summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/dlv
diff options
context:
space:
mode:
Diffstat (limited to 'bin/tests/system/dlv')
-rw-r--r--bin/tests/system/dlv/clean.sh42
-rw-r--r--bin/tests/system/dlv/ns1/named.conf.in26
-rw-r--r--bin/tests/system/dlv/ns1/root.db.in19
-rw-r--r--bin/tests/system/dlv/ns1/rootservers.utld.db13
-rwxr-xr-xbin/tests/system/dlv/ns1/sign.sh36
-rw-r--r--bin/tests/system/dlv/ns2/druz.db.in47
-rw-r--r--bin/tests/system/dlv/ns2/hints11
-rw-r--r--bin/tests/system/dlv/ns2/named.conf.in27
-rwxr-xr-xbin/tests/system/dlv/ns2/sign.sh37
-rw-r--r--bin/tests/system/dlv/ns2/utld.db49
-rw-r--r--bin/tests/system/dlv/ns3/child.db.in17
-rw-r--r--bin/tests/system/dlv/ns3/dlv.db.in13
-rw-r--r--bin/tests/system/dlv/ns3/hints11
-rw-r--r--bin/tests/system/dlv/ns3/named.conf.in42
-rwxr-xr-xbin/tests/system/dlv/ns3/sign.sh286
-rw-r--r--bin/tests/system/dlv/ns4/child.db34
-rw-r--r--bin/tests/system/dlv/ns4/hints11
-rw-r--r--bin/tests/system/dlv/ns4/named.conf.in27
-rw-r--r--bin/tests/system/dlv/ns5/hints11
-rw-r--r--bin/tests/system/dlv/ns5/named.conf.in31
-rw-r--r--bin/tests/system/dlv/ns5/rndc.conf20
-rw-r--r--bin/tests/system/dlv/ns6/child.db.in15
-rw-r--r--bin/tests/system/dlv/ns6/hints11
-rw-r--r--bin/tests/system/dlv/ns6/named.conf.in41
-rwxr-xr-xbin/tests/system/dlv/ns6/sign.sh251
-rw-r--r--bin/tests/system/dlv/prereq.sh15
-rw-r--r--bin/tests/system/dlv/setup.sh24
-rw-r--r--bin/tests/system/dlv/tests.sh55
28 files changed, 1222 insertions, 0 deletions
diff --git a/bin/tests/system/dlv/clean.sh b/bin/tests/system/dlv/clean.sh
new file mode 100644
index 0000000..94cadc6
--- /dev/null
+++ b/bin/tests/system/dlv/clean.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+rm -f ns*/named.run
+rm -f ns*/named.conf
+rm -f ns1/K*
+rm -f ns1/dsset-*
+rm -f ns1/*.signed
+rm -f ns1/signer.err
+rm -f ns1/root.db
+rm -f ns2/K*
+rm -f ns2/dlvset-*
+rm -f ns2/dsset-*
+rm -f ns2/*.signed
+rm -f ns2/*.pre
+rm -f ns2/signer.err
+rm -f ns2/druz.db
+rm -f ns3/K*
+rm -f ns3/*.db
+rm -f ns3/*.signed
+rm -f ns3/dlvset-*
+rm -f ns3/dsset-*
+rm -f ns3/keyset-*
+rm -f ns1/trusted.conf ns5/trusted.conf
+rm -f ns3/trusted-dlv.conf ns5/trusted-dlv.conf
+rm -f ns3/signer.err
+rm -f ns6/K*
+rm -f ns6/*.db
+rm -f ns6/*.signed
+rm -f ns6/dsset-*
+rm -f ns6/signer.err
+rm -f */named.memstats
+rm -f dig.out.ns*.test*
+rm -f ns*/named.lock
diff --git a/bin/tests/system/dlv/ns1/named.conf.in b/bin/tests/system/dlv/ns1/named.conf.in
new file mode 100644
index 0000000..337558f
--- /dev/null
+++ b/bin/tests/system/dlv/ns1/named.conf.in
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+};
+
+zone "." { type master; file "root.signed"; };
+zone "rootservers.utld" { type master; file "rootservers.utld.db"; };
diff --git a/bin/tests/system/dlv/ns1/root.db.in b/bin/tests/system/dlv/ns1/root.db.in
