func-test: add nsec and nsec3 tests

0e38ba03 · Daniel Salzman · bb556f07 · 0e38ba03 · 0e38ba03 · 0e38ba03
Commit 0e38ba03 authored 11 years ago by Daniel Salzman
--- a/tests-extra/functional/data/example.zone
+++ b/tests-extra/functional/data/example.zone
+; This zone comes from RFC-4035
+example.	3600 IN SOA	ns1.example. bugs.x.w.example. 1081539377 3600 300 3600000 3600
+example.	3600 IN NS	ns1.example.
+example.	3600 IN NS	ns2.example.
+example.	3600 IN MX	1 xx.example.
+ns1.a.example.	3600 IN A	192.0.2.5
+ns2.a.example.	3600 IN A	192.0.2.6
+ns1.b.example.	3600 IN A	192.0.2.7
+ns2.b.example.	3600 IN A	192.0.2.8
+a.example.	3600 IN NS	ns1.a.example.
+a.example.	3600 IN NS	ns2.a.example.
+a.example.	3600 IN DS	57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
+ai.example.	3600 IN A	192.0.2.9
+ai.example.	3600 IN HINFO	"KLH-10" "ITS"
+ai.example.	3600 IN AAAA	2001:db8::f00:baa9
+b.example.	3600 IN NS	ns1.b.example.
+b.example.	3600 IN NS	ns2.b.example.
+ns1.example.	3600 IN A	192.0.2.1
+ns2.example.	3600 IN A	192.0.2.2
+*.w.example.	3600 IN MX	1 ai.example.
+x.y.w.example.	3600 IN MX	1 xx.example.
+xx.example.	3600 IN A	192.0.2.10
+xx.example.	3600 IN HINFO	"KLH-10" "TOPS-20"
+xx.example.	3600 IN AAAA	2001:db8::f00:baaa
+x.w.example.	3600 IN MX	1 xx.example.
--- a/tests-extra/functional/tests/basic/nsec/data/example.zone.nsec
+++ b/tests-extra/functional/tests/basic/nsec/data/example.zone.nsec
+; File written on Thu Nov 21 15:45:29 2013
+; dnssec_signzone version 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1
+example.				      3600 IN SOA	ns1.example. bugs.x.w.example. 1081539377 3600 300 3600000 3600
+example.				      3600 IN RRSIG	SOA 5 1 3600 20500101000000 20131121134528 1971 example. se2uWa7J7XCUHwKij10oYKy0TeTG1k9FLrMHuXJ3S06+egyldHDJHWdH ogY6OUKC/cd5C4bsM0DyW830WQ5/YTx+YgFCsVpDa1Oc6MHyfh/W5EN3 04mLTbjF+xXT85dM4gR7/D4iBW1GnYz/2jfSbc/n/Oz/zbPZsDDyjgwG TF4=
+example.				      3600 IN NS	ns1.example.
+example.				      3600 IN NS	ns2.example.
+example.				      3600 IN RRSIG	NS 5 1 3600 20500101000000 20131121134528 1971 example. J7Rjb17s1+CXkdeAd0FWO/asJ5mF731Eow4VJHiR4eQBfVrJdpJEfpmS JvkSmqOivuVfwRE40qrH7etl8eMOV/j4zOlc5ucXgOjjuhcht+VorCVK yHmvzpURH74pB/iC2/lnpXI2hlu/oWW9HmtVqjMLBUIwHLHB4TbDVRPU Tm0=
+example.				      3600 IN MX	1 xx.example.
+example.				      3600 IN RRSIG	MX 5 1 3600 20500101000000 20131121134528 1971 example. TlQlcowXjy2v63nOA3a+NiGlDPBbztq50+grzzOQLidHv4bvNZ6Nf2/L 56DSmOgaoIGzgOVXzAukU97iiPSrouZx7qIavVlo+iMnLNBrajMX8c3P 4IJ+NqzoK/34us2vkLzA0HK7ZG2r8AGwPUn/3cFHedDEtQpAgpmhnlUd OJI=
+example.				      3600 IN NSEC	a.example. NS SOA MX RRSIG NSEC DNSKEY
+example.				      3600 IN RRSIG	NSEC 5 1 3600 20500101000000 20131121134528 1971 example. G0FB4CUjNRnSGZmRrmhYIb8uGO64/f1+As7tylYGKki20mVoYQhIYW/T pF8X+6mmjMIA3cQeg0JW1TdCfR+MeHuWzWlPt0wPy5B4J6bOyL1biygw 0eiOcWe21G474wCT+IZq5Ckzx0KkF+hedxuCbnmAOgqFGvpwyWCIgd01 pPs=
+example.				      3600 IN DNSKEY	256 3 5 AwEAAeU82dYTj1B5+spFPBrFc8WyTms3wjkODhcNC5gy8HCLX+7coKKI 2uFiWIlvqGtqKHlAWWM6KtAZaLQMFrzIaxDJniXNxl71mMOdkmTYhbAr bul0qEqwW5Uid+vThmE0VZSPzSFEs3Si0trpp93l1N9P+NCdyVKOgCEV wTsAcGbD
+example.				      3600 IN DNSKEY	257 3 5 AwEAAbagnmyj3nvSvIFd36LkVufo0lEo5/NY+nWYo9u5XszUj9IdVNlz XtVDbcJkP3M/NwSPfcoZXul0hJHttAJ0++YWfcOD3zWY0FaJSQHz1B76 PEdfkHsaXyiSWZszp76qJJwAkkPSL6Frgv3OhYQHoBFjLVyLEowrnkPF tCLLOPpnxoLlgVCVq9gITBS0H9ym8ezZyNvIYAy4pzI1kiji9jVf+jr1 t6sMeqbH+aXSvIYGjvog1xghdl7j5MoJYhSBNw4i5d/c+LCEci+QWHtN l6/nwlCaqWOO0ub3nUA8CjiKMveh47HxwyULZbkKNhpWPDeasIrDvxmf 9C5j2GubGlM=
+example.				      3600 IN RRSIG	DNSKEY 5 1 3600 20500101000000 20131121134528 1971 example. eQ+2iNQn2PUhg3GKQD2AI4ufM2cqTk1wtDY966tzCb6+iBpMbg77VMvE 48+aMnP2WYog62nGzALHs9MXl4nWuTGuHnKptOXc3nYzpOFYVjed+0yt 1Z7t0axMO3dqo8qpC5vkjTRmLxmh89ubMbqtqUHPebbXKVBZPfumwgP7 P3M=
+example.				      3600 IN RRSIG	DNSKEY 5 1 3600 20500101000000 20131121134528 20584 example. s2PKrc/AuPGEfsVKY0S2kYtCV78lrbDg8SylVvjPiz7eP4PbhaO+xOK1 2TWTPyF08Vw1D9FRPzk8ZhYrU0r0du1/tCKEWjY1fzn3+sVvpd4Brh2o AjXng5WZqPEYbQaTCspE6ebUVuPZKlVR2DiFRj+q3Ls6X77NX+gqi0O3 9AK2TXdZn3dQTOUsVZTe3jZTTA/XbnWtmxPjY3tyasb6w5iqsYWMgXcc mcmWHPtJ6CITO7nWjyBwZWcfy9nXD3D4eEwYsHg8N7fc25KW1nQZGj4b vn7n5T5uJhFTVcaNnxpzJ2BRNoRo3qmWvIztlKI5gwVdqTPCMj2AmJz+ RQC6Ug==
+ns1.a.example.				      3600 IN A		192.0.2.5
+ns2.a.example.				      3600 IN A		192.0.2.6
+ns1.b.example.				      3600 IN A		192.0.2.7
+ns2.b.example.				      3600 IN A		192.0.2.8
+a.example.				      3600 IN NS	ns1.a.example.
