From a4b6ff32e9255180e7357eca6ad299a5020efe45 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 29 Jun 2023 11:28:01 +0200
Subject: [PATCH] Update zonechecks system test

Change test configuration to make use of 'dnssec-policy' instead of
'auto-dnssec'.
---
 bin/tests/system/zonechecks/clean.sh          | 2 +-
 bin/tests/system/zonechecks/ns1/named.conf.in | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/bin/tests/system/zonechecks/clean.sh b/bin/tests/system/zonechecks/clean.sh
index ed4012a266..330b242b04 100644
--- a/bin/tests/system/zonechecks/clean.sh
+++ b/bin/tests/system/zonechecks/clean.sh
@@ -15,7 +15,7 @@ rm -f *.out
 rm -f */named.memstats
 rm -f */named.conf
 rm -f */named.run
-rm -f */*.db */*.db.signed */K*.key */K*.private */*.jnl */dsset-*
+rm -f */*.db */*.db.signed */K*.key */K*.private */K*.state */*.jnl */dsset-*
 rm -f */signer.err
 rm -f rndc.out.*
 rm -f ns*/named.lock
diff --git a/bin/tests/system/zonechecks/ns1/named.conf.in b/bin/tests/system/zonechecks/ns1/named.conf.in
index 03bc91838c..efb11b01d8 100644
--- a/bin/tests/system/zonechecks/ns1/named.conf.in
+++ b/bin/tests/system/zonechecks/ns1/named.conf.in
@@ -35,6 +35,13 @@ controls {
 	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
+dnssec-policy "zonechecks" {
+	keys {
+		ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+		zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+	};
+};
+
 view unused {
 	match-clients { none; };
 
@@ -52,7 +59,7 @@ view primary {
 		file "primary.db";
 		allow-update { any; };
 		allow-transfer { any; };
-		auto-dnssec maintain;
+		dnssec-policy zonechecks;
 	};
 
 	zone "bigserial.example" {