remove "dnssec-enable" from all system tests

885a3d20 · Evan Hunt · b3ff3bf2 · 885a3d20 · 885a3d20 · 885a3d20
Commit 885a3d20 authored Mar 11, 2019 by Evan Hunt
85 changed files
--- a/bin/tests/system/autosign/ns1/named.conf.in
+++ b/bin/tests/system/autosign/ns1/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/autosign/ns2/named.conf.in
+++ b/bin/tests/system/autosign/ns2/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-loadkeys-interval 30;
 };

--- a/bin/tests/system/autosign/ns3/named.conf.in
+++ b/bin/tests/system/autosign/ns3/named.conf.in
@@ -24,7 +24,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-loadkeys-interval 10;
 	allow-new-zones yes;

--- a/bin/tests/system/autosign/ns4/named.conf.in
+++ b/bin/tests/system/autosign/ns4/named.conf.in
@@ -20,7 +20,6 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-must-be-secure mustbesecure.example yes;
 };

--- a/bin/tests/system/autosign/ns5/named.conf.in
+++ b/bin/tests/system/autosign/ns5/named.conf.in
@@ -20,7 +20,6 @@ options {
 	listen-on { 10.53.0.5; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/checkconf/dnssec.1
+++ b/bin/tests/system/checkconf/dnssec.1
@@ -11,5 +11,4 @@

 options {
 	dnssec-enable no;
-	dnssec-validation yes;
 };
--- a/bin/tests/system/checkconf/dnssec.2
+++ b/bin/tests/system/checkconf/dnssec.2
@@ -9,10 +9,6 @@
 * information regarding copyright ownership.
 */

-options {
-	dnssec-enable no;
-};
-
 view view1 {
 	match-clients { any; };
 	dnssec-validation yes;

--- a/bin/tests/system/checkconf/dnssec.3
+++ b/bin/tests/system/checkconf/dnssec.3
@@ -9,18 +9,12 @@
 * information regarding copyright ownership.
 */

-options {
-	dnssec-validation no;
-};
-
 view view1 {
 	match-clients { any; };
-	dnssec-enable no;
 };

 view view2 {
 	match-clients { none; };
-	dnssec-enable yes;
 };

 view view3 {

--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -111,11 +111,11 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking named-checkconf dnssec warnings ($n)"
 ret=0
-$CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
+# dnssec.1: dnssec-enable is obsolete
+$CHECKCONF dnssec.1 2>&1 | grep "'dnssec-enable' is obsolete and should be removed" > /dev/null || ret=1
+# dnssec.2: auto-dnssec warning
 $CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1
-$CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1
-$CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
-# this one should have no warnings
+# dnssec.3: should have no warnings
 $CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`

--- a/bin/tests/system/database/ns1/named1.conf.in
+++ b/bin/tests/system/database/ns1/named1.conf.in
@@ -30,7 +30,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/database/ns1/named2.conf.in
+++ b/bin/tests/system/database/ns1/named2.conf.in
@@ -30,7 +30,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/digdelv/ns1/named.conf.in
+++ b/bin/tests/system/digdelv/ns1/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { fd92:7065:b8e:ffff::1; };
 	recursion no;
 	notify yes;
-	dnssec-enable no;
 	dnssec-validation no;
 };


--- a/bin/tests/system/digdelv/ns2/named.conf.in
+++ b/bin/tests/system/digdelv/ns2/named.conf.in
@@ -18,7 +18,6 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { fd92:7065:b8e:ffff::2; };
 	recursion no;
-	dnssec-enable no;
 	dnssec-validation no;
 };


--- a/bin/tests/system/digdelv/ns3/named.conf.in
+++ b/bin/tests/system/digdelv/ns3/named.conf.in
@@ -16,7 +16,6 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { fd92:7065:b8e:ffff::3; };
 	recursion yes;
-	dnssec-enable no;
 	dnssec-validation no;
 	server-id "ns3";
 };

--- a/bin/tests/system/dlv/ns1/named.conf.in
+++ b/bin/tests/system/dlv/ns1/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 };

 zone "." { type master; file "root.signed"; };

--- a/bin/tests/system/dlv/ns2/named.conf.in
+++ b/bin/tests/system/dlv/ns2/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 };

 zone "." { type hint; file "hints"; };

--- a/bin/tests/system/dlv/ns3/named.conf.in
+++ b/bin/tests/system/dlv/ns3/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 };

 zone "." { type hint; file "hints"; };

