algorithm-dlv	A	10.53.0.3
 ;
 unsupported-algorithm-dlv	NS	ns.unsupported-algorithm-dlv
 ns.unsupported-algorithm-dlv	A	10.53.0.3
 ;
 child1		NS	ns.child1
 ns.child1	A	10.53.0.3
 ;
 child2		NS	ns.child2
 ns.child2	A	10.53.0.4
 ;
 child3		NS	ns.child3
 ns.child3	A	10.53.0.3
 ;
 child4		NS	ns.child4
 ns.child4	A	10.53.0.3
 ;
 child5		NS	ns.child5
 ns.child5	A	10.53.0.3
 ;
 child6		NS	ns.child6
 ns.child6	A	10.53.0.4
 ;
 child7		NS	ns.child7
 ns.child7	A	10.53.0.3
 ;
 child8		NS	ns.child8
 ns.child8	A	10.53.0.3
 ;
 child9		NS	ns.child9
 ns.child9	A	10.53.0.3
 ;
 child10		NS	ns.child10
 ns.child10	A	10.53.0.3
 ;
 disabled-algorithm		NS    ns.disabled-algorithm
 ns.disabled-algorithm		A     10.53.0.3
 ;
 unsupported-algorithm		NS    ns.unsupported-algorithm
 ns.unsupported-algorithm	A     10.53.0.3
--- a/bin/tests/system/dlv/ns3/child.db.in
+++ b/bin/tests/system/dlv/ns3/child.db.in
@@ -1,17 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL	120
@		SOA	ns hostmaster.ns 1 3600 1200 604800 60
@		NS	ns
 ns		A	10.53.0.3
 foo		TXT	foo
 bar		TXT	bar
 grand		NS	ns.grand
 ns.grand	A	10.53.0.6
--- a/bin/tests/system/dlv/ns3/dlv.db.in
+++ b/bin/tests/system/dlv/ns3/dlv.db.in
@@ -1,13 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL	120
@		SOA	ns hostmaster.ns 1 3600 1200 604800 60
@		NS	ns
 ns		A	10.53.0.3
--- a/bin/tests/system/dlv/ns3/hints
+++ b/bin/tests/system/dlv/ns3/hints
@@ -1,11 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 . 0 NS ns.rootservers.utld.
 ns.rootservers.utld. 0 A 10.53.0.1
--- a/bin/tests/system/dlv/ns3/named.conf.in
+++ b/bin/tests/system/dlv/ns3/named.conf.in
@@ -1,141 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 options {
 	query-source address 10.53.0.3;
 	notify-source 10.53.0.3;
 	transfer-source 10.53.0.3;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
 };
 /* Root hints. */
 zone "." { type hint; file "hints"; };
 /* DLV zone below unsigned TLD. */
 zone "dlv.utld" { type master; file "dlv.utld.signed"; };
 /* DLV zone signed with a disabled algorithm below unsigned TLD. */
 zone "disabled-algorithm-dlv.utld." {
 	type master;
 	file "disabled-algorithm-dlv.utld.signed";
 };
 /* DLV zone signed with an unsupported algorithm below unsigned TLD. */
 zone "unsupported-algorithm-dlv.utld." {
 	type master;
 	file "unsupported-algorithm-dlv.utld.signed";
 };
 /* Signed zone below unsigned TLD with DLV entry. */
 zone "child1.utld" { type master; file "child1.signed"; };
 /*
 * Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
 * with a disabled algorithm.
 */
 zone "child3.utld" { type master; file "child3.signed"; };
 /*
 * Signed zone below unsigned TLD with DLV entry.  This one is slightly
 * different because its children (the grandchildren) don't have a DS record in
 * this zone.  The grandchild zones are served by ns6.
 *
 */
 zone "child4.utld" { type master; file "child4.signed"; };
 /*
 * Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
 * with an unsupported algorithm.
 */
 zone "child5.utld" { type master; file "child5.signed"; };
 /* Signed zone below unsigned TLD without DLV entry. */
 zone "child7.utld" { type master; file "child7.signed"; };
 /*
 * Signed zone below unsigned TLD without DLV entry and no DS records for the
 * grandchildren.
 */
 zone "child8.utld" { type master; file "child8.signed"; };
 /* Signed zone below unsigned TLD with DLV entry. */
 zone "child9.utld" { type master; file "child9.signed"; };
 /* Unsigned zone below an unsigned TLD with DLV entry. */
 zone "child10.utld" { type master; file "child.db.in"; };
 /*
 * Zone signed with a disabled algorithm (an algorithm that is disabled in
 * one of the test resolvers) with DLV entry.
 */
 zone "disabled-algorithm.utld" {
 	type master;
 	file "disabled-algorithm.utld.signed";
 };
 /* Zone signed with an unsupported algorithm with DLV entry. */
 zone "unsupported-algorithm.utld" {
 	type master;
 	file "unsupported-algorithm.utld.signed";
 };
 /*
 * Signed zone below signed TLD with good DLV entry but no chain of
 * trust.
