diff --git a/tests-extra/tests/dnssec/single_type_signing/test.py b/tests-extra/tests/dnssec/single_type_signing/test.py
new file mode 100644
index 0000000000000000000000000000000000000000..06b354240b5b11c362b1571a7917adea80a2c3b7
--- /dev/null
+++ b/tests-extra/tests/dnssec/single_type_signing/test.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+"""
+DNSSEC Single-Type Signing Scheme, RFC 6781
+"""
+from dnstest.utils import *
+from dnstest.test import Test
+
+t = Test()
+
+knot = t.server("knot")
+zones = t.zone_rnd(3, dnssec=False, records=10)
+t.link(zones, knot)
+t.start()
+
+# one KSK
+knot.gen_key(zones[0], ksk=True, alg="RSASHA256", key_len="512")
+
+# one ZSK
+knot.gen_key(zones[1], ksk=False, alg="RSASHA512", key_len="1024")
+
+# multiple KSKs
+knot.gen_key(zones[2], ksk=True, alg="RSASHA512", key_len="1024")
+knot.gen_key(zones[2], ksk=True, alg="RSASHA256", key_len="512")
+
+knot.dnssec_enable = True
+knot.gen_confile()
+knot.reload()
+t.sleep(2)
+knot.flush()
+t.sleep(2)
+knot.stop()
+
+for zone in zones:
+    knot.zone_verify(zone)
+
+t.end()