From 88f696de933f88a1100f40a565efea7394455758 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 15 Sep 2023 14:27:31 +1000
Subject: [PATCH] Check RRSIG covered type in negative cache entry

The covered type previously displayed as TYPE0 when it should
have reflected the records that was actually covered.

(cherry picked from commit 8ce359652a3e0c873520b319e9ee4d17e048d75c)
---
 bin/tests/system/dnssec/tests.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 72c116fbc7..fe4fc32ed5 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -377,6 +377,14 @@ if [ -x "${DELV}" ] ; then
    status=$((status+ret))
 fi
 
+echo_i "checking RRSIG covered type in negative cache entry ($n)"
+ret=0
+rndc_dumpdb ns4
+grep -F '; example. RRSIG NSEC ...' ns4/named_dump.db.test$n > /dev/null || ret=1
+n=$((n+1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
 echo_i "checking negative validation NXDOMAIN NSEC3 ($n)"
 ret=0
 dig_with_opts +noauth q.nsec3.example. \