diff --git a/CHANGES b/CHANGES
index 82078caa96..6cf2b27c9e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4978.	[test]		Fix error handling and resolver configuration in the
+			"rpz" system test. [GL #312]
+
 4977.	[func]		When starting up, log the same details that
 			would be reported by 'named -V'. [GL #247]
 
diff --git a/bin/tests/system/rpz/ns2/named.conf.in b/bin/tests/system/rpz/ns2/named.conf.in
index f4f4550ddb..15226401e9 100644
--- a/bin/tests/system/rpz/ns2/named.conf.in
+++ b/bin/tests/system/rpz/ns2/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 };
 
 key rndc_key {
diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in
index 091cceaa53..851a055bc9 100644
--- a/bin/tests/system/rpz/ns3/named.conf.in
+++ b/bin/tests/system/rpz/ns3/named.conf.in
@@ -26,6 +26,8 @@ options {
 	listen-on-v6 { none; };
 	notify yes;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "bl"					max-policy-ttl 100;
diff --git a/bin/tests/system/rpz/ns4/named.conf.in b/bin/tests/system/rpz/ns4/named.conf.in
index 03d0ca0abd..04d6d188fd 100644
--- a/bin/tests/system/rpz/ns4/named.conf.in
+++ b/bin/tests/system/rpz/ns4/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 };
 
 include "../trusted.conf";
diff --git a/bin/tests/system/rpz/ns5/named.conf.in b/bin/tests/system/rpz/ns5/named.conf.in
index 025cff5ff9..00d0725293 100644
--- a/bin/tests/system/rpz/ns5/named.conf.in
+++ b/bin/tests/system/rpz/ns5/named.conf.in
@@ -28,6 +28,8 @@ options {
 	notify-delay 0;
 	notify yes;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	# turn rpz on or off
 	include "rpz-switch";
diff --git a/bin/tests/system/rpz/ns6/named.conf.in b/bin/tests/system/rpz/ns6/named.conf.in
index ccd177f1b2..1cf738399b 100644
--- a/bin/tests/system/rpz/ns6/named.conf.in
+++ b/bin/tests/system/rpz/ns6/named.conf.in
@@ -22,6 +22,8 @@ options {
 	forward only;
 	forwarders { 10.53.0.3; };
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "policy1" min-update-interval 0;
diff --git a/bin/tests/system/rpz/ns7/named.conf.in b/bin/tests/system/rpz/ns7/named.conf.in
index 8c5c15d10e..842f709923 100644
--- a/bin/tests/system/rpz/ns7/named.conf.in
+++ b/bin/tests/system/rpz/ns7/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on { 10.53.0.7; };
 	listen-on-v6 { none; };
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "policy2";
diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh
index c7d9de8d3a..a55b1bb1fe 100644
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@@ -578,11 +578,11 @@ EOF
   addr 127.0.0.1 a3-1.sub3.tld2		# 10 prefer policy for largest NSDNAME
   addr 127.0.0.2 a3-1.subsub.sub3.tld2
   nxdomain xxx.crash1.tld2		# 12 dns_db_detachnode() crash
-  if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then
+  if [ "$mode" = dnsrps ]; then
     addr 12.12.12.12 as-ns.tld5.	# 13 qname-as-ns
   fi
   end_group
-  if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then
+  if [ "$mode" = dnsrps ]; then
     ckstats $ns3 test3 ns3 8
   else
     ckstats $ns3 test3 ns3 7
@@ -594,7 +594,7 @@ EOF
   nochange a3-2.tld2.			# 2 exempt rewrite by name
   nochange a0-1.tld2.			# 3 exempt rewrite by address block
   nochange a3-1.tld4			# 4 different NS IP address
-  if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then
+  if [ "$mode" = dnsrps ]; then
       addr 12.12.12.12 as-ns.tld5.	# 5 ip-as-ns
   fi
   end_group
@@ -607,7 +607,7 @@ EOF
     a3-1.tld2.	    x	IN	TXT   "NSIP walled garden"
 EOF
   end_group
-  if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then
+  if [ "$mode" = dnsrps ]; then
     ckstats $ns3 test4 ns3 5
   else
     ckstats $ns3 test4 ns3 4
@@ -712,7 +712,7 @@ EOF
     echo_i "performance not checked; queryperf not available"
   fi
 
-  if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then
+  if [ "$mode" = dnsrps ]; then
     echo_i "checking that dnsrpzd is automatically restarted"
     OLD_PID=`cat dnsrpzd.pid`
     $KILL "$OLD_PID"
@@ -784,7 +784,7 @@ EOF
 
   # dnsrps does not allow NS RRs in policy zones, so this check
   # with dnsrps results in no rewriting.
-  if [ "$DNSRPS_TEST_MODE" = native ]; then
+  if [ "$mode" = native ]; then
     t=`expr $t + 1`
     echo_i "checking rpz with delegation fails correctly (${t})"
     $DIG -p ${PORT} @$ns3 ns example.com > dig.out.$t
@@ -792,7 +792,7 @@ EOF
   fi
 
   [ $status -ne 0 ] && pf=fail || pf=pass
-  case $DNSRPS_TEST_MODE in
+  case $mode in
   native)
     native=$status
     echo_i "status (native RPZ sub-test): $status ($pf)";;