new file mode 100644
index 0000000..a4d4bd9
--- /dev/null
+++ b/bin/tests/system/dlv/ns1/root.db.in
@@ -0,0 +1,19 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 120
+@ SOA ns.rootservers.utld hostmaster.ns.rootservers.utld (
+ 1 3600 1200 604800 60 )
+@ NS ns.rootservers.utld
+ns A 10.53.0.1
+;
+utld NS ns.utld
+ns.utld A 10.53.0.2
+druz NS ns.druz
+ns.druz A 10.53.0.2
diff --git a/bin/tests/system/dlv/ns1/rootservers.utld.db b/bin/tests/system/dlv/ns1/rootservers.utld.db
new file mode 100644
index 0000000..8491ed0
--- /dev/null
+++ b/bin/tests/system/dlv/ns1/rootservers.utld.db
@@ -0,0 +1,13 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
new file mode 100755
index 0000000..b815162
--- /dev/null
+++ b/bin/tests/system/dlv/ns1/sign.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+SYSTESTDIR=dlv
+
+(cd ../ns2 && $SHELL -e ./sign.sh || exit 1)
+
+echo_i "dlv/ns1/sign.sh"
+
+zone=.
+infile=root.db.in
+zonefile=root.db
+outfile=root.signed
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+
+echo_i "signed $zone"
+
+keyfile_to_trusted_keys $keyname2 > trusted.conf
+cp trusted.conf ../ns5
diff --git a/bin/tests/system/dlv/ns2/druz.db.in b/bin/tests/system/dlv/ns2/druz.db.in
new file mode 100644
index 0000000..4e0f892
--- /dev/null
+++ b/bin/tests/system/dlv/ns2/druz.db.in
@@ -0,0 +1,47 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.2
+;
+rootservers NS ns.rootservers
+ns.rootservers A 10.53.0.1
+;
+;
+child1 NS ns.child1
+ns.child1 A 10.53.0.3
+;
+child2 NS ns.child2
+ns.child2 A 10.53.0.4
+;
+child3 NS ns.child3
+ns.child3 A 10.53.0.3
+;
+child4 NS ns.child4
+ns.child4 A 10.53.0.3
+;
+child5 NS ns.child5
+ns.child5 A 10.53.0.3
+;
+child6 NS ns.child6
+ns.child6 A 10.53.0.4
+;
+child7 NS ns.child7
+ns.child7 A 10.53.0.3
+;
+child8 NS ns.child8
+ns.child8 A 10.53.0.3
+;
+child9 NS ns.child9
+ns.child9 A 10.53.0.3
+;
+child10 NS ns.child10
+ns.child10 A 10.53.0.3
diff --git a/bin/tests/system/dlv/ns2/hints b/bin/tests/system/dlv/ns2/hints
new file mode 100644
index 0000000..381e86b
--- /dev/null
+++ b/bin/tests/system/dlv/ns2/hints
@@ -0,0 +1,11 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns2/named.conf.in b/bin/tests/system/dlv/ns2/named.conf.in
new file mode 100644
index 0000000..b08bd13
--- /dev/null
+++ b/bin/tests/system/dlv/ns2/named.conf.in
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+};
+
+zone "." { type hint; file "hints"; };
+zone "utld" { type master; file "utld.db"; };
+zone "druz" { type master; file "druz.signed"; };
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
new file mode 100755
index 0000000..6f84d7a
--- /dev/null
+++ b/bin/tests/system/dlv/ns2/sign.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+SYSTESTDIR=dlv
+
+(cd ../ns3 && $SHELL -e ./sign.sh || exit 1)
+
+echo_i "dlv/ns2/sign.sh"
+
+zone=druz.
