DNSSEC bis merge from HEAD:

1581.  [func]          Disable DNSSEC support by default.  To enable
                       DNSSEC specify "enable-dnssec yes;" in named.conf.

1565.  [bug]           CD flag should be copied to outgoing queries unless
                       the query is under a secure entry point in which case
                       CD should be set.

1558.  [func]          New DNSSEC 'disable-algorithms'.  Support entry into
                       child zones for which we don't have a supported
                       algorithm.  Such child zones are treated as unsigned.

1557.  [func]          Implement missing DNSSEC tests for
                       * NOQNAME proof with wildcard answers.
                       * NOWILDARD proof with NXDOMAIN.
                       Cache and return NOQNAME with wildcard answers.

1541.  [func]          NSEC now uses new bitmap format.

1519.  [bug]           dnssec-signzone:nsec_setbit() computed the wrong
                       length of the new bitmap.

1516.  [func]          Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.

bin/tests/system/dnssec/ns2/example.db.in

@@ -13,7 +13,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: example.db.in,v 1.8.12.1 2004/03/06 10:22:00 marka Exp $
+; $Id: example.db.in,v 1.8.12.2 2004/03/08 02:07:45 marka Exp $
 
 $TTL 300	; 5 minutes
 @			IN SOA	mname1. . (
@@ -58,9 +58,17 @@ ns.secure		A	10.53.0.3
 insecure		NS	ns.insecure
 ns.insecure		A	10.53.0.3
 
-
 ; A secure subdomain we're going to inject bogus data into
 bogus			NS	ns.bogus
 ns.bogus		A	10.53.0.3
 
+; A dynamic secure subdomain
+dynamic			NS	dynamic
+dynamic			A	10.53.0.3
+
 z			A	10.0.0.26
+
+keyless			NS	ns.keyless
+ns.keyless		A	10.53.0.3
+
+*.wild			A	10.0.0.27