+a.example.				      3600 IN NS	ns2.a.example.
+a.example.				      3600 IN DS	57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
+a.example.				      3600 IN RRSIG	DS 5 2 3600 20500101000000 20131121134528 1971 example. fACZCKLRb8GeinlsVOm01M1RpUVplkfKvHj4LGM/18fK5f6VkZWyubzO YW5HAZsc9gjnhA5/m1IJL2ZwxnCmoJefYB27a5h2qFR5OLKh47JpxOyz n4DJKsTyGssGSTpeHnYrjJx3fMBsr7IYO/QbnBvIYpM9Xz2+OH9hlxMm 6uM=
+a.example.				      3600 IN NSEC	ai.example. NS DS RRSIG NSEC
+a.example.				      3600 IN RRSIG	NSEC 5 2 3600 20500101000000 20131121134528 1971 example. ep06fTzyB/FBxPKrPYXWsS9Ms9k5XqnJgZGOguEAcVfOOxoGn5VQTg1z 6ALGs9BUtklxhsun/w7E7pZA6kY7f+FCLRi4ksjd7nEcc2NJiVJl3OFQ HFvQdmTtpv6Vhwow9hHToBsDlj2oSkKtWYXcdWyj4XMRIZ1HpgEIO8lM JXM=
+b.example.				      3600 IN NS	ns1.b.example.
+b.example.				      3600 IN NS	ns2.b.example.
+b.example.				      3600 IN NSEC	ns1.example. NS RRSIG NSEC
+b.example.				      3600 IN RRSIG	NSEC 5 2 3600 20500101000000 20131121134528 1971 example. doAI6APIg/dbVxiOQGFwNOIf9M+JZdqfviZ3hB+XUGRLiO7KrpAIPoSU IrCmVl4aqj5cuIMvAv2iE8q4vuGF1HtaSl+tgt9gvzIchno+Hu3YvxP4 zsg2I8vPjfYnspoJH5MeOr/oHN7vBt3sBKXLudicltVn8Ny4UPXj+umL hNw=
+ai.example.				      3600 IN A		192.0.2.9
+ai.example.				      3600 IN RRSIG	A 5 2 3600 20500101000000 20131121134528 1971 example. ygIUjuGP/1aWbbhps1n/nOMif0pgE59QZsvwGLugVgjfJw+oyPvsF4KU DdCvaOz+xZ+QMtn7Gn9w5DiWcQDIY46FrfeIuTt96NYzo/p0bajwrffZ RCA5jphKdTI1Im2HRYFz/5zdwDMztaVkWdIP/3OJoW0lnLDiG/h0BNtY Xlw=
+ai.example.				      3600 IN HINFO	"KLH-10" "ITS"
+ai.example.				      3600 IN RRSIG	HINFO 5 2 3600 20500101000000 20131121134528 1971 example. lD5COEIdXENCo1bduvToEtDCQIjvtjnmcQvWOPC/L4NJUhW18kDSsc7Q ikCXbdFkgqFuCfDXUe90pl5uD1EM5S2Ek9/nGi/rIh2FSVrW/zn8UuPV 1uubUX+qDKvEWYIPqDi4RmWismoqrEdwNuuhMIoarXWputVshjCbHnXv llQ=
+ai.example.				      3600 IN AAAA	2001:db8::f00:baa9
+ai.example.				      3600 IN RRSIG	AAAA 5 2 3600 20500101000000 20131121134528 1971 example. IoDSVYnwLQkgDrojcyivYjv8R8OsdTHEmbZbordOftqdkRy6QMroVk8k OM5XIp/siO+D5E/5dPFz/4+E/VnlC1NSSTpF1YQ8IjxK7gSOMLZCPbf8 4FTI65ns5JyJD7Xvm4rYBH1bpkg4v3utZb2t/Y8wlFN7fcOYBn5CuPUa h1U=
+ai.example.				      3600 IN NSEC	b.example. A HINFO AAAA RRSIG NSEC
+ai.example.				      3600 IN RRSIG	NSEC 5 2 3600 20500101000000 20131121134528 1971 example. 0XY0fQgxxASkVbWX7yqNOF68lVKS7I9xWkfH/wJhikBMLtZbPR+ETf9d NM6Mz2Z1Tc2N2A+WB6e9o8rLAQE12rT5rghbMx/6wRPpOx5J8CUSzDTy ikj/kJE9ZWwITXKhQ4dKSJUUUK7V9wppGTqFRJ3xWI9asDMelJvuJHjW TMg=
+ns1.example.				      3600 IN A		192.0.2.1
