3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917

(cherry picked from commit 840d6a4614)

bin/tests/system/dnssec/ns2/in-addr.arpa.db.in

@@ -0,0 +1,8 @@
+$TTL 3600
+@	SOA	ns2.example. . 1 3600 1200 86400 1200
+@	NS	ns2.example.
+;
+;	As we are testing empty zone behaviour ns3 doesn't need to be
+;	configured to serve 10.in-addr.arpa.
+;
+10	NS	ns3.example.

bin/tests/system/dnssec/ns2/named.conf

@@ -102,4 +102,9 @@ zone "nsec3chain-test" {
 	allow-update {any;};
 };
 
+zone "in-addr.arpa" {
+	type master;
+	file "in-addr.arpa.db.signed";
+};
+
 include "trusted.conf";

bin/tests/system/dnssec/ns2/sign.sh

@@ -88,6 +88,18 @@ tolower($1) == "bad-dname.example." && $4 == "RRSIG" && $5 == "DNAME" {
 
 { print; }' > $zonefile.signed++ && mv $zonefile.signed++ $zonefile.signed
 
+#
+# signed in-addr.arpa w/ a delegation for 10.in-addr.arpa which is unsigned.
+#
+zone=in-addr.arpa.
+infile=in-addr.arpa.db.in
+zonefile=in-addr.arpa.db
+
+keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
 
 # Sign the privately secure file