diff --git a/bin/tests/system/resolver/ns5/named.conf.in b/bin/tests/system/resolver/ns5/named.conf.in
index dc1704fd28..32c5fa7111 100644
--- a/bin/tests/system/resolver/ns5/named.conf.in
+++ b/bin/tests/system/resolver/ns5/named.conf.in
@@ -25,6 +25,7 @@ options {
 	dnssec-validation yes;
 	querylog yes;
 	prefetch 4 10;
+	responselog yes;
 };
 
 include "trusted.conf";
@@ -48,6 +49,8 @@ zone "child.server" {
 	file "child.server.db";
 };
 
+include "trusted.conf";
+
 key rndc_key {
         secret "1234abcd8765";
         algorithm @DEFAULT_HMAC@;
diff --git a/bin/tests/system/resolver/ns6/named.conf.in b/bin/tests/system/resolver/ns6/named.conf.in
index c6ec72abc4..34552af1b7 100644
--- a/bin/tests/system/resolver/ns6/named.conf.in
+++ b/bin/tests/system/resolver/ns6/named.conf.in
@@ -26,6 +26,7 @@ options {
 	querylog yes;
 	statistics-file "named.stats";
 	max-udp-size 4096;
+	responselog no;
 };
 
 zone "." {
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index d718362e01..222b76838e 100755
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -885,5 +885,104 @@ grep "status: SERVFAIL" dig.out.${n} >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+n=$((n + 1))
+echo_i "check that response codes have been logged with 'responselog yes;' ($n)"
+ret=0
+grep "responselog yes;" ns5/named.conf >/dev/null || ret=1
+grep "response: version.bind CH TXT NOERROR" ns5/named.run >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that 'rndc responselog off' disables logging 'responselog yes;' ($n)"
+ret=0
+rndccmd 10.53.0.5 responselog off || ret=1
+dig_with_opts @10.53.0.5 should.not.be.logged >dig.ns5.out.${n} || ret=1
+grep "response: should.not.be.logged" ns5/named.run >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that 'rndc responselog on' enables logging 'responselog yes;' ($n)"
+ret=0
+grep "response: should.be.logged" ns5/named.run >/dev/null && ret=1
+rndccmd 10.53.0.5 responselog on || ret=1
+dig_with_opts @10.53.0.5 should.be.logged >dig.ns5.out.${n} || ret=1
+grep "response: should.be.logged" ns5/named.run >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that response codes have not been logged with default 'responselog' ($n)"
+ret=0
+grep "responselog" ns1/named.conf >/dev/null && ret=1
+grep "response: version.bind CH TXT NOERROR" ns1/named.run >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that 'rndc responselog on' enables logging with default 'responselog' ($n)"
+ret=0
+grep "response: should.be.logged" ns1/named.run >/dev/null && ret=1
+rndccmd 10.53.0.1 responselog on || ret=1
+dig_with_opts @10.53.0.1 should.be.logged >dig.ns1.out.${n} || ret=1
+grep "response: should.be.logged" ns1/named.run >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that 'rndc responselog off' disables logging with default 'responselog' ($n)"
+ret=0
+rndccmd 10.53.0.1 responselog off || ret=1
+dig_with_opts @10.53.0.1 should.not.be.logged >dig.ns1.out.${n} || ret=1
+grep "response: should.not.be.logged" ns1/named.run >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that response codes have not been logged with 'responselog no;' ($n)"
+ret=0
+grep "responselog no;" ns6/named.conf >/dev/null || ret=1
+grep "response: version.bind CH TXT NOERROR" ns6/named.run >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that 'rndc responselog on' enables logging with default 'responselog no;' ($n)"
+ret=0
+grep "response: should.be.logged" ns6/named.run >/dev/null && ret=1
+rndccmd 10.53.0.6 responselog on || ret=1
+dig_with_opts @10.53.0.6 should.be.logged >dig.ns6.out.${n} || ret=1
+grep "response: should.be.logged" ns6/named.run >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that 'rndc responselog' toggles logging off with default 'responselog no;' ($n)"
+ret=0
+rndccmd 10.53.0.6 responselog || ret=1
+dig_with_opts @10.53.0.6 toggled.should.not.be.logged >dig.ns6.out.${n} || ret=1
+grep "response: toggled.should.not.be.logged" ns6/named.run >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that 'rndc responselog' toggles logging on with default 'responselog no;' ($n)"
+ret=0
+rndccmd 10.53.0.6 responselog || ret=1
+dig_with_opts @10.53.0.6 toggled.should.be.logged >dig.ns6.out.${n} || ret=1
+grep "response: toggled.should.be.logged" ns6/named.run >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "check that 'rndc responselog off' disables logging with default 'responselog no;' ($n)"
+ret=0
+rndccmd 10.53.0.6 responselog off || ret=1
+dig_with_opts @10.53.0.6 should.not.be.logged >dig.ns6.out.${n} || ret=1
+grep "response: should.not.be.logged" ns6/named.run >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1