+ns1.example.				      3600 IN RRSIG	A 5 2 3600 20500101000000 20131121134528 1971 example. tzduIcQ1xzQ+9wS37RvoMkzOY6eERFfuUvtMpN1r+FT/xm68ztog0Eel E1V5qj8f34/Y0Jue3iD744Crr7khQmE79Alkll2j44Awo+/TRwst82pM 7d5y21iVDjgLyMQbWPZ6g4ovoJ4s1DVqvNC9ORBldOK5koiI5S50geKv Au4=
+ns1.example.				      3600 IN NSEC	ns2.example. A RRSIG NSEC
+ns1.example.				      3600 IN RRSIG	NSEC 5 2 3600 20500101000000 20131121134528 1971 example. lzDXHCbEutk9KAco61yqjjAGbL4ae2FKVb3VaFhq/LY8sN8ZP0g2f/WR aDr6fl8dJfC0Hxn29ExYnMM2v1D+ssDmAel+k4yRREHealWsO2KfMi8G y0iyDJaKknx12E3lB5eMjdXRy77Na4h9hmkfTZbAzH/CX5BtuHvIXCjE VOw=
+ns2.example.				      3600 IN A		192.0.2.2
+ns2.example.				      3600 IN RRSIG	A 5 2 3600 20500101000000 20131121134528 1971 example. Euy4kvjbwQ2njoN9Y0VzNGe3wlETmWUUvNQF+JXw2V3HGg0GHgOXj9ly MVBsUOMqFQuREw6+j8spRg7FAM28YQOrcYRxKJiN0oD0690zCT7edn7A vFqYvyiKC7dMcYqYGN1CVd2glJACh2K57g6j2+NJlTJfBJEKvpz7wg4m E/M=
+ns2.example.				      3600 IN NSEC	*.w.example. A RRSIG NSEC
+ns2.example.				      3600 IN RRSIG	NSEC 5 2 3600 20500101000000 20131121134528 1971 example. mdZO+V61bcGmMbQGZrj02GxwCewTqOTKGWTf5JL+m/fCZqZ/tTpFdm2E YaH2cTakt/H8mBDHdzCdPB4BnzyzKoJVc5FzJ+9LMDmIVFqbC+NAkhZw jC0O6lgYGKFAGy8zjXYs+lF5pvKtpZmIX/3j3ezDaSrFbOcpQKuwXrae dF0=
+*.w.example.				      3600 IN MX	1 ai.example.
+*.w.example.				      3600 IN RRSIG	MX 5 2 3600 20500101000000 20131121134528 1971 example. tTE7c8oD9xkn6HpL+Of2hBfOCwzyKmKVBK8B4Ky6pYz2U98u8Y4iP9bo 8nvsZkM1FvnfEngbVjEEE7PDqtItKWuIjucfCiQ6JAXJPBBL5KQ6O4mV QCWZEcLM2PQbMXwLPzQavHwICTxvxaNN9skj4In+MuLuoG1VwKeineZM WR0=
+*.w.example.				      3600 IN NSEC	x.w.example. MX RRSIG NSEC
+*.w.example.				      3600 IN RRSIG	NSEC 5 2 3600 20500101000000 20131121134528 1971 example. ji5OZlmfnUh3MLL1o8cdCLoOjBZQAArz0w5hHOIVj01bNdTthYmDRv0S u9gxFj+c83ohAZQO5fQIh7KmUr1LqDXUGXXJYRgYz0q8GTMwhGKXsygr MJrnq1DLpemmG4JaG+BeAuT/5qZ3CifDSQYzu5vUauiTpJlTg4yoxOYr qQI=
+x.w.example.				      3600 IN MX	1 xx.example.
+x.w.example.				      3600 IN RRSIG	MX 5 3 3600 20500101000000 20131121134528 1971 example. o9Rpea74a6yC9K6ZHasizK6hXZjpB1kC63jwI9ha8tlpgSSCd5OWJhd1 CCPstDCSGurpzi7Qr3Q8qL71oyRm09BIcvVoE/4BbNDj9slk8Ai4FKik 0Iy1DF1/3wWTTNdiOYvnTM347A1WKX5KxwUDRvu/DBV1NnYWOPdlpqnK 2ns=
+x.w.example.				      3600 IN NSEC	x.y.w.example. MX RRSIG NSEC
+x.w.example.				      3600 IN RRSIG	NSEC 5 3 3600 20500101000000 20131121134528 1971 example. I2gdagfYSLw/fV4o4eGPAMOKS1Ih9nkUc1r51D5JnqdX5fLU7oyso5nQ R0l9BHAvfw2KKJn4AfVW3m0Vbe0oUBg+xqJtwtRjSsD80NqvUohqKun/ 4+LEaKro5IkaOgn7kiuTZYJHZ5+TPEk+6TsmmM4eC4mzF9Y5ZfzZxTj3 VM4=
+x.y.w.example.				      3600 IN MX	1 xx.example.
