update system tests so validation won't fail when using IANA key

- all tests with "recursion yes" now also specify "dnssec-validation yes", and all tests with "recursion no" also specify "dnssec-validation no". this must be maintained in all new tests, or else validation will fail when we use local root zones for testing. - clean.sh has been modified where necessary to remove managed-keys.bind and viewname.mkeys files.

update system tests so validation won't fail when using IANA key
- all tests with "recursion yes" now also specify "dnssec-validation yes", and all tests with "recursion no" also specify "dnssec-validation no". this must be maintained in all new tests, or else validation will fail when we use local root zones for testing. - clean.sh has been modified where necessary to remove managed-keys.bind and viewname.mkeys files.
a7a2fa29 · Evan Hunt · Ondřej Surý · bef18eca · a7a2fa29 · a7a2fa29
Commit a7a2fa29 authored May 16, 2018 by Evan Hunt Committed by Ondřej Surý May 31, 2018
223 changed files
--- a/bin/tests/system/acl/clean.sh
+++ b/bin/tests/system/acl/clean.sh
@@ -21,3 +21,4 @@ rm -f */named.run
 rm -f ns*/named.lock
 rm -f ns*/_default.nzf
 rm -f ns*/_default.nzd*
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
--- a/bin/tests/system/additional/clean.sh
+++ b/bin/tests/system/additional/clean.sh
@@ -18,3 +18,4 @@ rm -f */named.memstats
 rm -f */named.conf
 rm -f */named.run
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/additional/ns1/named1.conf.in
+++ b/bin/tests/system/additional/ns1/named1.conf.in
@@ -14,6 +14,7 @@ options {
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
 	recursion no;
+	dnssec-validation no;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };

--- a/bin/tests/system/additional/ns1/named2.conf.in
+++ b/bin/tests/system/additional/ns1/named2.conf.in
@@ -14,6 +14,7 @@ options {
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
 	recursion no;
+	dnssec-validation no;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };

--- a/bin/tests/system/additional/ns1/named3.conf.in
+++ b/bin/tests/system/additional/ns1/named3.conf.in
@@ -14,6 +14,7 @@ options {
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
 	recursion no;
+	dnssec-validation no;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };

--- a/bin/tests/system/additional/ns1/named4.conf.in
+++ b/bin/tests/system/additional/ns1/named4.conf.in
@@ -14,6 +14,7 @@ options {
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
 	recursion no;
+	dnssec-validation no;
 	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };

--- a/bin/tests/system/additional/ns3/named.conf.in
+++ b/bin/tests/system/additional/ns3/named.conf.in
@@ -20,6 +20,7 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 };

 zone "." {

--- a/bin/tests/system/addzone/clean.sh
+++ b/bin/tests/system/addzone/clean.sh
@@ -37,3 +37,4 @@ rm -f ns1/redirect.db
 rm -f ns2/redirect.db
 rm -f ns2/redirect.bk
 rm -f ns3/redirect.db
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
--- a/bin/tests/system/allow-query/clean.sh
+++ b/bin/tests/system/allow-query/clean.sh
@@ -18,3 +18,4 @@ rm -f ns2/named.conf ns2/controls.conf
 rm -f */named.memstats
 rm -f ns*/named.lock
 rm -f ns*/named.run ns*/named.run.prev
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
--- a/bin/tests/system/auth/clean.sh
+++ b/bin/tests/system/auth/clean.sh
@@ -13,3 +13,4 @@ rm -f */named.conf
 rm -f dig.out.test*
 rm -f ns2/example.com.bk
 rm -f ns2/example.net.bk
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/autosign/clean.sh
+++ b/bin/tests/system/autosign/clean.sh
@@ -63,3 +63,4 @@ rm -f nsupdate.out
 rm -f settime.out.*
 rm -f signing.out.*
 rm -f sync.key
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/builtin/clean.sh
+++ b/bin/tests/system/builtin/clean.sh
@@ -15,3 +15,4 @@ rm -f ns?/named.conf
 rm -f rndc.status.ns*
 rm -f dig.out.ns*
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/cacheclean/clean.sh
+++ b/bin/tests/system/cacheclean/clean.sh
@@ -21,3 +21,4 @@ rm -f */named.run
 rm -f */named.conf
 rm -f ns2/named_dump.db.*
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/cacheclean/ns1/named.conf.in
+++ b/bin/tests/system/cacheclean/ns1/named.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 	check-integrity no;
 	minimal-responses no;