 */
 zone "child1.druz" { type master; file "child1.druz.signed"; };
 /*
 * Signed zone below signed TLD with good DLV entry but no chain of
 * trust.  The DLV zone is signed with a disabled algorithm.
 */
 zone "child3.druz" { type master; file "child3.druz.signed"; };
 /*
 * Signed zone below signed TLD with good DLV entry but no chain of
 * trust.  Also there are no DS records for the grandchildren.
 */
 zone "child4.druz" { type master; file "child4.druz.signed"; };
 /*
 * Signed zone below signed TLD with good DLV entry but no chain of
 * trust.  The DLV zone is signed with an unsupported algorithm.
 */
 zone "child5.druz" { type master; file "child5.druz.signed"; };
 /*
 * Signed zone below signed TLD without DLV entry, and no chain of
 * trust.
 */
 zone "child7.druz" { type master; file "child7.druz.signed"; };
 /*
 * Signed zone below signed TLD without DLV entry and no DS set.  Also DS
 * records for the grandchildren are not included in the zone.
 */
 zone "child8.druz" { type master; file "child8.druz.signed"; };
 /*
 * Signed zone below signed TLD with good DLV entry but no DS set.  Also DS
 * records for the grandchildren are not included in the zone.
 */
 zone "child9.druz" { type master; file "child9.druz.signed"; };
 /*
 * Unsigned zone below signed TLD with good DLV entry but no chain of
 * trust.
 */
 zone "child10.druz" { type master; file "child.db.in"; };
--- a/bin/tests/system/dlv/ns3/sign.sh
+++ b/bin/tests/system/dlv/ns3/sign.sh
@@ -1,397 +0,0 @@
 #!/bin/sh
 #
 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
 (cd ../ns6 && $SHELL -e ./sign.sh)
 echo_i "dlv/ns3/sign.sh"
 dlvzone="dlv.utld"
 dlvsets=
 dssets=
 disableddlvzone="disabled-algorithm-dlv.utld"
 disableddlvsets=
 disableddssets=
 unsupporteddlvzone="unsupported-algorithm-dlv.utld"
 unsupporteddlvsets=
 unsupporteddssets=
 # Signed zone below unsigned TLD with DLV entry.
 zone=child1.utld
 infile=child.db.in
 zonefile=child1.utld.db
 outfile=child1.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 dsfilename=../ns6/dsset-grand.${zone}${TP}
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
 # with a disabled algorithm.
 zone=child3.utld
 infile=child.db.in
 zonefile=child3.utld.db
 outfile=child3.signed
 disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 dsfilename=../ns6/dsset-grand.${zone}${TP}
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 $SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below unsigned TLD with DLV entry.  This one is slightly
 # different because its children (the grandchildren) don't have a DS record in
 # this zone.  The grandchild zones are served by ns6.
 zone=child4.utld
 infile=child.db.in
 zonefile=child4.utld.db
 outfile=child4.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
 # with an unsupported algorithm.
 zone=child5.utld
 infile=child.db.in
 zonefile=child5.utld.db
 outfile=child5.signed
 unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 dsfilename=../ns6/dsset-grand.${zone}${TP}
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 $SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below unsigned TLD without DLV entry.
 zone=child7.utld
 infile=child.db.in
 zonefile=child7.utld.db
 outfile=child7.signed
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 dsfilename=../ns6/dsset-grand.${zone}${TP}
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 $SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below unsigned TLD without DLV entry and no DS records for the
 # grandchildren.
 zone=child8.utld
 infile=child.db.in
 zonefile=child8.utld.db
 outfile=child8.signed
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below unsigned TLD with DLV entry.
 zone=child9.utld
 infile=child.db.in
 zonefile=child9.utld.db
 outfile=child9.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Unsigned zone below an unsigned TLD with DLV entry.  We still need to sign
 # the zone to generate the DLV set.
 zone=child10.utld
 infile=child.db.in
 zonefile=child10.utld.db
 outfile=child10.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Zone signed with a disabled algorithm (an algorithm that is disabled in
 # one of the test resolvers) with DLV entry.
 zone=disabled-algorithm.utld
 infile=child.db.in
 zonefile=disabled-algorithm.utld.db
 outfile=disabled-algorithm.utld.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f ${outfile} $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Zone signed with an unsupported algorithm with DLV entry.