+x.y.w.example.				      3600 IN RRSIG	MX 5 4 3600 20500101000000 20131121134528 1971 example. gemBd/zaP6fu1cP7Fa2iFr4oQqUV0EVe4DdHy1dfEg/3NBy3dVZT0SsQ iLOHwkhKh18vOdDX1YbcwvOP7T7Z0FPzUSG9nZY/MKTrCsEDNdLwy8Z8 gKkhkVXqf+GiY8HHG50Sp4UZZAtstmTDfIE4dIMLjbBjeJVKTZhWR8jc 1Rg=
+x.y.w.example.				      3600 IN NSEC	xx.example. MX RRSIG NSEC
+x.y.w.example.				      3600 IN RRSIG	NSEC 5 4 3600 20500101000000 20131121134528 1971 example. yo+8UjHIb5YtPtRPIMU3uUKcGdaUSI23yQqHRwRJeVu6dF7F63iXvmdB Hd/lg7L+CAeB6iHYvbDJOAxlL0BpvvbSoU3Xy4f1r6T8+Y7VBsnijVI+ lETOE6IJevwHzrHU0jsMelRvZvOUs5skyQD7/JTwdDjwyQSb+cojMDgB wBQ=
+xx.example.				      3600 IN A		192.0.2.10
+xx.example.				      3600 IN RRSIG	A 5 2 3600 20500101000000 20131121134528 1971 example. ZBkt0zR1GotODoClSpplvseMfpnXYXQz3k+EIopYvMubU+MprkfNLZiT 1COKki7ul7t885tibK0ZsiV5vHbrZwBuQd7U2wZH2UILTuoUI0WkJh6l 427ubpymY+c2JYVJ02nA9zEvwlkeL34XUyksv0I5UbxPvqVvxbsg6b8r UC4=
+xx.example.				      3600 IN HINFO	"KLH-10" "TOPS-20"
+xx.example.				      3600 IN RRSIG	HINFO 5 2 3600 20500101000000 20131121134528 1971 example. dNS+7A5/HdDti/G7fD3kgX9iMGx5hf7yTDYxH822v85ynQ86SI19aHKN FIIa/JlBfIFTIpQVz7lD9jjjPs3wFqF+0Rpjs2i2h/Jnpty0qPt4NPLe 9uEKEg4qYhMLD5tY3b3Rv8px/derUQDr6sKwOHQLjXm3Szo6xKzq/jv3 nDI=
+xx.example.				      3600 IN AAAA	2001:db8::f00:baaa
+xx.example.				      3600 IN RRSIG	AAAA 5 2 3600 20500101000000 20131121134528 1971 example. 2kCfP1nujvDjGK+jQt+Q1MPGjpRRMvuicrEuBnjrUkazJXLKXPfxhsmA vkCP2cjqj99m/oS0jb8yX6JE4XW9zhbbW1cABq/9aTTT5IcrknaoQ8dz dwxvZ8rFU4QFiJIJ5qoY8QxpCuZJ4AvZNj1sRzQGBfatnn/yvZC+EjSK Zkw=
+xx.example.				      3600 IN NSEC	example. A HINFO AAAA RRSIG NSEC
+xx.example.				      3600 IN RRSIG	NSEC 5 2 3600 20500101000000 20131121134528 1971 example. UJ0Swaux9UZDSX8ZDB9bES/f83bNOIU6gmZeNo3G9b0OgLqovmEyTPSK dkKxO8wd7FuurP2+Hn8F20MMydMdS81TEQfMFkDESqFWorchXnN8rcOB e9Drk1y7AeWBM0WLtlcVpgrjz5Jte3U1+ceNdeXxX2nSn30PEelhZn+3 6Js=
--- a/tests-extra/functional/tests/basic/nsec/data/update.sh
+++ b/tests-extra/functional/tests/basic/nsec/data/update.sh
+#!/bin/sh
+
+export BASEDIR=`mktemp -d "/tmp/zone_sign-XXX"`
+../../../../tools/zone_sign.sh example. ../../../../data/example.zone nsec
+mv ../../../../data/example.zone.signed ./example.zone.nsec
--- a/tests-extra/functional/tests/basic/nsec/test.py
+++ b/tests-extra/functional/tests/basic/nsec/test.py
+#!/usr/bin/env python3
+
+'''NSEC test based on RFC-4035 example.'''
+
+from dnstest.test import Test
+
+t = Test()
+
+knot = t.server("knot")
+knot.DIG_TIMEOUT = 2
+bind = t.server("bind")
+zone = t.zone("example.", "example.zone.nsec")
+
+t.link(zone, knot)
+t.link(zone, bind)
+
+t.start()
+
+# B1. Answer.
+resp = knot.dig("x.w.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B2. Name Error.
+resp = knot.dig("mv.example", "A", dnssec=True)
+resp.cmp(bind)
+
+# B3. No Data Error.
+resp = knot.dig("ns1.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B4. Referral to Signed Zone.
+resp = knot.dig("mc.a.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B5. Referral to Unsigned Zone.
+resp = knot.dig("mc.b.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B6. Wildcard Expansion.
+resp = knot.dig("a.z.w.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B7. Wildcard No Data Error.
+resp = knot.dig("a.z.w.example", "AAAA", dnssec=True)
+resp.cmp(bind)
+
+# B8. DS Child Zone No Data Error.
+resp = knot.dig("example", "DS", dnssec=True)
+resp.cmp(bind)
+
+t.end()
--- a/tests-extra/functional/tests/basic/nsec3/data/example.zone.nsec3
+++ b/tests-extra/functional/tests/basic/nsec3/data/example.zone.nsec3
+; File written on Thu Nov 21 16:05:32 2013
+; dnssec_signzone version 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1
+example.				      3600 IN SOA	ns1.example. bugs.x.w.example. 1081539377 3600 300 3600000 3600
+example.				      3600 IN RRSIG	SOA 7 1 3600 20500101000000 20131121140532 41762 example. aJx8mi1F0ySJLYrILr5fQNLideDjtlvV+ucCL/EWhgjw1trxlOLgo4Rv 1qS8mpxyFTw6NTGkpRF5ygyBp+t/87WDWvOjBhG8ff6JjS9Y2tNZGgN9 DNOmGuvje7NtIYwW2XOw5ZnWE7wpSR09/hnEPi5PfTLmq/HDNzvhRfrK IOc=
+example.				      3600 IN NS	ns1.example.
+example.				      3600 IN NS	ns2.example.
+example.				      3600 IN RRSIG	NS 7 1 3600 20500101000000 20131121140532 41762 example. EVjaPbgPJKOynj+tp2csm5rIWRQPn4rTthnjmx64BFClzVbzJxPVXIqV evqZZcjPDrYchIlw9woc1EEzgLCmb8pURHNh9fEbUMsVf10YueRQOuQ9 9ilre7cb4XENJ5a9Y6vHe/STINcgbPNSbiBbDsXJYhmNKphZbWLvKJ78 Y9U=
+example.				      3600 IN MX	1 xx.example.
