Copyright (C) 2015, 2016 Internet Systems Consortium, Inc. ("ISC")

This Source Code Form is subject to the terms of the Mozilla Public

License, v. 2.0. If a copy of the MPL was not distributed with this

file, You can obtain one at http://mozilla.org/MPL/2.0/.

This is for testing managed-keys, in particular with problems

with RFC 5011 Automated Updates of DNSSEC Trust Anchors.

ns1 is the root server that offers new KSKs and hosts one record for

testing. The TTL for the zone's records is 2 seconds.

ns2 is a validator uses managed-keys.

"named -T rfc5011holddown=4" switch is used so it will attempt to do

the automated updates frequently.

ns3 is a validator with a broken key in managed-keys.

Tests TODO:

- initial working KSK

TODO: test using delv with new trusted key too

- introduce a REVOKE bit

- later remove a signature

- corrupt a signature

TODO: also same things with dlv auto updates of trust anchor