 zone=unsupported-algorithm.utld
 infile=child.db.in
 zonefile=unsupported-algorithm.utld.db
 outfile=unsupported-algorithm.utld.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
 awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
 cp ${keyname2}.key ${keyname2}.tmp
 awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
 cp dlvset-${zone}${TP} dlvset-${zone}tmp
 awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP}
 echo_i "signed $zone"
 # Signed zone below signed TLD with DLV entry and DS set.
 zone=child1.druz
 infile=child.db.in
 zonefile=child1.druz.db
 outfile=child1.druz.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 dssets="$dssets dsset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 dsfilename=../ns6/dsset-grand.${zone}${TP}
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below signed TLD with DLV entry and DS set.  The DLV zone is
 # signed with a disabled algorithm.
 zone=child3.druz
 infile=child.db.in
 zonefile=child3.druz.db
 outfile=child3.druz.signed
 disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
 disableddssets="$disableddssets dsset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 dsfilename=../ns6/dsset-grand.${zone}${TP}
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 $SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below signed TLD with DLV entry and DS set, but missing
 # DS records for the grandchildren.
 zone=child4.druz
 infile=child.db.in
 zonefile=child4.druz.db
 outfile=child4.druz.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 dssets="$dssets dsset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below signed TLD with DLV entry and DS set.  The DLV zone is
 # signed with an unsupported algorithm algorithm.
 zone=child5.druz
 infile=child.db.in
 zonefile=child5.druz.db
 outfile=child5.druz.signed
 unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
 unsupporteddssets="$unsupportedssets dsset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 dsfilename=../ns6/dsset-grand.${zone}${TP}
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 $SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below signed TLD without DLV entry, but with normal DS set.
 zone=child7.druz
 infile=child.db.in
 zonefile=child7.druz.db
 outfile=child7.druz.signed
 dssets="$dssets dsset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 dsfilename=../ns6/dsset-grand.${zone}${TP}
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 $SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below signed TLD without DLV entry and no DS set.  Also DS
 # records for the grandchildren are not included in the zone.
 zone=child8.druz
 infile=child.db.in
 zonefile=child8.druz.db
 outfile=child8.druz.signed
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Signed zone below signed TLD with DLV entry but no DS set.  Also DS
 # records for the grandchildren are not included in the zone.
 zone=child9.druz
 infile=child.db.in
 zonefile=child9.druz.db
 outfile=child9.druz.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 # Unsigned zone below signed TLD with DLV entry and DS set.  We still need to
 # sign the zone to generate the DS sets.
 zone=child10.druz
 infile=child.db.in
 zonefile=child10.druz.db
 outfile=child10.druz.signed
 dlvsets="$dlvsets dlvset-${zone}${TP}"
 dssets="$dssets dsset-${zone}${TP}"
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 cp $dssets ../ns2
 cp $disableddssets ../ns2
 cp $unsupporteddssets ../ns2
 # DLV zones
 infile=dlv.db.in
 for zone in dlv.utld disabled-algorithm-dlv.utld unsupported-algorithm-dlv.utld
 do
 	zonefile="${zone}.db"
 	outfile="${zone}.signed"
 	case $zone in
 	"dlv.utld")
 		algorithm=$DEFAULT_ALGORITHM
 		bits=$DEFAULT_BITS
 		dlvfiles=$dlvsets
 		;;
 	"disabled-algorithm-dlv.utld")
 		algorithm=$DISABLED_ALGORITHM
 		bits=$DISABLED_BITS
 		dlvfiles=$disableddlvsets
 		;;
 	"unsupported-algorithm-dlv.utld")
 		algorithm=$DEFAULT_ALGORITHM
 		bits=$DEFAULT_BITS
 		dlvfiles=$unsupporteddlvsets
 		;;
 	esac
 	keyname1=`$KEYGEN -a $algorithm -b $bits -n zone $zone 2> /dev/null`
 	keyname2=`$KEYGEN -f KSK -a $algorithm -b $bits -n zone $zone 2> /dev/null`
 	cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
 	case $zone in
 	"dlv.utld")
 		$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 	        keyfile_to_static_keys $keyname2 > ../ns5/trusted-dlv.conf
 		;;
 	"disabled-algorithm-dlv.utld")
 		$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 		keyfile_to_static_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
 		;;
 	"unsupported-algorithm-dlv.utld")
 		cp ${keyname2}.key ${keyname2}.tmp
 		$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
 		awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
 		awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
 		keyfile_to_static_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf
 		;;
 	esac
 	echo_i "signed $zone"
 done
--- a/bin/tests/system/dlv/ns4/child.db
+++ b/bin/tests/system/dlv/ns4/child.db
@@ -1,34 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL	120
@		SOA	ns hostmaster.ns 1 3600 1200 604800 60
@		NS	ns
 ns		A	10.53.0.3
 ;
 rootservers	NS	ns.rootservers
 ns.rootservers	A	10.53.0.1
 ;
 child1		NS	ns.child1
 ns.child1	A	10.53.0.3
 ;
 child2		NS	ns.child2
 ns.child2	A	10.53.0.4
 ;
 child3		NS	ns.child3
 ns.child3	A	10.53.0.3
 ;
 child4		NS	ns.child4
 ns.child4	A	10.53.0.3
 ;
 child5		NS	ns.child5
 ns.child5	A	10.53.0.3
 ;
 child6		NS	ns.child5
 ns.child6	A	10.53.0.4
--- a/bin/tests/system/dlv/ns4/hints
+++ b/bin/tests/system/dlv/ns4/hints
@@ -1,11 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 . 0 NS ns.rootservers.utld.