+example.				      3600 IN RRSIG	MX 7 1 3600 20500101000000 20131121140532 41762 example. mxlz40TUbDvyHfGc2AObkt1aGV/2fJd6/PcPXL684tksrN2Hp8iX4/Fu vCD/5ROsMoa3BPcqKp4SBpS/hwSP9NjBrfovJpCcCLqtqzLcDmofU2Gb IzPXALFBluZUMH+JfkADCqNtwWJJDgK/GYjRbYGaCY9V6zkv0t1w9SVO Je4=
+example.				      3600 IN DNSKEY	256 3 7 AwEAAbGzdN7gfYDe+1jCqhJLrNZBSyx6ey+YYCU7PgyAymEmmoQoRAGB 0r3xT5hmTnDJdtpHczIOfiVuafu/5Uj17LwP8+xQLgVmijDQe99ufTU2 nQWTeGdG5fnRkP03goSBOc1DNt4pYQrel33QxbAeueNTavjd3NdfgSdM jXVlntez
+example.				      3600 IN DNSKEY	257 3 7 AwEAAa8bsFyZtMbjQ8bgxUfms0pxCsx/bD4Vu53sb9aXZbcDgRWzquYB fN1ukXPSleL43GygHTv5YuxUyQBILFurrOXhDMK7SLSMGw3kxQIGer6B AEHJPYOEwR8dTFdrB0u0+yg4g0XP0GpM3Cz5fzzikJj//uvhdtyqWmI2 8jHY41fNZKTFK3jvlVzSvtxFZ0Fl11bdQar1TlPCMmyVCrPTz4Vp776e Fr8y3QN1OZ8z1TQZ7S7NP/ZzCp3qTGjgkMw9oICdOA/XKZT8NIQxT3Zd v0Ab7/puvUmK8P97oOLk84UeMO5ChuN4lusCmOFJRRlq1hPtygLIlzR4 9692cjo7kKs=
+example.				      3600 IN RRSIG	DNSKEY 7 1 3600 20500101000000 20131121140532 37656 example. jPuo8ultw40Ux+Lm6lwXZMxC9Q2aERLX0Q/Iboy/M/kwPSCSQ2Nw8GXA 15xEK6nJYAwdpeJlyRONlfCaOuvKa7dVOW8nEFaC0VUw/Iu8kbqN+Pap vyh4mKH6YueX03C13m8rGpmp/uZy3xq/b9N5vzpCUvt3OfQef2wDZlO7 8uIIH/iIvK3/q5yAsbKU3FR6EmK7GVf/dua9uFai3/FsguBnZUkxjs5l DYAsxMoSxhHaGjLfAPEd7lE6otgp4jPOUs9Vg+iD1PuXUqgM69PywCEd ktYrutWCly8fO1mAAjR0Op4ab6hleKD+pep1RdaSAA+3KGMG0MSsDJxZ P10ZuA==
+example.				      3600 IN RRSIG	DNSKEY 7 1 3600 20500101000000 20131121140532 41762 example. Uw/0ebu7LAZYZEw+Vd5/XG1KlXUpz7RSiUPH5dmr4gTNRv2oaR4QdXJh 3AuoEnfap3atjBBZC2kY9gegLITtgbmGGqe+SGJgp9ha2BHO1h9/bovY +rvPTYkiQuXOIjGfO8+uHqebPu1v1n0s0UZB+gny8oDsC9Z4T6doeaDe v7M=
+example.				      0	IN NSEC3PARAM	1 0 10 DEADBEEF
+example.				      0	IN RRSIG	NSEC3PARAM 7 1 0 20500101000000 20131121140532 41762 example. gaEi1Zs0vvUsjAxcOBF1ClxSqJjScJG2CRL1RS83R+ds9cSyovOAOYnY ULH+hYEs4+UR5dOWxkgCLjy8V+lfJN2F0a6T/HPacnX5W59YG/xQur/A MmGY5PggyPmuQ4dY3/y+65jthEzi6PEIxdMR8se8pAQgSUFVvg8HynCk EBk=
+ns1.a.example.				      3600 IN A		192.0.2.5
+ns2.a.example.				      3600 IN A		192.0.2.6
+ns1.b.example.				      3600 IN A		192.0.2.7
+ns2.b.example.				      3600 IN A		192.0.2.8
+b.example.				      3600 IN NS	ns1.b.example.
+b.example.				      3600 IN NS	ns2.b.example.
+ns2.example.				      3600 IN A		192.0.2.2
+ns2.example.				      3600 IN RRSIG	A 7 2 3600 20500101000000 20131121140532 41762 example. UlMEj2i1zaIKfI/vX3GK5pZSMrR8q+KAE0NmYYYnHdj2IQ1MKU0wIrWs ybzRtAWl4cMaK3yrAiZsbyUDJkrDCyi73Ip8nMA0mhHD9k6OFHlBnXH+ 93OE+Qe25SC4aglGw308I/9OiZBZVxnc2J6/tIWQhD4QXV/f2XeXzzrC zPA=
+ns1.example.				      3600 IN A		192.0.2.1
+ns1.example.				      3600 IN RRSIG	A 7 2 3600 20500101000000 20131121140532 41762 example. LX7a2zxGJo85ntf8qCmg7ZFRuZTwmJkrU1a2K4SAK0ASCelR6adSNBDk pEqLUC11L8OepNTCvYkKk/GcLzVCk+1k7mKLOyxAz1AzgBDNKWUGBmni p3Ma43v9wDRIGGCNoverc47OriF5Dsuejw1OQIxbX8HbD9fiFcR5LERw 5gc=
+x.w.example.				      3600 IN MX	1 xx.example.
+x.w.example.				      3600 IN RRSIG	MX 7 3 3600 20500101000000 20131121140532 41762 example. akdKbtOqpA/rd4nU/AANZTCfJkG/HFji4XpMJUkJ16OCM0CLE1dDEnWJ YOx3uDH6gZVSAzPtaGPtLF5BfQPg0yLT8+i+h91fGvaPn6N4w8XTPujN udkNgOI7Lh3iQxY6Tn71oWMO9mJprbRfMsmsesFAOQNbbQC9y2/GksbE N94=
+x.y.w.example.				      3600 IN MX	1 xx.example.