+infile=druz.db.in
+zonefile=druz.db
+outfile=druz.pre
+dlvzone=utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+
+$CHECKZONE -q -D -i none druz druz.pre |
+sed '/IN DNSKEY/s/\([a-z0-9A-Z/]\{10\}\)[a-z0-9A-Z/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
+
+echo_i "signed $zone"
diff --git a/bin/tests/system/dlv/ns2/utld.db b/bin/tests/system/dlv/ns2/utld.db
new file mode 100644
index 0000000..66f559d
--- /dev/null
+++ b/bin/tests/system/dlv/ns2/utld.db
@@ -0,0 +1,49 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.2
+;
+rootservers NS ns.rootservers
+ns.rootservers A 10.53.0.1
+;
+dlv NS ns.dlv
+ns.dlv A 10.53.0.3
+;
+child1 NS ns.child1
+ns.child1 A 10.53.0.3
+;
+child2 NS ns.child2
+ns.child2 A 10.53.0.4
+;
+child3 NS ns.child3
+ns.child3 A 10.53.0.3
+;
+child4 NS ns.child4
+ns.child4 A 10.53.0.3
+;
+child5 NS ns.child5
+ns.child5 A 10.53.0.3
+;
+child6 NS ns.child6
+ns.child6 A 10.53.0.4
+;
+child7 NS ns.child7
+ns.child7 A 10.53.0.3
+;
+child8 NS ns.child8
+ns.child8 A 10.53.0.3
+;
+child9 NS ns.child9
+ns.child9 A 10.53.0.3
+;
+child10 NS ns.child10
+ns.child10 A 10.53.0.3
diff --git a/bin/tests/system/dlv/ns3/child.db.in b/bin/tests/system/dlv/ns3/child.db.in
new file mode 100644
index 0000000..11df807
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/child.db.in
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.3
+foo TXT foo
+bar TXT bar
+grand NS ns.grand
+ns.grand A 10.53.0.6
diff --git a/bin/tests/system/dlv/ns3/dlv.db.in b/bin/tests/system/dlv/ns3/dlv.db.in
new file mode 100644
index 0000000..fdc8ce9
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/dlv.db.in
@@ -0,0 +1,13 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.3
diff --git a/bin/tests/system/dlv/ns3/hints b/bin/tests/system/dlv/ns3/hints
new file mode 100644
index 0000000..381e86b
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/hints
@@ -0,0 +1,11 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns3/named.conf.in b/bin/tests/system/dlv/ns3/named.conf.in
new file mode 100644
index 0000000..42d712b
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/named.conf.in
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+};
+
+zone "." { type hint; file "hints"; };
+zone "dlv.utld" { type master; file "dlv.signed"; };
+zone "child1.utld" { type master; file "child1.signed"; }; // dlv
+zone "child3.utld" { type master; file "child3.signed"; }; // dlv
+zone "child4.utld" { type master; file "child4.signed"; }; // dlv
+zone "child5.utld" { type master; file "child5.signed"; }; // dlv
+zone "child7.utld" { type master; file "child7.signed"; }; // no dlv
+zone "child8.utld" { type master; file "child8.signed"; }; // no dlv
+zone "child9.utld" { type master; file "child9.signed"; }; // dlv
+zone "child10.utld" { type master; file "child.db.in"; }; // dlv unsigned
+zone "child1.druz" { type master; file "child1.druz.signed"; }; // dlv
+zone "child3.druz" { type master; file "child3.druz.signed"; }; // dlv
+zone "child4.druz" { type master; file "child4.druz.signed"; }; // dlv
+zone "child5.druz" { type master; file "child5.druz.signed"; }; // dlv
+zone "child7.druz" { type master; file "child7.druz.signed"; }; // no dlv
+zone "child8.druz" { type master; file "child8.druz.signed"; }; // no dlv
+zone "child9.druz" { type master; file "child9.druz.signed"; }; // dlv
+zone "child10.druz" { type master; file "child.db.in"; }; // dlv unsigned
diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh
new file mode 100755
index 0000000..bcc9922
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/sign.sh
@@ -0,0 +1,286 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+(cd ../ns6 && $SHELL -e ./sign.sh)
+
+echo_i "dlv/ns3/sign.sh"
+
+dlvzone=dlv.utld.