 ns.rootservers.utld. 0 A 10.53.0.1
--- a/bin/tests/system/dlv/ns4/named.conf.in
+++ b/bin/tests/system/dlv/ns4/named.conf.in
@@ -1,26 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 options {
 	query-source address 10.53.0.4;
 	notify-source 10.53.0.4;
 	transfer-source 10.53.0.4;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
 };
 zone "." { type hint; file "hints"; };
 zone "child2.utld" { type master; file "child.db"; };
 zone "child6.utld" { type master; file "child.db"; };
--- a/bin/tests/system/dlv/ns5/hints
+++ b/bin/tests/system/dlv/ns5/hints
@@ -1,11 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 . 0 NS ns.rootservers.utld.
 ns.rootservers.utld. 0 A 10.53.0.1
--- a/bin/tests/system/dlv/ns5/named.conf.in
+++ b/bin/tests/system/dlv/ns5/named.conf.in
@@ -1,30 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 include "trusted.conf";
 include "trusted-dlv.conf";
 options {
 	query-source address 10.53.0.5;
 	notify-source 10.53.0.5;
 	transfer-source 10.53.0.5;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.5; };
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
 	dnssec-validation yes;
 	dnssec-lookaside "." trust-anchor "dlv.utld";
 	disable-algorithms "utld." { @DISABLED_ALGORITHM@; };
 };
 zone "." { type hint; file "hints"; };
--- a/bin/tests/system/dlv/ns5/rndc.conf
+++ b/bin/tests/system/dlv/ns5/rndc.conf
@@ -1,20 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
 	algorithm hmac-sha256;
 	secret "34f88008d07deabbe65bd01f1d233d47";
 };
 options {
 	default-server 10.53.0.5;
 	default-port 5353;
 };
--- a/bin/tests/system/dlv/ns6/child.db.in
+++ b/bin/tests/system/dlv/ns6/child.db.in
@@ -1,15 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL	120
@		SOA	ns hostmaster.ns6 1 3600 1200 604800 60
@		NS	ns
 ns		A	10.53.0.6
 foo		TXT	foo
 bar		TXT	bar
--- a/bin/tests/system/dlv/ns6/hints
+++ b/bin/tests/system/dlv/ns6/hints
@@ -1,11 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 . 0 NS ns.rootservers.utld.
 ns.rootservers.utld. 0 A 10.53.0.1
--- a/bin/tests/system/dlv/ns6/named.conf.in
+++ b/bin/tests/system/dlv/ns6/named.conf.in
@@ -1,40 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 options {
 	query-source address 10.53.0.6;
 	notify-source 10.53.0.6;
 	transfer-source 10.53.0.6;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.6; };
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
 };
 zone "." { type hint; file "hints"; };
 zone "grand.child1.utld" { type master; file "grand.child1.signed"; };
 zone "grand.child3.utld" { type master; file "grand.child3.signed"; };
 zone "grand.child4.utld" { type master; file "grand.child4.signed"; };
 zone "grand.child5.utld" { type master; file "grand.child5.signed"; };
 zone "grand.child7.utld" { type master; file "grand.child7.signed"; };
 zone "grand.child8.utld" { type master; file "grand.child8.signed"; };
 zone "grand.child9.utld" { type master; file "grand.child9.signed"; };
 zone "grand.child10.utld" { type master; file "grand.child10.signed"; };
 zone "grand.child1.druz" { type master; file "grand.child1.druz.signed"; };
 zone "grand.child3.druz" { type master; file "grand.child3.druz.signed"; };
 zone "grand.child4.druz" { type master; file "grand.child4.druz.signed"; };
 zone "grand.child5.druz" { type master; file "grand.child5.druz.signed"; };
 zone "grand.child7.druz" { type master; file "grand.child7.druz.signed"; };
 zone "grand.child8.druz" { type master; file "grand.child8.druz.signed"; };
 zone "grand.child9.druz" { type master; file "grand.child9.druz.signed"; };
 zone "grand.child10.druz" { type master; file "grand.child10.druz.signed"; };
--- a/bin/tests/system/dlv/ns6/sign.sh
+++ b/bin/tests/system/dlv/ns6/sign.sh
@@ -1,251 +0,0 @@
 #!/bin/sh
 #
 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
 SYSTESTDIR=dlv
 echo_i "dlv/ns6/sign.sh"
 zone=grand.child1.utld.
 infile=child.db.in
 zonefile=grand.child1.utld.db
 outfile=grand.child1.signed
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child3.utld.
 infile=child.db.in
 zonefile=grand.child3.utld.db
 outfile=grand.child3.signed
 dlvzone=dlv.utld.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child4.utld.
 infile=child.db.in
 zonefile=grand.child4.utld.db
 outfile=grand.child4.signed
 dlvzone=dlv.utld.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child5.utld.
 infile=child.db.in
 zonefile=grand.child5.utld.db
 outfile=grand.child5.signed
 dlvzone=dlv.utld.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child7.utld.
 infile=child.db.in
 zonefile=grand.child7.utld.db
 outfile=grand.child7.signed
 dlvzone=dlv.utld.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child8.utld.
