2904. [bug] When using DLV, sub-zones of the zones in the DLV,

could be incorrectly marked as insecure instead of
                        secure leading to negative proofs failing.  This was
                        a unintended outcome from change 2890. [RT# 21392]

bin/tests/system/dlv/tests.sh

@@ -14,6 +14,33 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.4 2007/06/19 23:47:02 tbox Exp $
+# $Id: tests.sh,v 1.5 2010/05/26 06:28:00 marka Exp $
 
-exit 0
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=0
+
+rm -f dig.out.*
+
+DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
+
+echo "I:checking that DNSKEY reference by DLV validates as secure ($n)"
+ret=0
+$DIG $DIGOPTS child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that child DNSKEY reference by DLV validates as secure ($n)"
+ret=0
+$DIG $DIGOPTS grand.child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status