--- a/bin/tests/system/dlv/ns4/named.conf.in
+++ b/bin/tests/system/dlv/ns4/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable no;
 };

 zone "." { type hint; file "hints"; };

--- a/bin/tests/system/dlv/ns5/named.conf.in
+++ b/bin/tests/system/dlv/ns5/named.conf.in
@@ -22,7 +22,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-lookaside "." trust-anchor "dlv.utld";
 };

--- a/bin/tests/system/dlv/ns6/named.conf.in
+++ b/bin/tests/system/dlv/ns6/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 };

 zone "." { type hint; file "hints"; };

--- a/bin/tests/system/dns64/ns1/named.conf.in
+++ b/bin/tests/system/dns64/ns1/named.conf.in
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	allow-recursion { 10.53.0.1; };
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;

 	dns64 2001:bbbb::/96 {

--- a/bin/tests/system/dns64/ns2/named.conf.in
+++ b/bin/tests/system/dns64/ns2/named.conf.in
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;

 	dns64 2001:aaaa::/96 {

--- a/bin/tests/system/dnssec/ns1/named.conf.in
+++ b/bin/tests/system/dnssec/ns1/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	/* test that we can turn off trust-anchor-telemetry */
 	trust-anchor-telemetry no;

--- a/bin/tests/system/dnssec/ns2/named.conf.in
+++ b/bin/tests/system/dnssec/ns2/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	notify-delay 1;
 	minimal-responses no;

--- a/bin/tests/system/dnssec/ns3/named.conf.in
+++ b/bin/tests/system/dnssec/ns3/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	session-keyfile "session.key";
 	minimal-responses no;

--- a/bin/tests/system/dnssec/ns4/named1.conf.in
+++ b/bin/tests/system/dnssec/ns4/named1.conf.in
@@ -20,7 +20,6 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-must-be-secure mustbesecure.example yes;
 	minimal-responses no;

--- a/bin/tests/system/dnssec/ns4/named2.conf.in
+++ b/bin/tests/system/dnssec/ns4/named2.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation auto;
 	bindkeys-file "managed.conf";
 	minimal-responses no;

--- a/bin/tests/system/dnssec/ns4/named3.conf.in
+++ b/bin/tests/system/dnssec/ns4/named3.conf.in
@@ -20,7 +20,6 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation auto;
 	bindkeys-file "managed.conf";
 	dnssec-accept-expired yes;

--- a/bin/tests/system/dnssec/ns4/named5.conf.in
+++ b/bin/tests/system/dnssec/ns4/named5.conf.in
@@ -20,7 +20,6 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	bindkeys-file "managed.conf";
-	dnssec-enable no;
 };

 key rndc_key {

--- a/bin/tests/system/dnssec/ns5/named1.conf.in
+++ b/bin/tests/system/dnssec/ns5/named1.conf.in
@@ -20,7 +20,6 @@ options {
 	listen-on { 10.53.0.5; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/dnssec/ns6/named.conf.in
+++ b/bin/tests/system/dnssec/ns6/named.conf.in
@@ -22,7 +22,6 @@ options {
 	recursion yes;
 	notify yes;
 	disable-algorithms . { @ALTERNATIVE_ALGORITHM@; };
-	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-lookaside . trust-anchor dlv;
 };

--- a/bin/tests/system/dnssec/ns7/named.conf.in
+++ b/bin/tests/system/dnssec/ns7/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	minimal-responses yes;
 };

--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3648,20 +3648,5 @@ n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))

-# Note: after this check, ns4 will not be validating any more; do not add any
-# further validation tests employing ns4 below this check.
-echo_i "check that validation defaults to off when dnssec-enable is off ($n)"
-ret=0
-# Sanity check - validation should be enabled.
-rndccmd 10.53.0.4 validation status | grep "enabled" > /dev/null || ret=1
-# Set "dnssec-enable" to "no" and reconfigure.
-copy_setports ns4/named5.conf.in ns4/named.conf
-rndccmd 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i
-# Check validation status again.
-rndccmd 10.53.0.4 validation status | grep "disabled" > /dev/null || ret=1
-n=$((n+1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status+ret))
-
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/bin/tests/system/dsdigest/ns1/named.conf.in
+++ b/bin/tests/system/dsdigest/ns1/named.conf.in
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/dsdigest/ns2/named.conf.in
+++ b/bin/tests/system/dsdigest/ns2/named.conf.in
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/dsdigest/ns3/named.conf.in
+++ b/bin/tests/system/dsdigest/ns3/named.conf.in
@@ -22,7 +22,6 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-must-be-secure . yes;
 	/* only SHA-256 is enabled */

