Merge branch '3345-fix-keyless-example-generation' into 'main'

Resolve "Insecurity proof failed resolving 'a.b.keyless.example/A/IN' in dnssec test"

Closes #3345

See merge request isc-projects/bind9!6280

bin/tests/system/dnssec/ns3/sign.sh

@@ -121,12 +121,12 @@ cat "$infile" "$keyname.key" > "$zonefile"
 
 "$SIGNER" -z -o "$zone" "$zonefile" > /dev/null
 
-# Change the signer field of the a.b.keyless.example SIG A
+# Change the signer field of the a.b.keyless.example RRSIG A
-# to point to a provably nonexistent KEY record.
+# to point to a provably nonexistent DNSKEY record.
 zonefiletmp=$(mktemp "$zonefile.XXXXXX") || exit 1
 mv "$zonefile.signed" "$zonefiletmp"
 <"$zonefiletmp" "$PERL" -p -e 's/ keyless.example/ b.keyless.example/
-    if /^a.b.keyless.example/../NXT/;' > "$zonefile.signed"
+    if /^a.b.keyless.example/../A RRSIG NSEC/;' > "$zonefile.signed"
 rm -f "$zonefiletmp"
 
 #

bin/tests/system/dnssec/tests.sh

@@ -938,7 +938,7 @@ if [ -x ${DELV} ] ; then
    ret=0
    echo_i "checking that validation fails when key record is missing using dns_client ($n)"
    delv_with_opts +cd @10.53.0.4 a a.b.keyless.example > delv.out$n 2>&1 || ret=1
-   grep "resolution failed: broken trust chain" delv.out$n > /dev/null || ret=1
+   grep "resolution failed: insecurity proof failed" delv.out$n > /dev/null || ret=1
    n=$((n+1))
    test "$ret" -eq 0 || echo_i "failed"
    status=$((status+ret))