--- a/bin/tests/system/cacheclean/ns2/named.conf.in
+++ b/bin/tests/system/cacheclean/ns2/named.conf.in
@@ -20,6 +20,8 @@ options {
 	notify yes;
 	max-cache-size 80%;
 	disable-empty-zone 127.IN-ADDR.ARPA;
+	recursion yes;
+	dnssec-validation yes;
 };

 key rndc_key {

--- a/bin/tests/system/case/clean.sh
+++ b/bin/tests/system/case/clean.sh
@@ -19,3 +19,4 @@ rm -f ns1/dynamic.db.jnl
 rm -f ns2/dynamic.bk
 rm -f ns2/dynamic.bk.jnl
 rm -f ns2/example.bk
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/catz/clean.sh
+++ b/bin/tests/system/catz/clean.sh
@@ -22,3 +22,4 @@ rm -f nsupdate.out.*
 rm -f ns[123]/catalog[1234].example.db
 rm -rf ns2/zonedir
 rm -f ns*/*.nzd ns*/*.nzd-lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/chain/clean.sh
+++ b/bin/tests/system/chain/clean.sh
@@ -13,3 +13,4 @@ rm -f dig.out.* named*.pid
 rm -f ns*/named.conf
 rm -f */named.memstats */named.recursing */named.lock */named.run */ans.run
 rm -f ns2/K* ns2/dsset-* ns2/example.db.signed
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/chain/ns1/named.conf.in
+++ b/bin/tests/system/chain/ns1/named.conf.in
@@ -18,8 +18,8 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation yes;
 	notify yes;
-	dnssec-enable yes;
 };

 zone "." { type master; file "root.db"; };
--- a/bin/tests/system/chain/ns2/named.conf.in
+++ b/bin/tests/system/chain/ns2/named.conf.in
@@ -20,6 +20,7 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/chain/ns5/named.conf.in
+++ b/bin/tests/system/chain/ns5/named.conf.in
@@ -20,6 +20,7 @@ options {
 	listen-on { 10.53.0.5; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/chain/ns7/named.conf.in
+++ b/bin/tests/system/chain/ns7/named.conf.in
@@ -20,6 +20,7 @@ options {
 	listen-on-v6 { fd92:7065:b8e:ffff::7; };
 	recursion yes;
 	allow-recursion { any; };
+	dnssec-validation yes;
 };

 key rndc_key {

--- a/bin/tests/system/checknames/clean.sh
+++ b/bin/tests/system/checknames/clean.sh
@@ -20,3 +20,4 @@ rm -f ns4/*.update.db.jnl
 rm -f */named.memstats
 rm -f */named.run
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/checknames/ns1/named.conf.in
+++ b/bin/tests/system/checknames/ns1/named.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 	check-integrity no;
 };

--- a/bin/tests/system/checknames/ns2/named.conf.in
+++ b/bin/tests/system/checknames/ns2/named.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	check-names response warn;
 	notify yes;
 };

--- a/bin/tests/system/checknames/ns3/named.conf.in
+++ b/bin/tests/system/checknames/ns3/named.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	check-names response fail;
 	notify yes;
 };

--- a/bin/tests/system/checknames/ns4/named.conf.in
+++ b/bin/tests/system/checknames/ns4/named.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	check-names master ignore;
 	notify yes;
 };

--- a/bin/tests/system/cookie/clean.sh
+++ b/bin/tests/system/cookie/clean.sh
@@ -13,3 +13,4 @@ rm -f ns1/named_dump.db
 rm -f ns*/named.memstats
 rm -f ns*/named.run
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/cookie/ns1/named.conf.in
+++ b/bin/tests/system/cookie/ns1/named.conf.in
@@ -27,6 +27,7 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	deny-answer-addresses { 192.0.2.0/24; 2001:db8:beef::/48; }
 		 except-from { "example.org"; };
 	deny-answer-aliases { "example.org"; }