--- a/bin/tests/system/dsdigest/ns4/named.conf.in
+++ b/bin/tests/system/dsdigest/ns4/named.conf.in
@@ -22,7 +22,6 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	/* only SHA-256 is enabled */
 	disable-ds-digests . { SHA-1; SHA-384; 5; 6; 7; 8; 9; };

--- a/bin/tests/system/ecdsa/ns1/named.conf
+++ b/bin/tests/system/ecdsa/ns1/named.conf
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/ecdsa/ns2/named.conf
+++ b/bin/tests/system/ecdsa/ns2/named.conf
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/eddsa/ns1/named.conf
+++ b/bin/tests/system/eddsa/ns1/named.conf
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/eddsa/ns2/named.conf
+++ b/bin/tests/system/eddsa/ns2/named.conf
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/idna/ns1/named.conf.in
+++ b/bin/tests/system/idna/ns1/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { fd92:7065:b8e:ffff::1; };
 	recursion no;
 	notify yes;
-	dnssec-enable no;
 	dnssec-validation no;
 };


--- a/bin/tests/system/inline/ns1/named.conf.in
+++ b/bin/tests/system/inline/ns1/named.conf.in
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/masterfile/ns2/named.conf.in
+++ b/bin/tests/system/masterfile/ns2/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/masterformat/ns1/named.conf.in
+++ b/bin/tests/system/masterformat/ns1/named.conf.in
@@ -18,7 +18,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify no;
-	dnssec-enable yes;
 	session-keyfile "session.key";
 	servfail-ttl 0;
 };

--- a/bin/tests/system/masterformat/ns2/named.conf.in
+++ b/bin/tests/system/masterformat/ns2/named.conf.in
@@ -18,7 +18,6 @@ options {
 	port @PORT@;
 	recursion no;
 	notify no;
-	dnssec-enable yes;
 	servfail-ttl 0;
 };


--- a/bin/tests/system/masterformat/ns3/named.conf.in
+++ b/bin/tests/system/masterformat/ns3/named.conf.in
@@ -18,7 +18,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify no;
-	dnssec-enable yes;
 };

 key rndc_key {

--- a/bin/tests/system/mkeys/ns1/named1.conf.in
+++ b/bin/tests/system/mkeys/ns1/named1.conf.in
@@ -26,7 +26,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	allow-query { allowed; };
 };

--- a/bin/tests/system/mkeys/ns1/named2.conf.in
+++ b/bin/tests/system/mkeys/ns1/named2.conf.in
@@ -26,7 +26,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	allow-query { allowed; };
 };

--- a/bin/tests/system/mkeys/ns1/named3.conf.in
+++ b/bin/tests/system/mkeys/ns1/named3.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/mkeys/ns2/named.conf.in
+++ b/bin/tests/system/mkeys/ns2/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation auto;
 	bindkeys-file "managed.conf";
 	servfail-ttl 0;

--- a/bin/tests/system/mkeys/ns3/named.conf.in
+++ b/bin/tests/system/mkeys/ns3/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	bindkeys-file "managed.conf";
 	trust-anchor-telemetry no;

--- a/bin/tests/system/mkeys/ns4/named.conf.in
+++ b/bin/tests/system/mkeys/ns4/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation auto;
 	bindkeys-file "managed.conf";
 	managed-keys-directory "nope";

--- a/bin/tests/system/mkeys/ns5/named.conf.in
+++ b/bin/tests/system/mkeys/ns5/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation auto;
 	bindkeys-file "managed.conf";
 	servfail-ttl 0;

--- a/bin/tests/system/mkeys/ns6/named.conf.in
+++ b/bin/tests/system/mkeys/ns6/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	trust-anchor-telemetry no;
 };

--- a/bin/tests/system/mkeys/ns7/named.conf.in
+++ b/bin/tests/system/mkeys/ns7/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation auto;
 	bindkeys-file "managed.conf";
 };