+x.y.w.example.				      3600 IN RRSIG	MX 7 4 3600 20500101000000 20131121140532 41762 example. UCwgkA6LcBs/yPVsLwT7wAJ6FqD8bIyZiz+X2PwhSAHzvIkiywx0DsCU 19lUzlKr55g6M6KhdeOSDi4Xia7bSBM4JOplJEYFTcF2eevJyAIaWRei s1YStGyShAlt5VqiZY9UB9Mwy8DPadfQOzqRWUJEF1urLaX6YHDRS5E6 p2g=
+ai.example.				      3600 IN A		192.0.2.9
+ai.example.				      3600 IN RRSIG	A 7 2 3600 20500101000000 20131121140532 41762 example. VLnUXMmN3gHqoIY8Un1qwWCmnjU7vVodoGEDWMU/Cq2pn5jubkWzAaQv 8tkq+cRrz6IWyXRTJNMr8vZCJQr5WXCA7YvfDnIg4z1foD4DQ5B1BMgf NxlMNzKBgiiyA8B/uzuZQL6H+kngiD9n9Vpto0ybEAG0DQdZB1T8/vKo Z+0=
+ai.example.				      3600 IN HINFO	"KLH-10" "ITS"
+ai.example.				      3600 IN RRSIG	HINFO 7 2 3600 20500101000000 20131121140532 41762 example. OXOI4QvRtY7mN/iyuUcGovM+SHiRTtlD0HL8at2FLayE6+s0n++CjdFW MJY2ZTgVpHZdXz20rnghZXU+9FdS0zpvYxQFvsQa8+x7QOXOzj0YEO3E RrGk9oLyiZN4RBLeLoYxlmOIePQFhwoMUw/BXqPfn33aynseAXmBgFOy W6k=
+ai.example.				      3600 IN AAAA	2001:db8::f00:baa9
+ai.example.				      3600 IN RRSIG	AAAA 7 2 3600 20500101000000 20131121140532 41762 example. aN/bJ7J6GZ2I2eznSRuXaSRejum/yX/tt07ePlbaZdGlXb8n4mbwzhip mbCd7oU+salNwFSHvEVazRwTlcoVz7LAadVY7RPT7c4Nss4RJP6KSWlV Xn8prNWvk3BJ65iHr4EqTutAnGHzInxeD6DvHEfZhzpgKYPoO//JpTCY WU8=
+2MQO6UDP7QSOB5H0T3JHOFLM4MRA94Q4.example.     3600 IN NSEC3	1 0 10 DEADBEEF 4JID9HEMJTDKKJ18LVC29JMSMJHIOSVA MX RRSIG
+2MQO6UDP7QSOB5H0T3JHOFLM4MRA94Q4.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. G3IzIjL7qRDfN+6yOOJdAJMz54YJB9au55ZMRHLfv/gk3uFw83NjieOk ilC+oqVFTSAD1s6pfBgMsg+6c8obRekTJXzc+BGufYyrHTAUlj2zIrSf aqyPhbEwL2OEsr4Y3GMAfHRRNKdDSR4Otg3so8Legp7IDyXpVUvERcMm EB8=
+*.w.example.				      3600 IN MX	1 ai.example.
+*.w.example.				      3600 IN RRSIG	MX 7 2 3600 20500101000000 20131121140532 41762 example. Ec/oZDZEmo0AeQzczh1p+rmRL1i833W7hDLZAAVlz6Z/TrrI+iA1lQWr ZzGMqbqUsXNSK2z9irwKRjW38xZ9SVAt6e1JX/RkM2RN08RJ5rGo57hF LC5FpwDAtRUMwARIw4bbAXVQ1VYhQ1Uk2zL8prYfCLSgpGJHZA3x/RDW 9d4=
+6TF0E8MESJJQLJKV6KAMRV3RN66I16ID.example.     3600 IN NSEC3	1 0 10 DEADBEEF 8ORIRD8RDEDBV52IJSCJ9JGQU4NGTAL4 
+6TF0E8MESJJQLJKV6KAMRV3RN66I16ID.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. VpoIabDI3l515q5weOw8p7pV3V1qchK3enNLQELEchAdAYI8LtS+Pg4a UD8hIk7fUUIec2JmoG6r/zohmJg2xCcB475dRqp8WXLxcEhGlBw0e385 w+Mp5EU7v/eb1vgYuRaZ2is5sDb5nHn0Qf0lg2o21nbD1J1W8POTklqq 4Po=
+8ORIRD8RDEDBV52IJSCJ9JGQU4NGTAL4.example.     3600 IN NSEC3	1 0 10 DEADBEEF IAQQAESH1F2BJG9V1SKEHR7OHPPCBRK9 A HINFO AAAA RRSIG
+8ORIRD8RDEDBV52IJSCJ9JGQU4NGTAL4.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. JLIJEpQIT3Xr/3mzwoWn3EEDidBCKzJwGcMV8oqzdRD/F+NJxIyr0WB1 NrZfggYi+Hh7OUJZT6CG9l890fF2kpeIKLK3G2I44vqknczXRTMp1xwi pkkYy3tmVV/Z/T5dxWajZMuGMNEvVmZtWKcdmd9QSQL6un4OM8KzVTp6 22c=
+IAQQAESH1F2BJG9V1SKEHR7OHPPCBRK9.example.     3600 IN NSEC3	1 0 10 DEADBEEF J795U0UKQ5051M5M57FS8U3N0H9QIBKE 
+IAQQAESH1F2BJG9V1SKEHR7OHPPCBRK9.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. Z22Vk1AAX5yF1juW6UQjEOXVP8B9gbochyx5tanCtsrxUhnhZmS+fpvp jqUJ6P3DC/CRnqzLyzTEoQljzXQQqkRe/yz80JlIWCi1b9P5zCxlWD8o QrOFcKFZzvTfbzQBZRcxK5Jf+H7duCqc/nYqdb/NmQzcl5KXwjO5vZoV 5+g=
+J795U0UKQ5051M5M57FS8U3N0H9QIBKE.example.     3600 IN NSEC3	1 0 10 DEADBEEF L0T8V3UNMQ8OUUV1U07TEG4LDJ88PVEL A RRSIG
+J795U0UKQ5051M5M57FS8U3N0H9QIBKE.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. BbpKNiUVUYOZ/QmEIcftes6EWkwTqYjWNg1Ty89bqeE9F8rzk5A1DdQr DpC2zCNi7vmSCpX9MC0NttPU9zedcR/hrSJo9AWwDldSCgsETu2auUTR 5MtfDSYjIYp2BCpVBR7dcY8qvHhpvdyvx7pBLiurQji54MY0ng8rV6nL 22A=
+L0T8V3UNMQ8OUUV1U07TEG4LDJ88PVEL.example.     3600 IN NSEC3	1 0 10 DEADBEEF N57RDH55MKOFU9P016ML9NPPBEANP6NF MX RRSIG