 infile=child.db.in
 zonefile=grand.child8.utld.db
 outfile=grand.child8.signed
 dlvzone=dlv.utld.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child9.utld.
 infile=child.db.in
 zonefile=grand.child9.utld.db
 outfile=grand.child9.signed
 dlvzone=dlv.utld.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child10.utld.
 infile=child.db.in
 zonefile=grand.child10.utld.db
 outfile=grand.child10.signed
 dlvzone=dlv.utld.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child1.druz.
 infile=child.db.in
 zonefile=grand.child1.druz.db
 outfile=grand.child1.druz.signed
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child3.druz.
 infile=child.db.in
 zonefile=grand.child3.druz.db
 outfile=grand.child3.druz.signed
 dlvzone=dlv.druz.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child4.druz.
 infile=child.db.in
 zonefile=grand.child4.druz.db
 outfile=grand.child4.druz.signed
 dlvzone=dlv.druz.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child5.druz.
 infile=child.db.in
 zonefile=grand.child5.druz.db
 outfile=grand.child5.druz.signed
 dlvzone=dlv.druz.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child7.druz.
 infile=child.db.in
 zonefile=grand.child7.druz.db
 outfile=grand.child7.druz.signed
 dlvzone=dlv.druz.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child8.druz.
 infile=child.db.in
 zonefile=grand.child8.druz.db
 outfile=grand.child8.druz.signed
 dlvzone=dlv.druz.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child9.druz.
 infile=child.db.in
 zonefile=grand.child9.druz.db
 outfile=grand.child9.druz.signed
 dlvzone=dlv.druz.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=grand.child10.druz.
 infile=child.db.in
 zonefile=grand.child10.druz.db
 outfile=grand.child10.druz.signed
 dlvzone=dlv.druz.
 keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key >$zonefile
 $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
--- a/bin/tests/system/dlv/ns7/hints
+++ b/bin/tests/system/dlv/ns7/hints
@@ -1,12 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 . 0 NS ns.rootservers.utld.
 ns.rootservers.utld. 0 A 10.53.0.1
--- a/bin/tests/system/dlv/ns7/named.conf.in
+++ b/bin/tests/system/dlv/ns7/named.conf.in
@@ -1,31 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 include "trusted.conf";
 include "trusted-dlv-unsupported.conf";
 options {
 	query-source address 10.53.0.7;
 	notify-source 10.53.0.7;
 	transfer-source 10.53.0.7;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.7; };
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
 	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-lookaside "." trust-anchor "unsupported-algorithm-dlv.utld";
 };
 zone "." { type hint; file "hints"; };
--- a/bin/tests/system/dlv/ns8/hints
+++ b/bin/tests/system/dlv/ns8/hints
@@ -1,12 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 . 0 NS ns.rootservers.utld.
 ns.rootservers.utld. 0 A 10.53.0.1
--- a/bin/tests/system/dlv/ns8/named.conf.in
+++ b/bin/tests/system/dlv/ns8/named.conf.in
@@ -1,32 +0,0 @@
 /*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */
 include "trusted.conf";
 include "trusted-dlv-disabled.conf";
 options {
 	query-source address 10.53.0.8;
 	notify-source 10.53.0.8;
 	transfer-source 10.53.0.8;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.8; };
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
 	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-lookaside "." trust-anchor "disabled-algorithm-dlv.utld";
 	disable-algorithms "disabled-algorithm-dlv.utld." { @DISABLED_ALGORITHM@; };
 };
 zone "." { type hint; file "hints"; };
--- a/bin/tests/system/dlv/setup.sh
+++ b/bin/tests/system/dlv/setup.sh
@@ -1,26 +0,0 @@
 #!/bin/sh
 #
 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 $SHELL clean.sh
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
 copy_setports ns6/named.conf.in ns6/named.conf
 copy_setports ns7/named.conf.in ns7/named.conf
 copy_setports ns8/named.conf.in ns8/named.conf
 (cd ns1 && $SHELL -e sign.sh)
--- a/bin/tests/system/dlv/tests.sh
+++ b/bin/tests/system/dlv/tests.sh
@@ -1,111 +0,0 @@
 #!/bin/sh
 #
 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 status=0
 n=0
 rm -f dig.out.*
 DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
 echo_i "checking that unsigned TLD zone DNSKEY referenced by DLV validates as secure ($n)"
 ret=0
 $DIG $DIGOPTS child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 echo_i "checking that unsigned TLD child zone DNSKEY referenced by DLV validates as secure ($n)"
 ret=0
 $DIG $DIGOPTS grand.child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 echo_i "checking that no chain of trust SOA referenced by DLV validates as secure ($n)"
 ret=0
 $DIG $DIGOPTS child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 echo_i "checking that no chain of trust child SOA referenced by DLV validates as secure ($n)"
 ret=0
 $DIG $DIGOPTS grand.child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 # Test that a child zone that is signed with an unsupported algorithm,
