From ff6b717955dda877d202779d7763edd19c0e15a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Tue, 26 Jun 2018 12:19:41 +0200
Subject: [PATCH] Do not use IANA DNSSEC keys in the "rpz" system test

With "dnssec-validation" now defaulting to "auto", it needs to be
explicitly set to "yes" (the previous default value) for all validating
resolvers used in system tests.  Ensure that requirement is satisfied by
the resolvers used in the "rpz" system test.
---
 bin/tests/system/rpz/ns2/named.conf.in | 2 ++
 bin/tests/system/rpz/ns3/named.conf.in | 2 ++
 bin/tests/system/rpz/ns4/named.conf.in | 2 ++
 bin/tests/system/rpz/ns5/named.conf.in | 2 ++
 bin/tests/system/rpz/ns6/named.conf.in | 2 ++
 bin/tests/system/rpz/ns7/named.conf.in | 2 ++
 6 files changed, 12 insertions(+)

diff --git a/bin/tests/system/rpz/ns2/named.conf.in b/bin/tests/system/rpz/ns2/named.conf.in
index f4f4550ddb..15226401e9 100644
--- a/bin/tests/system/rpz/ns2/named.conf.in
+++ b/bin/tests/system/rpz/ns2/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 };
 
 key rndc_key {
diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in
index 091cceaa53..851a055bc9 100644
--- a/bin/tests/system/rpz/ns3/named.conf.in
+++ b/bin/tests/system/rpz/ns3/named.conf.in
@@ -26,6 +26,8 @@ options {
 	listen-on-v6 { none; };
 	notify yes;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "bl"					max-policy-ttl 100;
diff --git a/bin/tests/system/rpz/ns4/named.conf.in b/bin/tests/system/rpz/ns4/named.conf.in
index 03d0ca0abd..04d6d188fd 100644
--- a/bin/tests/system/rpz/ns4/named.conf.in
+++ b/bin/tests/system/rpz/ns4/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 };
 
 include "../trusted.conf";
diff --git a/bin/tests/system/rpz/ns5/named.conf.in b/bin/tests/system/rpz/ns5/named.conf.in
index 025cff5ff9..00d0725293 100644
--- a/bin/tests/system/rpz/ns5/named.conf.in
+++ b/bin/tests/system/rpz/ns5/named.conf.in
@@ -28,6 +28,8 @@ options {
 	notify-delay 0;
 	notify yes;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	# turn rpz on or off
 	include "rpz-switch";
diff --git a/bin/tests/system/rpz/ns6/named.conf.in b/bin/tests/system/rpz/ns6/named.conf.in
index ccd177f1b2..1cf738399b 100644
--- a/bin/tests/system/rpz/ns6/named.conf.in
+++ b/bin/tests/system/rpz/ns6/named.conf.in
@@ -22,6 +22,8 @@ options {
 	forward only;
 	forwarders { 10.53.0.3; };
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "policy1" min-update-interval 0;
diff --git a/bin/tests/system/rpz/ns7/named.conf.in b/bin/tests/system/rpz/ns7/named.conf.in
index 8c5c15d10e..842f709923 100644
--- a/bin/tests/system/rpz/ns7/named.conf.in
+++ b/bin/tests/system/rpz/ns7/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on { 10.53.0.7; };
 	listen-on-v6 { none; };
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "policy2";