Add tests for ultra-complex NSEC(3) proofs
This is essentially list of ideas for tests from DNS-OARC 40.
Check NSEC(3) proofs returned by auth, plus also ability to validate these.
- Chain of CNAME/DNAME alternating between zones on the same box
- Mix of NSEC/NSEC3/unsigned zones in the chain
- Wildcards in the mix
- Zone with wildcard and opt-out enabled for the LOLz?
Does forwarding change anything related to validation (the process how we gather data)?
Inspiration: https://indico.dns-oarc.net/event/46/contributions/979/ slides 17, 21, 22