3e1d09ac66
In '_check_apex_dnskey' we check for each key (KEY1 to KEY4) if they are present in the DNSKEY RRset if they should be. However, we only grep the dig output for the first seven fields (owner, ttl, class, type, flags, protocol, algorithm). This can be the same for different keys. For example, KEY1 may be KSK predecessor and KEY2 a KSK successor, both DNSKEY records for these keys are the same up to the public key field. This can cause test failures if KEY1 needs to be present, but KEY2 not, because when grepping for KEY2 we will falsely detect the key to be present (because the grep matches KEY1). Fix the function by grepping looking for the first seven fields in the corresponding key file and retrieve the public key part. Grep for this in the dig output.