Addition of test suite.

bin/tests/system/dnssec/ns2/example.db.in

@@ -7,7 +7,9 @@ $TTL 300	; 5 minutes
 				3600       ; minimum (1 hour)
 				)
 			NS	ns2
+			NS	ns3
 ns2			A	10.53.0.2
+ns3			A	10.53.0.3
 
 a			A	10.0.0.1
 b			A	10.0.0.2
@@ -18,7 +20,12 @@ secure			NS	ns.secure
 ns.secure		A	10.53.0.3
 
 ; An insecure subdomain
-insecure		NS	ns.secure
+insecure		NS	ns.insecure
 ns.insecure		A	10.53.0.3
 
+
+; A secure subdomain we're going to inject bogus data into
+bogus			NS	ns.bogus
+ns.bogus		A	10.53.0.3
+
 z			A	10.0.0.26

bin/tests/system/dnssec/ns2/named.conf

@@ -16,3 +16,5 @@ zone "example" {
 	allow-update { any; };
 };
 
+
+include "trusted.conf";

bin/tests/system/dnssec/ns2/sign.sh

@@ -13,27 +13,28 @@ keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
 
 cp ../ns3/secure.example.keyset .
 
-$KEYSIGNER -v 9 secure.example.keyset $keyname
+echo $KEYSIGNER secure.example.keyset $keyname
+$KEYSIGNER secure.example.keyset $keyname
 
 # This will leave two copies of the child's zone key in the signed db file;
 # that shouldn't cause any problems.
 cat secure.example.signedkey >>../ns3/secure.example.db.signed
 
+cp ../ns3/bogus.example.keyset .
+
+echo $KEYSIGNER bogus.example.keyset $keyname
+$KEYSIGNER bogus.example.keyset $keyname
+
+# This will leave two copies of the child's zone key in the signed db file;
+# that shouldn't cause any problems.
+cat bogus.example.signedkey >>../ns3/bogus.example.db.signed
+
+echo $KEYSETTOOL $keyname
 $KEYSETTOOL $keyname
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -v 1 -o $zone $zonefile
+echo $SIGNER -o $zone $zonefile
+$SIGNER -o $zone $zonefile
 
-# Configure the resolving server with a trusted key.
-
-cat $keyname.key | perl -n -e '
-my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
-my $key = join("", @rest);
-print <<EOF
-trusted-keys {
-    "$dn" $flags $proto $alg "$key";
-};
-EOF
-' >../ns4/trusted.conf