diff --git a/bin/tests/system/ecdsa/.gitignore b/bin/tests/system/ecdsa/.gitignore
deleted file mode 100644
index e096e33d39..0000000000
--- a/bin/tests/system/ecdsa/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/ns1/named.conf
-/ns2/named.conf
diff --git a/bin/tests/system/ecdsa/ns1/sign.sh b/bin/tests/system/ecdsa/ns1/sign.sh
index 2d49065639..ec41d20b02 100644
--- a/bin/tests/system/ecdsa/ns1/sign.sh
+++ b/bin/tests/system/ecdsa/ns1/sign.sh
@@ -41,17 +41,11 @@ fi
 if [ $ECDSAP256SHA256_SUPPORTED = 1 ]; then
   keyfile_to_static_ds $ksk256 >trusted.conf
   cp trusted.conf ../ns2/trusted.conf
-else
-  keyfile_to_static_ds $ksk384 >trusted.conf
-  cp trusted.conf ../ns2/trusted.conf
 fi
 
 if [ $ECDSAP384SHA384_SUPPORTED = 1 ]; then
   keyfile_to_static_ds $ksk384 >trusted.conf
   cp trusted.conf ../ns3/trusted.conf
-else
-  keyfile_to_static_ds $ksk256 >trusted.conf
-  cp trusted.conf ../ns3/trusted.conf
 fi
 
 $SIGNER -P -g -o "$zone" "$zonefile" >/dev/null 2>signer.err || cat signer.err
diff --git a/bin/tests/system/ecdsa/tests.sh b/bin/tests/system/ecdsa/tests.sh
deleted file mode 100644
index 7016bf2ab5..0000000000
--- a/bin/tests/system/ecdsa/tests.sh
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-. ../conf.sh
-
-status=0
-n=0
-
-dig_with_opts() {
-  "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
-}
-
-if [ $ECDSAP256SHA256_SUPPORTED = 1 ]; then
-  n=$((n + 1))
-  echo_i "checking that ECDSA256 positive validation works ($n)"
-  ret=0
-  dig_with_opts . @10.53.0.1 soa >dig.out.ns1.test$n || ret=1
-  dig_with_opts . @10.53.0.2 soa >dig.out.ns2.test$n || ret=1
-  $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
-  grep "flags:.*ad.*QUERY" dig.out.ns2.test$n >/dev/null || ret=1
-  if [ $ret != 0 ]; then echo_i "failed"; fi
-  status=$((status + ret))
-else
-  echo_i "algorithm ECDSA256 not supported, skipping test"
-fi
-
-if [ $ECDSAP384SHA384_SUPPORTED = 1 ]; then
-  n=$((n + 1))
-  echo_i "checking that ECDSA384 positive validation works ($n)"
-  ret=0
-  dig_with_opts . @10.53.0.1 soa >dig.out.ns1.test$n || ret=1
-  dig_with_opts . @10.53.0.3 soa >dig.out.ns3.test$n || ret=1
-  $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns3.test$n || ret=1
-  grep "flags:.*ad.*QUERY" dig.out.ns3.test$n >/dev/null || ret=1
-  if [ $ret != 0 ]; then echo_i "failed"; fi
-  status=$((status + ret))
-else
-  echo_i "algorithm ECDSA384 not supported, skipping test"
-fi
-
-echo_i "exit status: $status"
-[ $status -eq 0 ] || exit 1
diff --git a/bin/tests/system/ecdsa/tests_ecdsa.py b/bin/tests/system/ecdsa/tests_ecdsa.py
new file mode 100644
index 0000000000..6ae613c202
--- /dev/null
+++ b/bin/tests/system/ecdsa/tests_ecdsa.py
@@ -0,0 +1,53 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+import pytest
+
+import dns.message
+import isctest
+
+
+pytestmark = pytest.mark.extra_artifacts(
+    [
+        "ns*/trusted.conf",
+        "ns1/K*",
+        "ns1/dsset-*",
+        "ns1/root.db",
+        "ns1/root.db.signed",
+        "ns1/signer.err",
+    ]
+)
+
+
+def check_server_soa(resolver):
+    msg = dns.message.make_query(".", "SOA")
+    msg.flags += dns.flags.AD
+    res1 = isctest.query.tcp(msg, "10.53.0.1")
+    res2 = isctest.query.tcp(msg, resolver)
+    isctest.check.rrsets_equal(res1.answer, res2.answer)
+    assert res2.flags & dns.flags.AD
+
+
+@pytest.mark.skipif(
+    not os.environ["ECDSAP384SHA384_SUPPORTED"],
+    reason="algorithm ECDSA384 not supported",
+)
+def test_ecdsa256():
+    check_server_soa("10.53.0.2")
+
+
+@pytest.mark.skipif(
+    not os.environ["ECDSAP256SHA256_SUPPORTED"],
+    reason="algorithm ECDSA256 not supported",
+)
+def test_ecdsa384():
+    check_server_soa("10.53.0.3")
diff --git a/bin/tests/system/ecdsa/tests_sh_ecdsa.py b/bin/tests/system/ecdsa/tests_sh_ecdsa.py
deleted file mode 100644
index b264f6484d..0000000000
--- a/bin/tests/system/ecdsa/tests_sh_ecdsa.py
+++ /dev/null
@@ -1,28 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-import pytest
-
-pytestmark = pytest.mark.extra_artifacts(
-    [
-        "dig.out.*",
-        "ns*/trusted.conf",
-        "ns1/K*",
-        "ns1/dsset-*",
-        "ns1/root.db",
-        "ns1/root.db.signed",
-        "ns1/signer.err",
-    ]
-)
-
-
-def test_ecdsa(run_tests_sh):
-    run_tests_sh()