+dlvsets=
+dssets=
+
+zone=child1.utld.
+infile=child.db.in
+zonefile=child1.utld.db
+outfile=child1.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child3.utld.
+infile=child.db.in
+zonefile=child3.utld.db
+outfile=child3.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child4.utld.
+infile=child.db.in
+zonefile=child4.utld.db
+outfile=child4.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child5.utld.
+infile=child.db.in
+zonefile=child5.utld.db
+outfile=child5.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child7.utld.
+infile=child.db.in
+zonefile=child7.utld.db
+outfile=child7.signed
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child8.utld.
+infile=child.db.in
+zonefile=child8.utld.db
+outfile=child8.signed
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child9.utld.
+infile=child.db.in
+zonefile=child9.utld.db
+outfile=child9.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+zone=child10.utld.
+infile=child.db.in
+zonefile=child10.utld.db
+outfile=child10.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+zone=child1.druz.
+infile=child.db.in
+zonefile=child1.druz.db
+outfile=child1.druz.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child3.druz.
+infile=child.db.in
+zonefile=child3.druz.db
+outfile=child3.druz.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child4.druz.
+infile=child.db.in
+zonefile=child4.druz.db
+outfile=child4.druz.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child5.druz.
+infile=child.db.in
+zonefile=child5.druz.db
+outfile=child5.druz.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child7.druz.
+infile=child.db.in
+zonefile=child7.druz.db
+outfile=child7.druz.signed
+dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child8.druz.
+infile=child.db.in
+zonefile=child8.druz.db
+outfile=child8.druz.signed
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=child9.druz.
+infile=child.db.in
+zonefile=child9.druz.db
+outfile=child9.druz.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+zone=child10.druz.
+infile=child.db.in
+zonefile=child10.druz.db
+outfile=child10.druz.signed
+dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=dlv.utld.
+infile=dlv.db.in
+zonefile=dlv.utld.db
+outfile=dlv.signed
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+keyfile_to_trusted_keys $keyname2 > trusted-dlv.conf
+cp trusted-dlv.conf ../ns5
+
+cp $dssets ../ns2
diff --git a/bin/tests/system/dlv/ns4/child.db b/bin/tests/system/dlv/ns4/child.db
new file mode 100644
index 0000000..c123f70
--- /dev/null
+++ b/bin/tests/system/dlv/ns4/child.db
@@ -0,0 +1,34 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.3
+;
+rootservers NS ns.rootservers
+ns.rootservers A 10.53.0.1
+;
+child1 NS ns.child1
+ns.child1 A 10.53.0.3
+;
+child2 NS ns.child2
+ns.child2 A 10.53.0.4
+;
+child3 NS ns.child3
+ns.child3 A 10.53.0.3
+;
+child4 NS ns.child4
+ns.child4 A 10.53.0.3
+;
+child5 NS ns.child5
+ns.child5 A 10.53.0.3
+;
+child6 NS ns.child5
+ns.child6 A 10.53.0.4
diff --git a/bin/tests/system/dlv/ns4/hints b/bin/tests/system/dlv/ns4/hints
new file mode 100644
index 0000000..381e86b
--- /dev/null
+++ b/bin/tests/system/dlv/ns4/hints
@@ -0,0 +1,11 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns4/named.conf.in b/bin/tests/system/dlv/ns4/named.conf.in
new file mode 100644
index 0000000..805b5f3
--- /dev/null
+++ b/bin/tests/system/dlv/ns4/named.conf.in
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.4;
+ notify-source 10.53.0.4;
+ transfer-source 10.53.0.4;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.4; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable no;
+};
+
+zone "." { type hint; file "hints"; };
+zone "child2.utld" { type master; file "child.db"; };
