Add a DNSSEC policy test case for a special zone

Try to create a key for a zone, and then sign it, that has some special
characters in the name.

bin/tests/system/kasp/ns3/named-fips.conf.in

@@ -48,6 +48,14 @@ zone "default.kasp" {
 	dnssec-policy "default";
 };
 
+/* A zone with special characters. */
+zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." {
+        type primary;
+        file "i-am.special.kasp.db";
+        check-names ignore;
+        dnssec-policy "default";
+};
+
 /* checkds: Zone with one KSK. */
 zone "checkds-ksk.kasp" {
 	type primary;

bin/tests/system/kasp/ns3/setup.sh

@@ -51,6 +51,13 @@ for zn in default dnssec-keygen some-keys legacy-keys pregenerated \
   cp template.db.in "$zonefile"
 done
 
+#
+# Setup special zone
+#
+zone="i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."
+echo_i "setting up zone: $zone"
+cp template.db.in "i-am.special.kasp.db"
+
 #
 # Set up RSASHA1 based zones
 #

bin/tests/system/kasp/tests.sh

@@ -393,6 +393,16 @@ check_apex
 check_subdomain
 dnssec_verify
 
+#
+# A zone with special characters.
+#
+set_zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."
+set_policy "default" "1" "3600"
+set_server "ns3" "10.53.0.3"
+# It is non-trivial to adapt the tests to deal with all possible different
+# escaping characters, so we will just try to verify the zone.
+dnssec_verify
+
 #
 # Zone: dynamic.kasp
 #