 # referenced by a good DLV zone, yields an insecure response.
 echo_i "checking that unsupported algorithm TXT referenced by DLV validates as insecure ($n)"
 ret=0
 $DIG $DIGOPTS foo.unsupported-algorithm.utld txt @10.53.0.3 > dig.out.ns3.test$n || ret=1
 $DIG $DIGOPTS foo.unsupported-algorithm.utld txt @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
 grep -q "foo\.unsupported-algorithm\.utld\..*TXT.*\"foo\"" dig.out.ns5.test$n || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 # Test that a child zone that is signed with a disabled algorithm,
 # referenced by a good DLV zone, yields an insecure response.
 echo_i "checking that disabled algorithm TXT referenced by DLV validates as insecure ($n)"
 ret=0
 $DIG $DIGOPTS foo.disabled-algorithm.utld txt @10.53.0.3 > dig.out.ns3.test$n || ret=1
 $DIG $DIGOPTS foo.disabled-algorithm.utld txt @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
 grep -q "foo\.disabled-algorithm\.utld\..*TXT.*\"foo\"" dig.out.ns5.test$n || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 # Test that a child zone that is signed with a known algorithm, referenced by
 # a DLV zone that is signed with a disabled algorithm, yields a bogus
 # response.
 echo_i "checking that good signed TXT referenced by disabled algorithm DLV validates as bogus ($n)"
 ret=0
 $DIG $DIGOPTS foo.child3.utld txt @10.53.0.8 > dig.out.ns8.test$n || ret=1
 grep "status: SERVFAIL" dig.out.ns8.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns8.test$n > /dev/null && ret=1
 grep -q "foo\.child3\.utld\..*TXT.*\"foo\"" dig.out.ns8.test$n && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 # Test that a child zone that is signed with a known algorithm, referenced by
 # a DLV zone that is signed with an unsupported algorithm, yields a bogus
 # response.
 echo_i "checking that good signed TXT referenced by unsupported algorithm DLV validates as bogus ($n)"
 ret=0
 $DIG $DIGOPTS foo.child5.utld txt @10.53.0.7 > dig.out.ns7.test$n || ret=1
 grep "status: SERVFAIL" dig.out.ns7.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns7.test$n > /dev/null && ret=1
 grep -q "foo\.child5\.utld\..*TXT.*\"foo\"" dig.out.ns7.test$n && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/bin/tests/system/dnssec/README
+++ b/bin/tests/system/dnssec/README
@@ -14,9 +14,12 @@ for the root.
 ns5 is a caching-only server, configured with the an incorrect trusted
 key for the root.  It is used for testing failure cases.
-ns6 is a caching-only server configured to use DLV.
+ns6 is an caching and authoritative server used for testing unusual
 server behaviors such as disabled DNSSEC algorithms.
 ns7 is used for checking non-cacheable answers.
 ns8 is a caching-only server, configured with unsupported and disabled
 algorithms.  It is used for testing failure cases.
 ns9 is a forwarding-only server.
--- a/bin/tests/system/dnssec/clean.sh
+++ b/bin/tests/system/dnssec/clean.sh
@@ -11,7 +11,7 @@
 set -e
-rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/dlvset-* ./*/signedkey-* ./*/*.signed
+rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/signedkey-* ./*/*.signed
 rm -f ./*/example.bk
 rm -f ./*/named.conf
 rm -f ./*/named.memstats
@@ -44,10 +44,8 @@ rm -f ./ns2/cds-auto.secure.db ./ns2/cds-auto.secure.db.jnl
 rm -f ./ns2/cds-kskonly.secure.db
 rm -f ./ns2/cds-update.secure.db ./ns2/cds-update.secure.db.jnl
 rm -f ./ns2/cds.secure.db ./ns2/cds-x.secure.db
 rm -f ./ns2/dlv.db
 rm -f ./ns2/in-addr.arpa.db
 rm -f ./ns2/nsec3chain-test.db
 rm -f ./ns2/private.secure.example.db
 rm -f ./ns2/single-nsec3.db
 rm -f ./ns2/updatecheck-kskonly.secure.*
 rm -f ./ns3/secure.example.db ./ns3/*.managed.db ./ns3/*.trusted.db
--- a/bin/tests/system/dnssec/ns1/root.db.in
+++ b/bin/tests/system/dnssec/ns1/root.db.in
@@ -20,8 +20,6 @@ a.root-servers.nil.	A	10.53.0.1
 example.		NS	ns2.example.
 ns2.example.		A	10.53.0.2
 dlv.			NS	ns2.dlv.
 ns2.dlv.		A	10.53.0.2
 algroll.		NS	ns2.algroll.
 ns2.algroll.		A	10.53.0.2
 managed.		NS	ns2.managed.