+zone "child6.utld" { type master; file "child.db"; };
diff --git a/bin/tests/system/dlv/ns5/hints b/bin/tests/system/dlv/ns5/hints
new file mode 100644
index 0000000..381e86b
--- /dev/null
+++ b/bin/tests/system/dlv/ns5/hints
@@ -0,0 +1,11 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns5/named.conf.in b/bin/tests/system/dlv/ns5/named.conf.in
new file mode 100644
index 0000000..9e3b195
--- /dev/null
+++ b/bin/tests/system/dlv/ns5/named.conf.in
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "trusted.conf";
+include "trusted-dlv.conf";
+
+options {
+ query-source address 10.53.0.5;
+ notify-source 10.53.0.5;
+ transfer-source 10.53.0.5;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.5; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+ dnssec-lookaside "." trust-anchor "dlv.utld";
+};
+
+zone "." { type hint; file "hints"; };
diff --git a/bin/tests/system/dlv/ns5/rndc.conf b/bin/tests/system/dlv/ns5/rndc.conf
new file mode 100644
index 0000000..02bce92
--- /dev/null
+++ b/bin/tests/system/dlv/ns5/rndc.conf
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
+ algorithm hmac-sha256;
+ secret "34f88008d07deabbe65bd01f1d233d47";
+};
+
+options {
+ default-server 10.53.0.5;
+ default-port 5353;
+};
diff --git a/bin/tests/system/dlv/ns6/child.db.in b/bin/tests/system/dlv/ns6/child.db.in
new file mode 100644
index 0000000..09a942e
--- /dev/null
+++ b/bin/tests/system/dlv/ns6/child.db.in
@@ -0,0 +1,15 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 120
+@ SOA ns hostmaster.ns6 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.6
+foo TXT foo
+bar TXT bar
diff --git a/bin/tests/system/dlv/ns6/hints b/bin/tests/system/dlv/ns6/hints
new file mode 100644
index 0000000..381e86b
--- /dev/null
+++ b/bin/tests/system/dlv/ns6/hints
@@ -0,0 +1,11 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns6/named.conf.in b/bin/tests/system/dlv/ns6/named.conf.in
new file mode 100644
index 0000000..fe5c68d
--- /dev/null
+++ b/bin/tests/system/dlv/ns6/named.conf.in
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.6;
+ notify-source 10.53.0.6;
+ transfer-source 10.53.0.6;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.6; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+};
+
+zone "." { type hint; file "hints"; };
+zone "grand.child1.utld" { type master; file "grand.child1.signed"; };
+zone "grand.child3.utld" { type master; file "grand.child3.signed"; };
+zone "grand.child4.utld" { type master; file "grand.child4.signed"; };
+zone "grand.child5.utld" { type master; file "grand.child5.signed"; };
+zone "grand.child7.utld" { type master; file "grand.child7.signed"; };
+zone "grand.child8.utld" { type master; file "grand.child8.signed"; };
+zone "grand.child9.utld" { type master; file "grand.child9.signed"; };
+zone "grand.child10.utld" { type master; file "grand.child10.signed"; };
+zone "grand.child1.druz" { type master; file "grand.child1.druz.signed"; };
+zone "grand.child3.druz" { type master; file "grand.child3.druz.signed"; };
+zone "grand.child4.druz" { type master; file "grand.child4.druz.signed"; };
+zone "grand.child5.druz" { type master; file "grand.child5.druz.signed"; };
+zone "grand.child7.druz" { type master; file "grand.child7.druz.signed"; };
+zone "grand.child8.druz" { type master; file "grand.child8.druz.signed"; };
+zone "grand.child9.druz" { type master; file "grand.child9.druz.signed"; };
+zone "grand.child10.druz" { type master; file "grand.child10.druz.signed"; };
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
new file mode 100755
index 0000000..1e39862
--- /dev/null
+++ b/bin/tests/system/dlv/ns6/sign.sh
@@ -0,0 +1,251 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+SYSTESTDIR=dlv
+
+echo_i "dlv/ns6/sign.sh"
+
+zone=grand.child1.utld.