+L0T8V3UNMQ8OUUV1U07TEG4LDJ88PVEL.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. hmDUnkVc+nD8DRgQRnVXahzST86VvHI95ZgbF6Gk99YbvsH3Bn6402tN 1CqaW41Qc69plTXdVEE/Dk2pS6Lgpc04z3IbMI9q2huUM6kaqyQMn9Cv t79wASbImL/myfkZCZdAlInRe+fs7xU5HGrfhxxeE0x0aKqLt0Xqe7FA apM=
+N57RDH55MKOFU9P016ML9NPPBEANP6NF.example.     3600 IN NSEC3	1 0 10 DEADBEEF PT0JJLUSM75FG87LKRGJINL1GGI0P84V A RRSIG
+N57RDH55MKOFU9P016ML9NPPBEANP6NF.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. B6nkaEvdvuaKvgLnEuOqFg2OdMU4ZqLoz+ZPHKhKWKU1cipOnFQKSEyk FZSkRsluZJH/6fjjU1bF8OTStLQLquI3gAjNcHBy9fz5u25uhWoWg1R6 SQrX8toCT4ZZmo9IOpM2bhemIILrLUUIoNznbKkLCXBCtsfvOFH5A5nJ SB4=
+xx.example.				      3600 IN A		192.0.2.10
+xx.example.				      3600 IN RRSIG	A 7 2 3600 20500101000000 20131121140532 41762 example. gNyof6B2B0jDbTw5A9b5hhVC7Kyrok32bM8OpxSkS80IWA41a2yvEZMV tD+wW6eNjCgJZ8I1tA6s4wjtWVRcD4PSERdWcv9D9Yx5zX4tVYu8qx6q GRjYNp23HAgA1YdnkqblUifwoHgVFrWJAeacsxyihbNGcQGatl1lU4t+ Qjs=
+xx.example.				      3600 IN HINFO	"KLH-10" "TOPS-20"
+xx.example.				      3600 IN RRSIG	HINFO 7 2 3600 20500101000000 20131121140532 41762 example. UjELmKwACvtDVEFTvK0ea1MZCAR7+obqvfjnvi9aNeN+Is8l9pj3TV+R cqKWs0Prla5VGIGudYwD9OeKEntDUVVy3CedsLicb2ONWR/ye9+uaoAA iPA1+iwcQZbC3CrjjrM+W0H24vXjy2K667dbehD2JUfaNvQs/7ugJ4ZZ Yrg=
+xx.example.				      3600 IN AAAA	2001:db8::f00:baaa
+xx.example.				      3600 IN RRSIG	AAAA 7 2 3600 20500101000000 20131121140532 41762 example. M8/kvypKzckUCg2HTe6C81c496jo2q1PY2PHJoeuQ8sm0iQ1ZE2ncsGi 7pDLqjU5dqdDy5zCwipT7jNr5MPaHEg22i4owt2uS+0JiIeESdZJ9xe4 fY4XSkmTGj+sJQIZwnKchnIfKzQO4I4K6WKeKJOjGbR7wvMJq4Cr+S7m a5A=
+PT0JJLUSM75FG87LKRGJINL1GGI0P84V.example.     3600 IN NSEC3	1 0 10 DEADBEEF Q0TT0CNBOS6ECVMBDBACQ2JBFI6U53G5 NS DS RRSIG
+PT0JJLUSM75FG87LKRGJINL1GGI0P84V.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. W8K0r94OgPNVe4pjFKLSQXS8SSgfWhTdIpmGoybQsPdDtqv1oM4HxHBW XrirKDurEglihTYXq4emrmyhkRongt60GLJ+czOcEFUks2xga6FqhriD SN9LzAIOooWEq28OdU7AQcabKPSnlQmbg/tB0WbvZeQxsbLG5JwMf28N BaU=
+Q0TT0CNBOS6ECVMBDBACQ2JBFI6U53G5.example.     3600 IN NSEC3	1 0 10 DEADBEEF Q1P62JKK9753OA2FVA0CC5EP89KSMLCG NS SOA MX RRSIG DNSKEY NSEC3PARAM
+Q0TT0CNBOS6ECVMBDBACQ2JBFI6U53G5.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. ckVW7fzC9Fnz3OFmWcftW1CF6T4TYnaPMOZSMnze06xmvfEGHJZxQBs8 1kX7EySGsi7mREdV+C/DwZ1CluVtpvF5vFSlVty20/BUixAiwQstF4nu FSBXiueBDmm64YjSQc8zP20dio9DjeD0IHuNxpo60HLhspvp3mbTQX4o 4JQ=
+Q1P62JKK9753OA2FVA0CC5EP89KSMLCG.example.     3600 IN NSEC3	1 0 10 DEADBEEF VLMHQ9C2JMLMGMV6D7RED9RUR3K0R508 MX RRSIG
+Q1P62JKK9753OA2FVA0CC5EP89KSMLCG.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. I/Dcl6+4lzO8Uil3r4HTPc8QapRN3nFJUDZS4K8LejAHP+Imq1mMCnRP l32TDRrUB6Or5mVjp70h3xFaPVs93gqmG0JtzK1a1vxklj/8LNQPBw/t Qf56Rh5+wjXC41jFAeOsPjufs9ryAanb01rMYTR3/CfbYjmadt9OgXCA IVg=
+VLMHQ9C2JMLMGMV6D7RED9RUR3K0R508.example.     3600 IN NSEC3	1 0 10 DEADBEEF 2MQO6UDP7QSOB5H0T3JHOFLM4MRA94Q4 A HINFO AAAA RRSIG
+VLMHQ9C2JMLMGMV6D7RED9RUR3K0R508.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. l2X25tQOlJ/e0F2n2FR+02WF8tKiEHVP28Wib1O5IUrzQ+oFjcUmFp2/ 7BFdJfb+IZeZ0FeGShAHTeGX3NBV2Z7C5WcoH0KuJRxhsFWenD/DKwdB 2Yebd3BYBVRmFrO3fevCyuOjS4b2Try0RRFbidz5PPefO3XLVo/YJdnV EhA=
+4JID9HEMJTDKKJ18LVC29JMSMJHIOSVA.example.     3600 IN NSEC3	1 0 10 DEADBEEF 6TF0E8MESJJQLJKV6KAMRV3RN66I16ID NS
+4JID9HEMJTDKKJ18LVC29JMSMJHIOSVA.example.     3600 IN RRSIG	NSEC3 7 2 3600 20500101000000 20131121140532 41762 example. Nsi9xCo1sNnKMowRi8IDGX41AyZ7n6VRLBeJH+1wkGbGJWP60d2MQv29 pd2JyDHfkztpvrjLTIsaW1N9KgSFzHrqUMKSDwVhe6aBAHiopdk952TM rzg0c913PFE0xryqZfslsTo148YNu5LrEEzvSLhd+4Ci4RWh2L9SUuOp 2rg=
+a.example.				      3600 IN NS	ns1.a.example.
