Check SOA without DNSKEY behaviour

bin/tests/system/synthfromdnssec/ns1/named.conf.in

@@ -62,4 +62,9 @@ zone "minimal" {
 	file "minimal.db.signed";
 };
 
+zone "soa-without-dnskey" {
+	type primary;
+	file "soa-without-dnskey.db.signed";
+};
+
 include "trusted.conf";

bin/tests/system/synthfromdnssec/ns1/root.db.in

@@ -17,3 +17,5 @@ dnamed		NS	ns1.dnamed
 ns1.dnamed	A	10.53.0.1
 minimal		NS	ns1.minimal
 ns1.minimal	A	10.53.0.1
+soa-without-dnskey NS	ns1.soa-without-dnskey
+ns1.soa-without-dnskey A 10.53.0.1

bin/tests/system/synthfromdnssec/ns1/sign.sh

@@ -51,6 +51,16 @@ cat "$infile" "$keyname.key" > "$zonefile"
 # do not regenerate NSEC chain as there in a minimal NSEC record present
 $SIGNER -P -Z nonsecify -o $zone $zonefile > /dev/null
 
+zone=soa-without-dnskey
+infile=soa-without-dnskey.db.in
+zonefile=soa-without-dnskey.db
+
+keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+cat "$infile" "$keyname.key" > "$zonefile"
+
+# do not regenerate NSEC chain as there in a minimal NSEC record present
+$SIGNER -P -Z nonsecify -o $zone $zonefile > /dev/null
+
 zone=.
 infile=root.db.in
 zonefile=root.db

bin/tests/system/synthfromdnssec/ns1/soa-without-dnskey.db.in

@@ -0,0 +1,12 @@
+$TTL 3600
+soa-without-dnskey.	3600	SOA	ns1.soa-without-dnskey. hostmaster.soa-without-dnskey. (
+					1          ; serial
+					3600       ; refresh (1 hour)
+					1200       ; retry (20 minutes)
+					604800     ; expire (1 week)
+					3600       ; minimum (1 hour)
+					)
+			3600	NS	ns1.soa-without-dnskey.
+			3600	NSEC	ns1.soa-without-dnskey. NS SOA RRSIG NSEC
+ns1.soa-without-dnskey.	3600	A	10.53.0.1
+			3600	NSEC	soa-without-dnskey. A RRSIG NSEC