Improve reliability of zone verification checks
In the "mirror" system test, ns3 periodically sends trust anchor telemetry queries to ns1 and ns2. It may thus happen that for some non-recursive queries for names inside mirror zones which are not yet loaded, ns3 will be able to synthesize a negative answer from the cached records it obtained from trust anchor telemetry responses. In such cases, NXDOMAIN responses will be sent with the root zone SOA in the AUTHORITY section. Since the root zone used in the "mirror" system test has the same serial number as ns2/verify.db.in and zone verification checks look for the specified serial numbers anywhere in the answer, the test could be broken if different zone names were used. The +noauth dig option could be used to address this weakness, but that would prevent entire responses from being stored for later inspection, which in turn would hamper troubleshooting test failures. Instead, use a different serial number for ns2/verify.db.in than for any other zone used in the "mirror" system test and check the number of records in the ANSWER section of each response.
Showing with 14 additions and 2 deletions