+a.example.				      3600 IN NS	ns2.a.example.
+a.example.				      3600 IN DS	57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
+a.example.				      3600 IN RRSIG	DS 7 2 3600 20500101000000 20131121140532 41762 example. MSReeUDIHLePnOTDwT1iAclV9vuaT1kcz/BjqoUdhxSYzUKCUIZAW7e2 +6aNGjtyLkHGSXkS6uVTlIpuRk9e8nN2jIdqOGHeGL2Q1diFsFhMwjtv YtwsQTJ4dlwdfg+2lWXUbGVkrqM4Q3XaZO8lNHogbaAWKCOB5JNgRdim 0as=
--- a/tests-extra/functional/tests/basic/nsec3/data/update.sh
+++ b/tests-extra/functional/tests/basic/nsec3/data/update.sh
+#!/bin/sh
+
+export BASEDIR=`mktemp -d "/tmp/zone_sign-XXX"`
+../../../../tools/zone_sign.sh example. ../../../../data/example.zone
+mv ../../../../data/example.zone.signed ./example.zone.nsec3
--- a/tests-extra/functional/tests/basic/nsec3/test.py
+++ b/tests-extra/functional/tests/basic/nsec3/test.py
+#!/usr/bin/env python3
+
+'''NSEC3 test based on RFC-4035 example.'''
+
+from dnstest.test import Test
+
+t = Test()
+
+knot = t.server("knot")
+knot.DIG_TIMEOUT = 2
+bind = t.server("bind")
+zone = t.zone("example.", "example.zone.nsec3")
+
+t.link(zone, knot)
+t.link(zone, bind)
+
+t.start()
+
+# B1. Answer.
+resp = knot.dig("x.w.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B2. Name Error.
+resp = knot.dig("mv.example", "A", dnssec=True)
+resp.cmp(bind)
+
+# B3. No Data Error.
+resp = knot.dig("ns1.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B4. Referral to Signed Zone.
+resp = knot.dig("mc.a.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B5. Referral to Unsigned Zone.
+resp = knot.dig("mc.b.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B6. Wildcard Expansion.
+resp = knot.dig("a.z.w.example", "MX", dnssec=True)
+resp.cmp(bind)
+
+# B7. Wildcard No Data Error.
+resp = knot.dig("a.z.w.example", "AAAA", dnssec=True)
+resp.cmp(bind)
+
+# B8. DS Child Zone No Data Error.
+resp = knot.dig("example", "DS", dnssec=True)
+resp.cmp(bind)
+
+t.end()
--- a/tests-extra/functional/tools/zone_sign.sh
+++ b/tests-extra/functional/tools/zone_sign.sh
+#!/bin/bash
+export SIGNKEY=""
+export KSK=""
+export STYPE="-3"
+export ENDTIME="20500101000000"
+_keygen() {
+        keygenlog=${BASEDIR}/keygen.log
+        echo -n > $keygenlog
+        key=$(dnssec-keygen -r /dev/urandom $STYPE -n ZONE -K $BASEDIR $ZONE 2>>$keygenlog)
+        export SIGNKEY=$BASEDIR/${key}
+        key=$(dnssec-keygen $STYPE -f KSK -r /dev/urandom -n ZONE -K $BASEDIR $ZONE 2>>$keygenlog)
+        export KSK=$BASEDIR/${key}
+        #echo "\$include $SIGNKEY.key ; ZSK" >> $ZFILE
+        #echo "\$include $KSK.key ; KSK" >> $ZFILE
+}
+
+_sign_zone() {
+        flags=""
+        if [ "$STYPE" == "-3" ]; then
+                flags="$STYPE deadbeef"
+        fi
+        dnssec-signzone $flags -O full -d $BASEDIR -K $BASEDIR -k ${KSK} -e $ENDTIME \
+			-S -o $ZONE $1 $SIGNKEY.key &>>$LOG
+}
+
+if [ "$(basename $0)" == "zone_sign.sh" ] && [ $# -ge 2 ]; then
+        if [ -z $BASEDIR ]; then
+                export BASEDIR=$(pwd)
+        fi
+        export LOG=.log
+        export ZONE=$1
+        export ZFILE=$2
+        if [ "$3" == "nsec" ]; then
+                STYPE=""
+        fi
+        if [ -n "$4" ]; then
+                ENDTIME=$4
+        fi
+        if [ -f .skey ] && [ -f .ksk ]; then
+                export SIGNKEY=$(cat .skey)
+                export KSK=$(cat .ksk)
+        else
+                _keygen
+                echo $SIGNKEY > .skey
+                echo $KSK > .ksk
+                mv .skey $BASEDIR &>>$LOG
+                mv .ksk $BASEDIR &>>$LOG
+        fi
+        _sign_zone $ZFILE
+        cat $LOG
+        rm $LOG
+fi