Test that a signed zone include a DNSKEY for each algorithm present in the zone's DS RRset

[matsduf]

From RFC 6840:

  The DS RRset and DNSKEY RRset are used to signal which algorithms
  are used to sign a zone.  The presence of an algorithm in either a
  zone's DS or DNSKEY RRset signals that that algorithm is used to
  sign the entire zone.

  A signed zone MUST include a DNSKEY for each algorithm present in
  the zone's DS RRset and expected trust anchors for the zone.  The
  zone MUST also be signed with each algorithm (though not each key)
  present in the DNSKEY RRset.  It is possible to add algorithms at
  the DNSKEY that aren't in the DS record, but not vice versa.  If
  more than one key of the same algorithm is in the DNSKEY RRset, it
  is sufficient to sign each RRset with any subset of these DNSKEYs.
  It is acceptable to sign some RRsets with one subset of keys (or
  key) and other RRsets with a different subset, so long as at least
  one DNSKEY of each algorithm is used to sign each RRset.
  Likewise, if there are DS records for multiple keys of the same
  algorithm, any subset of those may appear in the DNSKEY RRset.

Create a new Test Case that requires that for each algorithm found in the DS RRset for the zone, there is also a DNSKEY with the same algorithm.

[pawal]

Also see #344

[matsduf]

Replaces #527

[sandoche2k]

@matsduf @pawal
As I understand: https://github.com/zonemaster/zonemaster/blob/master/docs/specifications/tests/DNSSEC-TP/dnssec02.md matches all DS RR algorithm with DNSKEY RR from the child

If we add the same to https://github.com/zonemaster/zonemaster/blob/master/docs/specifications/tests/DNSSEC-TP/dnssec07.md

then this issue could be resolved. Isn't it?

[matsduf]

PR #782 will solve this issue.

[matsduf]

Resolved by #782.