Add a check for the "doth" system test

Configure a zone transfer using XoT (with opportunistic TLS) from
a non-DoT port, which does not provide ALPN "dot" (in this case
it will try to connect to a DoH port). This is expected to fail,
but the client should handle the error gracefully and not to crash.

diff --git a/bin/tests/system/doth/ns2/named.conf.j2 b/bin/tests/system/doth/ns2/named.conf.j2
index 69bd7327f534fedb9e7e943341aa7c360c4fb602..bb9ee1820d09c78b0a9cc3cfb218edea77d8358c 100644 (file)
--- a/bin/tests/system/doth/ns2/named.conf.j2
+++ b/bin/tests/system/doth/ns2/named.conf.j2
@@ -86,6 +86,15 @@ zone "example3" {
        allow-transfer { any; };
 };
 
+# Trying a XoT transfer of a non-existing zone on an HTTPS port. The error should
+# be handled gracefully when the expected ALPN "dot" is not present, see GL#5957.
+tls tls-opportunistic { };
+zone "example-non-existing" {
+       type secondary;
+       primaries { 10.53.0.1 port @EXTRAPORT3@ tls tls-opportunistic; };
+       file "example-non-existing.db";
+};
+
 # As you can see, the "remote-hostname" is missing, but "ca-file" is
 # specified. As the result, the primaries server certificate will be
 # verified using the IP address instead of hostname. That is fine,