--- a/bin/tests/system/cookie/ns2/named.conf.in
+++ b/bin/tests/system/cookie/ns2/named.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	send-cookie yes;
 	nocookie-udp-size 512;
 };

--- a/bin/tests/system/cookie/ns3/named.conf.in
+++ b/bin/tests/system/cookie/ns3/named.conf.in
@@ -27,6 +27,7 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	deny-answer-addresses { 192.0.2.0/24; 2001:db8:beef::/48; }
 		 except-from { "example.org"; };
 	deny-answer-aliases { "example.org"; }

--- a/bin/tests/system/cookie/ns4/named.conf.in
+++ b/bin/tests/system/cookie/ns4/named.conf.in
@@ -27,6 +27,7 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	cookie-algorithm sha1;
 	cookie-secret "569d36a6cc27d6bf55502183302ba352745255a2";
 	require-server-cookie yes;

--- a/bin/tests/system/cookie/ns5/named.conf.in
+++ b/bin/tests/system/cookie/ns5/named.conf.in
@@ -27,6 +27,7 @@ options {
 	listen-on { 10.53.0.5; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	cookie-algorithm sha1;
 	cookie-secret "569d36a6cc27d6bf55502183302ba352745255a2";
 	cookie-secret "6b300e27a0db46d4b046e4189790fa7db3c1ffb3";

--- a/bin/tests/system/cookie/ns6/named.conf.in
+++ b/bin/tests/system/cookie/ns6/named.conf.in
@@ -27,6 +27,7 @@ options {
 	listen-on { 10.53.0.6; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	cookie-algorithm sha1;
 	cookie-secret "6b300e27a0db46d4b046e4189790fa7db3c1ffb3";
 	require-server-cookie yes;

--- a/bin/tests/system/database/clean.sh
+++ b/bin/tests/system/database/clean.sh
@@ -12,3 +12,4 @@
 rm -f ns1/named.conf ns1/named.run ns1/named.memstats
 rm -f dig.out.*
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/delzone/clean.sh
+++ b/bin/tests/system/delzone/clean.sh
@@ -20,3 +20,4 @@ rm -f ns2/inline.db.signed
 rm -f ns2/inlineslave.bk*
 rm -f ns*/named.lock
 rm -f ns2/nzf-*
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/delzone/ns1/named.conf
+++ b/bin/tests/system/delzone/ns1/named.conf
@@ -18,6 +18,7 @@ options {
 	listen-on-v6 { none; };
 	allow-query { any; };
 	recursion no;
+	dnssec-validation no;
 };

 zone "." {

--- a/bin/tests/system/delzone/ns2/named.conf
+++ b/bin/tests/system/delzone/ns2/named.conf
@@ -16,6 +16,7 @@ options {
 	listen-on-v6 { none; };
 	allow-query { any; };
 	recursion no;
+	dnssec-validation no;
 	allow-new-zones yes;
 };


--- a/bin/tests/system/dialup/ns1/named.conf
+++ b/bin/tests/system/dialup/ns1/named.conf
@@ -21,6 +21,7 @@ options {
 	listen-on-v6 { none; };
 	heartbeat-interval 2;
 	recursion no;
+	dnssec-validation no;
 };

 zone "." {

--- a/bin/tests/system/dialup/ns2/named.conf
+++ b/bin/tests/system/dialup/ns2/named.conf
@@ -21,6 +21,7 @@ options {
 	listen-on-v6 { none; };
 	heartbeat-interval 2;
 	recursion no;
+	dnssec-validation no;
 };

 zone "." {

--- a/bin/tests/system/dialup/ns3/named.conf
+++ b/bin/tests/system/dialup/ns3/named.conf
@@ -21,6 +21,7 @@ options {
 	listen-on-v6 { none; };
 	heartbeat-interval 2;
 	recursion no;
+	dnssec-validation no;
 };