--- a/bin/tests/system/dnssec/ns1/sign.sh
+++ b/bin/tests/system/dnssec/ns1/sign.sh
@@ -25,7 +25,6 @@ zonefile=root.db
 echo_i "ns1/sign.sh"
 cp "../ns2/dsset-example$TP" .
 cp "../ns2/dsset-dlv$TP" .
 cp "../ns2/dsset-in-addr.arpa$TP" .
 grep "$DEFAULT_ALGORITHM_NUMBER [12] " "../ns2/dsset-algroll$TP" > "dsset-algroll$TP"
--- a/bin/tests/system/dnssec/ns2/dlv.db.in
+++ b/bin/tests/system/dnssec/ns2/dlv.db.in
@@ -1,19 +0,0 @@
 ; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ;
 ; This Source Code Form is subject to the terms of the Mozilla Public
 ; License, v. 2.0. If a copy of the MPL was not distributed with this
 ; file, You can obtain one at http://mozilla.org/MPL/2.0/.
 ;
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 $TTL 300	; 5 minutes
@			IN SOA	mname1. . (
 				2000042407 ; serial
 				20         ; refresh (20 seconds)
 				20         ; retry (20 seconds)
 				1814400    ; expire (3 weeks)
 				3600       ; minimum (1 hour)
 				)
 			NS	ns2
 ns2			A	10.53.0.2
--- a/bin/tests/system/dnssec/ns2/named.conf.in
+++ b/bin/tests/system/dnssec/ns2/named.conf.in
@@ -40,11 +40,6 @@ zone "." {
 	file "../../common/root.hint";
 };
 zone "dlv" {
 	type master;
 	file "dlv.db.signed";
 };
 zone "trusted" {
 	type master;
 	file "trusted.db.signed";
@@ -61,12 +56,6 @@ zone "example" {
 	allow-update { any; };
 };
 zone "private.secure.example" {
 	type master;
 	file "private.secure.example.db.signed";
 	allow-update { any; };
 };
 zone "insecure.secure.example" {
 	type master;
 	file "insecure.secure.example.db";
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -136,31 +136,6 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon
 cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
 "$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
 # Sign the privately secure file
 privzone=private.secure.example
 privinfile=private.secure.example.db.in
 privzonefile=private.secure.example.db
 privkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$privzone")
 cat "$privinfile" "$privkeyname.key" > "$privzonefile"
 "$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null 2>&1
 # Sign the DLV secure zone.
 dlvzone=dlv.
 dlvinfile=dlv.db.in
 dlvzonefile=dlv.db
 dlvsetfile="dlvset-${privzone}${TP}"
 dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
 cat "$dlvinfile" "$dlvkeyname.key" "$dlvsetfile" > "$dlvzonefile"
 "$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null 2>&1
 # Sign the badparam secure file
 zone=badparam.
--- a/bin/tests/system/dnssec/ns6/named.conf.in
+++ b/bin/tests/system/dnssec/ns6/named.conf.in
@@ -23,7 +23,6 @@ options {
 	notify yes;
 	disable-algorithms . { @ALTERNATIVE_ALGORITHM@; };
 	dnssec-validation yes;
 	dnssec-lookaside . trust-anchor dlv;
 };
 zone "." {
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -1212,34 +1212,6 @@ n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 echo_i "checking that positive validation in a privately secure zone works ($n)"
 ret=0
 dig_with_opts +noauth a.private.secure.example. a @10.53.0.2 \
 	> dig.out.ns2.test$n || ret=1
 dig_with_opts +noauth a.private.secure.example. a @10.53.0.4 \
 	> dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 # Note - this is looking for failure, hence the &&
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
 n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 echo_i "checking that negative validation in a privately secure zone works ($n)"
 ret=0
 dig_with_opts +noauth q.private.secure.example. a @10.53.0.2 \
 	> dig.out.ns2.test$n || ret=1
 dig_with_opts +noauth q.private.secure.example. a @10.53.0.4 \
 	> dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 # Note - this is looking for failure, hence the &&
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
 n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 echo_i "checking that lookups succeed after disabling an algorithm ($n)"
 ret=0
 dig_with_opts +noauth example. SOA @10.53.0.2 \
@@ -1253,28 +1225,6 @@ n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 echo_i "checking privately secure to nxdomain works ($n)"
 ret=0
 dig_with_opts +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 \
 	> dig.out.ns4.test$n || ret=1
 grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 # Note - this is looking for failure, hence the &&
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
 n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 echo_i "checking privately secure wildcard to nxdomain works ($n)"
 ret=0
 dig_with_opts +noauth a.wild.private.secure.example. SOA @10.53.0.4 \
 	> dig.out.ns4.test$n || ret=1
 grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 # Note - this is looking for failure, hence the &&
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
 n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 echo_i "checking a non-cachable NODATA works ($n)"
