diff --git a/bin/tests/system/_common/root.hint.conf b/bin/tests/system/_common/root.hint.conf
new file mode 100644
index 0000000000..465c5ad783
--- /dev/null
+++ b/bin/tests/system/_common/root.hint.conf
@@ -0,0 +1,4 @@
+zone "." {
+	type hint;
+	file "../../_common/root.hint";
+};
diff --git a/bin/tests/system/_common/zones.conf.j2 b/bin/tests/system/_common/zones.conf.j2
new file mode 100644
index 0000000000..27bcb942be
--- /dev/null
+++ b/bin/tests/system/_common/zones.conf.j2
@@ -0,0 +1,10 @@
+{% if zones is defined and zones %}
+{% for zone in zones.values() %}
+{% if zone.ns.name == ns.name %}
+zone "@zone.name@" {
+	type @zone.type@;
+	file "@zone.filepath@";
+};
+{% endif %}
+{% endfor %}
+{% endif %}
diff --git a/bin/tests/system/_common/zones/delegations.partial.db.j2 b/bin/tests/system/_common/zones/delegations.partial.db.j2
new file mode 100644
index 0000000000..a44d2adf06
--- /dev/null
+++ b/bin/tests/system/_common/zones/delegations.partial.db.j2
@@ -0,0 +1,5 @@
+{% if delegations is defined and delegations %}
+{% for zone in delegations %}
+{% include '_common/zones/ns.partial.db.j2' %}
+{% endfor %}
+{% endif %}
diff --git a/bin/tests/system/_common/zones/ns.partial.db.j2 b/bin/tests/system/_common/zones/ns.partial.db.j2
new file mode 100644
index 0000000000..27a2c2ecbb
--- /dev/null
+++ b/bin/tests/system/_common/zones/ns.partial.db.j2
@@ -0,0 +1,2 @@
+@zone.name@.			NS	@zone.ns.name@.@zone.name@.
+@zone.ns.name@.@zone.name@.			A	@zone.ns.ip@
diff --git a/bin/tests/system/_common/zones/root.db.j2.manual b/bin/tests/system/_common/zones/root.db.j2.manual
new file mode 100644
index 0000000000..9f4de112b4
--- /dev/null
+++ b/bin/tests/system/_common/zones/root.db.j2.manual
@@ -0,0 +1,13 @@
+$TTL 300
+.			IN SOA	. a.root.servers.nil. (
+				2000042100	; serial
+				600		; refresh
+				600		; retry
+				1200		; expire
+				600		; minimum
+)
+
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+{% include '_common/zones/delegations.partial.db.j2' %}
diff --git a/bin/tests/system/_common/zones/soa.partial.db.j2 b/bin/tests/system/_common/zones/soa.partial.db.j2
new file mode 100644
index 0000000000..3fae403539
--- /dev/null
+++ b/bin/tests/system/_common/zones/soa.partial.db.j2
@@ -0,0 +1,9 @@
+$ORIGIN @zone.name@.
+$TTL 300
+{% raw %}@{% endraw %}			IN SOA	@zone.ns.name@.@zone.name@. . (
+				1		; serial
+				20		; refresh (20 seconds)
+				20		; retry (20 seconds)
+				1814400		; expire (3 weeks)
+				3600		; minimum (1 hour)
+)
diff --git a/bin/tests/system/_common/zones/template.db.j2.manual b/bin/tests/system/_common/zones/template.db.j2.manual
new file mode 100644
index 0000000000..600ffbbc4b
--- /dev/null
+++ b/bin/tests/system/_common/zones/template.db.j2.manual
@@ -0,0 +1,7 @@
+{% include '_common/zones/soa.partial.db.j2' %}
+{% include '_common/zones/ns.partial.db.j2' %}
+{% include '_common/zones/delegations.partial.db.j2' %}
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+c			A	10.0.0.3
diff --git a/bin/tests/system/isctest/template.py b/bin/tests/system/isctest/template.py
index f0668880c6..6c6b628b94 100644
--- a/bin/tests/system/isctest/template.py
+++ b/bin/tests/system/isctest/template.py
@@ -11,7 +11,7 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-from dataclasses import dataclass
+from dataclasses import dataclass, field
 from pathlib import Path
 from re import compile as Re
 from typing import Any
@@ -144,11 +144,12 @@ class Zone:
     name: str
     ns: Nameserver
     type: str = "primary"
-    filename: str | None = None
+    filepath: Path | None = field(default=None)
 
-    def __post_init__(self):
-        if self.filename is None:
-            self.filename = f"{self.name}.db"
+    def __post_init__(self) -> None:
+        if self.filepath is None:
+            base = "root" if self.name == "." else self.name
+            self.filepath = Path(f"zones/{base}.db")
 
 
 @dataclass
diff --git a/bin/tests/system/rollover/setup.py b/bin/tests/system/rollover/setup.py
index c1fc62b4e4..dc83402069 100644
--- a/bin/tests/system/rollover/setup.py
+++ b/bin/tests/system/rollover/setup.py
@@ -9,6 +9,8 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
+from pathlib import Path
+
 import shutil
 
 from isctest.kasp import SettimeOptions, private_type_record
@@ -50,7 +52,7 @@ def configure_tld(zonename: str, delegations: list[Zone]) -> Zone:
     templates.render(f"ns2/{outfile}", tdata, template=f"ns2/{template}")
     signer(f"-P -x -O full -o {zonename} -f {outfile}.signed {outfile}", cwd="ns2")
 
-    return Zone(zonename, NS2, filename=f"{outfile}.signed")
+    return Zone(zonename, NS2, filepath=Path(f"{outfile}.signed"))
 
 
 def configure_root(delegations: list[Zone]) -> TrustAnchor:
@@ -1662,7 +1664,7 @@ def configure_straight2none(tld: str) -> list[Zone]:
     render_and_sign_zone(zonename, [csk_name], extra_options="-z")
 
     zonename = f"going-straight-to-none-dynamic.{tld}"
-    zones.append(Zone(zonename, NS3, filename=f"{zonename}.db.signed"))
+    zones.append(Zone(zonename, NS3, filepath=Path(f"{zonename}.db.signed")))
     isctest.log.info(f"setup {zonename}")
     # Key generation.
     csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()