 zone "." {

--- a/bin/tests/system/digdelv/clean.sh
+++ b/bin/tests/system/digdelv/clean.sh
@@ -19,3 +19,4 @@ rm -f dig.out.mn.*
 rm -f dig.out.nm.*
 rm -f dig.out.nn.*
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dlv/clean.sh
+++ b/bin/tests/system/dlv/clean.sh
@@ -40,3 +40,4 @@ rm -f ns6/signer.err
 rm -f */named.memstats
 rm -f dig.out.ns*.test*
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dlz/clean.sh
+++ b/bin/tests/system/dlz/clean.sh
@@ -14,3 +14,4 @@ rm -f dig.out.*
 rm -f */named.memstats
 rm -f */named.run
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dlzexternal/clean.sh
+++ b/bin/tests/system/dlzexternal/clean.sh
@@ -21,3 +21,4 @@ rm -f ns1/ddns.key
 rm -f dig.out*
 rm -f ns*/named.lock
 rm -f ns1/session.key
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dns64/clean.sh
+++ b/bin/tests/system/dns64/clean.sh
@@ -17,3 +17,4 @@ rm -f */named.memstats
 rm -f */named.run
 rm -f dig.out.*
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dnssec/clean.sh
+++ b/bin/tests/system/dnssec/clean.sh
@@ -97,3 +97,4 @@ rm -f signer/general/signer.out.*
 rm -f signer/general/dsset*
 rm -f signing.out*
 rm -f python.out.*
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
--- a/bin/tests/system/dnstap/clean.sh
+++ b/bin/tests/system/dnstap/clean.sh
@@ -22,3 +22,4 @@ rm -f ns*/dnstap.out.save
 rm -f ns*/dnstap.out.save.?
 rm -f ns*/named.lock
 rm -f ydump.out
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dscp/clean.sh
+++ b/bin/tests/system/dscp/clean.sh
@@ -13,3 +13,4 @@ rm -f */named.memstats
 rm -f */named.run
 rm -f */named.conf
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dscp/ns1/named.conf.in
+++ b/bin/tests/system/dscp/ns1/named.conf.in
@@ -19,6 +19,7 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/dscp/ns2/named.conf.in
+++ b/bin/tests/system/dscp/ns2/named.conf.in
@@ -19,6 +19,7 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/dscp/ns3/named.conf.in
+++ b/bin/tests/system/dscp/ns3/named.conf.in
@@ -19,6 +19,8 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	notify yes;
+	recursion yes;
+	dnssec-validation yes;
 };

 zone "." {

--- a/bin/tests/system/dscp/ns4/named.conf.in
+++ b/bin/tests/system/dscp/ns4/named.conf.in
@@ -19,6 +19,7 @@ options {
 	listen-on dscp 46 { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/dscp/ns5/named.conf.in
+++ b/bin/tests/system/dscp/ns5/named.conf.in
@@ -20,6 +20,7 @@ options {
 	listen-on dscp 46 { 10.53.0.5; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/dscp/ns6/named.conf.in
+++ b/bin/tests/system/dscp/ns6/named.conf.in
@@ -19,6 +19,8 @@ options {
 	listen-on dscp 46 { 10.53.0.6; };
 	listen-on-v6 { none; };
 	notify yes;
+	recursion yes;
+	dnssec-validation yes;
 };