--- a/bin/tests/system/nsupdate/ns3/named.conf.in
+++ b/bin/tests/system/nsupdate/ns3/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/pending/ns2/named.conf.in
+++ b/bin/tests/system/pending/ns2/named.conf.in
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/pending/ns3/named.conf.in
+++ b/bin/tests/system/pending/ns3/named.conf.in
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify no;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/redirect/ns1/named.conf.in
+++ b/bin/tests/system/redirect/ns1/named.conf.in
@@ -23,7 +23,6 @@ options {
 	listen-on-v6 { none; };
 	allow-recursion { 10.53.0.1; };
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/redirect/ns2/named.conf.in
+++ b/bin/tests/system/redirect/ns2/named.conf.in
@@ -25,7 +25,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;

 };

--- a/bin/tests/system/redirect/ns3/named.conf.in
+++ b/bin/tests/system/redirect/ns3/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	allow-recursion { 10.53.0.3; };
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/redirect/ns4/named.conf.in
+++ b/bin/tests/system/redirect/ns4/named.conf.in
@@ -25,7 +25,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	nxdomain-redirect "redirect";


--- a/bin/tests/system/rootkeysentinel/ns1/named.conf.in
+++ b/bin/tests/system/rootkeysentinel/ns1/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/rootkeysentinel/ns2/named.conf.in
+++ b/bin/tests/system/rootkeysentinel/ns2/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/rootkeysentinel/ns3/named.conf.in
+++ b/bin/tests/system/rootkeysentinel/ns3/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	root-key-sentinel yes;
 };

--- a/bin/tests/system/rootkeysentinel/ns4/named.conf.in
+++ b/bin/tests/system/rootkeysentinel/ns4/named.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	root-key-sentinel no;
 };

--- a/bin/tests/system/rsabigexponent/ns1/named.conf.in
+++ b/bin/tests/system/rsabigexponent/ns1/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/rsabigexponent/ns2/named.conf.in
+++ b/bin/tests/system/rsabigexponent/ns2/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 };

 zone "." {

--- a/bin/tests/system/rsabigexponent/ns3/named.conf.in
+++ b/bin/tests/system/rsabigexponent/ns3/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	max-rsa-exponent-size 35;
 };

--- a/bin/tests/system/runtime/ns2/named-alt1.conf.in
+++ b/bin/tests/system/runtime/ns2/named-alt1.conf.in
@@ -19,6 +19,5 @@ options {
 	listen-on-v6 { fd92:7065:b8e:ffff::2; };
 	recursion no;
 	notify yes;
-	dnssec-enable no;
 	dnssec-validation no;
 };
--- a/bin/tests/system/runtime/ns2/named-alt2.conf.in
+++ b/bin/tests/system/runtime/ns2/named-alt2.conf.in
@@ -19,6 +19,5 @@ options {
 	listen-on-v6 { fd92:7065:b8e:ffff::2; };
 	recursion no;
 	notify yes;
-	dnssec-enable no;
 	dnssec-validation no;
 };
--- a/bin/tests/system/runtime/ns2/named-alt3.conf.in
+++ b/bin/tests/system/runtime/ns2/named-alt3.conf.in
@@ -20,6 +20,5 @@ options {
 	listen-on-v6 { fd92:7065:b8e:ffff::2; };
 	recursion no;
 	notify yes;
-	dnssec-enable no;
 	dnssec-validation no;
 };
--- a/bin/tests/system/runtime/ns2/named1.conf.in
+++ b/bin/tests/system/runtime/ns2/named1.conf.in
@@ -19,7 +19,6 @@ options {
 	listen-on-v6 { fd92:7065:b8e:ffff::2; };
 	recursion no;
 	notify yes;
-	dnssec-enable no;
 	dnssec-validation no;
 };


--- a/bin/tests/system/sfcache/ns1/named.conf.in
+++ b/bin/tests/system/sfcache/ns1/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/sfcache/ns2/named.conf.in
+++ b/bin/tests/system/sfcache/ns2/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/sfcache/ns5/named.conf.in
+++ b/bin/tests/system/sfcache/ns5/named.conf.in
@@ -20,7 +20,6 @@ options {
 	listen-on { 10.53.0.5; };
 	listen-on-v6 { none; };
 	recursion yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 	servfail-ttl 30;
 };

--- a/bin/tests/system/synthfromdnssec/ns1/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns1/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
-	dnssec-enable yes;
 	dnssec-validation yes;
 };


--- a/bin/tests/system/synthfromdnssec/ns2/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns2/named.conf.in
@@ -21,7 +21,6 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;