 ret=0
 dig_with_opts +noauth a.nosoa.secure.example. txt @10.53.0.7 \
@@ -1299,21 +1249,6 @@ n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 #
 # private.secure.example is served by the same server as its
 # grand parent and there is not a secure delegation from secure.example
 # to private.secure.example.  In addition secure.example is using a
 # algorithm which the validation does not support.
 #
 echo_i "checking dnssec-lookaside-validation works ($n)"
 ret=0
 dig_with_opts private.secure.example. SOA @10.53.0.6 \
 	> dig.out.ns6.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns6.test$n > /dev/null || ret=1
 n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 echo_i "checking that we can load a rfc2535 signed zone ($n)"
 ret=0
 dig_with_opts rfc2535.example. SOA @10.53.0.2 \
@@ -2433,7 +2368,7 @@ status=$((status+ret))
 echo_i "checking that DS at a RFC 1918 empty zone lookup succeeds ($n)"
 ret=0
 dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.2 >dig.out.ns2.test$n || ret=1
-dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.6 >dig.out.ns6.test$n || ret=1
+dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.4 >dig.out.ns6.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns6.test$n || ret=1
 grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1
 n=$((n+1))
--- a/bin/tests/system/filter-aaaa/ns1/sign.sh
+++ b/bin/tests/system/filter-aaaa/ns1/sign.sh
@@ -14,8 +14,6 @@ SYSTEMTESTTOP=../..
 SYSTESTDIR=filter-aaaa
 dlvsets=
 zone=signed.
 infile=signed.db.in
 zonefile=signed.db.signed
--- a/bin/tests/system/filter-aaaa/ns4/sign.sh
+++ b/bin/tests/system/filter-aaaa/ns4/sign.sh
@@ -14,8 +14,6 @@ SYSTEMTESTTOP=../..
 SYSTESTDIR=filter-aaaa
 dlvsets=
 zone=signed.
 infile=signed.db.in
 zonefile=signed.db.signed
--- a/bin/tests/system/wildcard/ns1/named.conf.in
+++ b/bin/tests/system/wildcard/ns1/named.conf.in
@@ -24,8 +24,6 @@ options {
 zone "." { type master; file "root.db.signed"; };
 zone "dlv" { type master; file "dlv.db.signed"; };
 zone "nsec" { type master; file "nsec.db.signed"; };
 zone "private.nsec" { type master; file "private.nsec.db.signed"; };
--- a/bin/tests/system/wildcard/ns1/root.db.in
+++ b/bin/tests/system/wildcard/ns1/root.db.in
@@ -11,6 +11,5 @@ $TTL 120
@	SOA a.root-servers.nil hostmaster.root-servers.nil 1 1800 900 604800 86400
@	NS  a.root-servers.nil
 a.root-servers.nil A 10.53.0.1
 dlv	NS  a.root-servers.nil
 nsec	NS  a.root-servers.nil
 nsec3	NS  a.root-servers.nil
--- a/bin/tests/system/wildcard/ns1/sign.sh
+++ b/bin/tests/system/wildcard/ns1/sign.sh
@@ -16,20 +16,6 @@ SYSTESTDIR=wildcard
 dssets=
 zone=dlv
 infile=dlv.db.in
 zonefile=dlv.db
 outfile=dlv.db.signed
 dssets="$dssets dsset-${zone}${TP}"
 keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 
 keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
 cat $infile $keyname1.key $keyname2.key > $zonefile
 $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 zone=nsec
 infile=nsec.db.in
 zonefile=nsec.db
--- a/bin/tests/system/wildcard/ns5/named.conf.in
+++ b/bin/tests/system/wildcard/ns5/named.conf.in
@@ -20,7 +20,6 @@ options {
 	recursion yes;
 	dnssec-validation yes;
 	notify yes;
 	dnssec-lookaside . trust-anchor dlv;
 };
 include "../ns1/trusted.conf";
--- a/util/copyrights
+++ b/util/copyrights
@@ -502,13 +502,6 @@
 ./bin/tests/system/digdelv/setup.sh		SH	2018,2019
 ./bin/tests/system/digdelv/tests.sh		SH	2015,2016,2017,2018,2019
 ./bin/tests/system/ditch.pl			PERL	2015,2016,2018,2019
 ./bin/tests/system/dlv/clean.sh			SH	2004,2007,2010,2011,2012,2014,2016,2018,2019
 ./bin/tests/system/dlv/ns1/sign.sh		SH	2011,2012,2014,2016,2018,2019
 ./bin/tests/system/dlv/ns2/sign.sh		SH	2011,2012,2014,2016,2018,2019
 ./bin/tests/system/dlv/ns3/sign.sh		SH	2004,2007,2009,2010,2011,2012,2014,2016,2018,2019
 ./bin/tests/system/dlv/ns6/sign.sh		SH	2010,2011,2012,2014,2016,2018,2019
 ./bin/tests/system/dlv/setup.sh			SH	2004,2007,2009,2011,2012,2014,2016,2017,2018,2019
 ./bin/tests/system/dlv/tests.sh			SH	2004,2007,2010,2011,2012,2016,2018,2019
 ./bin/tests/system/dlz/clean.sh			SH	2010,2012,2014,2016,2018,2019
 ./bin/tests/system/dlz/ns1/dns-root/com/broken/dns.d/@/DNAME=10=example.net.=	TXT.BRIEF	2015,2016,2018,2019
 ./bin/tests/system/dlz/ns1/dns-root/com/broken/dns.d/@/NS=10=example.com.=	TXT.BRIEF	2015,2016,2018,2019