 zone "." {

--- a/bin/tests/system/dscp/ns7/named.conf.in
+++ b/bin/tests/system/dscp/ns7/named.conf.in
@@ -20,6 +20,7 @@ options {
 	listen-on dscp 46 { 10.53.0.7; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/dsdigest/clean.sh
+++ b/bin/tests/system/dsdigest/clean.sh
@@ -19,3 +19,4 @@ rm -f */named.conf
 rm -f */named.run
 rm -f */named.memstats
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/dyndb/clean.sh
+++ b/bin/tests/system/dyndb/clean.sh
@@ -20,3 +20,4 @@ rm -f added.a.out.*
 rm -f added.ptr.out.*
 rm -f deleted.a.out.*
 rm -f deleted.ptr.out.*
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/ecdsa/clean.sh
+++ b/bin/tests/system/ecdsa/clean.sh
@@ -16,3 +16,4 @@ rm -f dig.out*
 rm -f */named.run
 rm -f */named.memstats
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/eddsa/clean.sh
+++ b/bin/tests/system/eddsa/clean.sh
@@ -16,3 +16,4 @@ rm -f dig.out*
 rm -f */named.run
 rm -f */named.memstats
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/ednscompliance/clean.sh
+++ b/bin/tests/system/ednscompliance/clean.sh
@@ -14,3 +14,4 @@ rm -f ns*/named.lock
 rm -f ns*/named.conf
 rm -f ns*/named.run
 rm -f ns*/named.memstats
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/emptyzones/clean.sh
+++ b/bin/tests/system/emptyzones/clean.sh
@@ -12,3 +12,4 @@ rm -f ns*/named.lock
 rm -f ns*/named.run
 rm -f ns*/named.memstats
 rm -f dig.out.test*
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/fetchlimit/clean.sh
+++ b/bin/tests/system/fetchlimit/clean.sh
@@ -14,3 +14,4 @@ rm -f dig.out*
 rm -f ans4/norespond
 rm -f ns3/named.stats ns3/named_dump.db
 rm -f burst.input.*
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/fetchlimit/ns1/named.conf.in
+++ b/bin/tests/system/fetchlimit/ns1/named.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/fetchlimit/ns2/named.conf.in
+++ b/bin/tests/system/fetchlimit/ns2/named.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion no;
+	dnssec-validation no;
 	notify yes;
 };


--- a/bin/tests/system/fetchlimit/ns3/named1.conf.in
+++ b/bin/tests/system/fetchlimit/ns3/named1.conf.in
@@ -21,6 +21,7 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	notify yes;
 	fetches-per-server 400;
 };

--- a/bin/tests/system/fetchlimit/ns3/named2.conf.in
+++ b/bin/tests/system/fetchlimit/ns3/named2.conf.in
@@ -19,6 +19,7 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	notify yes;
 	fetches-per-zone 40;
 };

--- a/bin/tests/system/fetchlimit/ns3/named3.conf.in
+++ b/bin/tests/system/fetchlimit/ns3/named3.conf.in
@@ -19,6 +19,7 @@ options {
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	recursion yes;
+	dnssec-validation yes;
 	notify yes;
 	recursive-clients 400;
 };

--- a/bin/tests/system/filter-aaaa/clean.sh
+++ b/bin/tests/system/filter-aaaa/clean.sh
@@ -25,3 +25,4 @@ rm -f ns4/dsset-*

 rm -f dig.out.*
 rm -f ns*/named.lock
+rm -f ns*/managed-keys.bind*
--- a/bin/tests/system/filter-aaaa/ns1/named1.conf.in
+++ b/bin/tests/system/filter-aaaa/ns1/named1.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { fd92:7065:b8e:ffff::1; };
 	recursion no;
+	dnssec-validation yes;
 	notify yes;
 	filter-aaaa-on-v4 yes;
 	filter-aaaa { 10.53.0.1; };

--- a/bin/tests/system/filter-aaaa/ns1/named2.conf.in
+++ b/bin/tests/system/filter-aaaa/ns1/named2.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { fd92:7065:b8e:ffff::1; };
 	recursion no;
+	dnssec-validation yes;
 	notify yes;
 	filter-aaaa-on-v6 yes;
 	filter-aaaa { fd92:7065:b8e:ffff::1; };

--- a/bin/tests/system/filter-aaaa/ns2/named1.conf.in
+++ b/bin/tests/system/filter-aaaa/ns2/named1.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { fd92:7065:b8e:ffff::2; };
 	recursion yes;
+	dnssec-validation yes;
 	notify yes;
 	filter-aaaa-on-v4 yes;
 	filter-aaaa { 10.53.0.2; };

--- a/bin/tests/system/filter-aaaa/ns2/named2.conf.in
+++ b/bin/tests/system/filter-aaaa/ns2/named2.conf.in
@@ -18,6 +18,7 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { fd92:7065:b8e:ffff::2; };
 	recursion yes;
+	dnssec-validation yes;
 	notify yes;
 	filter-aaaa-on-v6 yes;
 	filter-aaaa { fd92:7065:b8e:ffff::2; };

--- a/bin/tests/system/filter-aaaa/ns3/named1.conf.in
+++ b/bin/tests/system/filter-aaaa/ns3/named1.conf.in