+infile=child.db.in
+zonefile=grand.child1.utld.db
+outfile=grand.child1.signed
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child3.utld.
+infile=child.db.in
+zonefile=grand.child3.utld.db
+outfile=grand.child3.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child4.utld.
+infile=child.db.in
+zonefile=grand.child4.utld.db
+outfile=grand.child4.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child5.utld.
+infile=child.db.in
+zonefile=grand.child5.utld.db
+outfile=grand.child5.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child7.utld.
+infile=child.db.in
+zonefile=grand.child7.utld.db
+outfile=grand.child7.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child8.utld.
+infile=child.db.in
+zonefile=grand.child8.utld.db
+outfile=grand.child8.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child9.utld.
+infile=child.db.in
+zonefile=grand.child9.utld.db
+outfile=grand.child9.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+zone=grand.child10.utld.
+infile=child.db.in
+zonefile=grand.child10.utld.db
+outfile=grand.child10.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+zone=grand.child1.druz.
+infile=child.db.in
+zonefile=grand.child1.druz.db
+outfile=grand.child1.druz.signed
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child3.druz.
+infile=child.db.in
+zonefile=grand.child3.druz.db
+outfile=grand.child3.druz.signed
+dlvzone=dlv.druz.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child4.druz.
+infile=child.db.in
+zonefile=grand.child4.druz.db
+outfile=grand.child4.druz.signed
+dlvzone=dlv.druz.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child5.druz.
+infile=child.db.in
+zonefile=grand.child5.druz.db
+outfile=grand.child5.druz.signed
+dlvzone=dlv.druz.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child7.druz.
+infile=child.db.in
+zonefile=grand.child7.druz.db
+outfile=grand.child7.druz.signed
+dlvzone=dlv.druz.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child8.druz.
+infile=child.db.in
+zonefile=grand.child8.druz.db
+outfile=grand.child8.druz.signed
+dlvzone=dlv.druz.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+
+zone=grand.child9.druz.
+infile=child.db.in
+zonefile=grand.child9.druz.db
+outfile=grand.child9.druz.signed
+dlvzone=dlv.druz.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
+
+zone=grand.child10.druz.
+infile=child.db.in
+zonefile=grand.child10.druz.db
+outfile=grand.child10.druz.signed
+dlvzone=dlv.druz.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+echo_i "signed $zone"
diff --git a/bin/tests/system/dlv/prereq.sh b/bin/tests/system/dlv/prereq.sh
new file mode 100644
index 0000000..a0d4e9c
--- /dev/null
+++ b/bin/tests/system/dlv/prereq.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+exec $SHELL ../testcrypto.sh
diff --git a/bin/tests/system/dlv/setup.sh b/bin/tests/system/dlv/setup.sh
new file mode 100644
index 0000000..0a2aad7
--- /dev/null
+++ b/bin/tests/system/dlv/setup.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
+
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf
+copy_setports ns4/named.conf.in ns4/named.conf
+copy_setports ns5/named.conf.in ns5/named.conf
+copy_setports ns6/named.conf.in ns6/named.conf
+
+(cd ns1 && $SHELL -e sign.sh)
diff --git a/bin/tests/system/dlv/tests.sh b/bin/tests/system/dlv/tests.sh
new file mode 100644
index 0000000..fdf31d9
--- /dev/null
+++ b/bin/tests/system/dlv/tests.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=0
+
+rm -f dig.out.*
+
+DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
+
+echo_i "checking that DNSKEY reference by DLV validates as secure ($n)"
+ret=0
+$DIG $DIGOPTS child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that child DNSKEY reference by DLV validates as secure ($n)"
+ret=0
+$DIG $DIGOPTS grand.child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that SOA reference by DLV in a DRUZ with DS validates as secure ($n)"
+ret=0
+$DIG $DIGOPTS child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that child SOA reference by DLV in a DRUZ with DS validates as secure ($n)"
+ret=0
+$DIG $DIGOPTS grand.child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "exit status: $status"
+[ $status -eq 0 ] || exit 1