Remove DLV remnants

DLV is long gone, so we can remove design documentation around DLV,
related command line options (that were already a hard failure),
and some DLV related test remnants.

bin/delv/delv.c

@@ -228,7 +228,6 @@ usage(void) {
 		"                 +[no]crypto         (Control display of "
 		"cryptographic\n"
 		"                                      fields in records)\n"
-		"                 +[no]dlv            (Obsolete)\n"
 		"                 +[no]dnssec         (Display DNSSEC "
 		"records)\n"
 		"                 +[no]mtrace         (Trace messages "
@@ -1125,14 +1124,6 @@ plus_option(char *option) {
 		break;
 	case 'd':
 		switch (cmd[1]) {
-		case 'l': /* dlv */
-			FULLCHECK("dlv");
-			if (state) {
-				fprintf(stderr, "Invalid option: "
-						"+dlv is obsolete\n");
-				exit(EXIT_FAILURE);
-			}
-			break;
 		case 'n': /* dnssec */
 			FULLCHECK("dnssec");
 			showdnssec = state;

bin/dnssec/dnssec-dsfromkey.c

@@ -381,7 +381,7 @@ main(int argc, char **argv) {
 
 	isc_commandline_errprint = false;
 
-#define OPTIONS "12Aa:Cc:d:Ff:K:l:sT:v:whV"
+#define OPTIONS "12Aa:Cc:d:Ff:K:sT:v:whV"
 	while ((ch = isc_commandline_parse(argc, argv, OPTIONS)) != -1) {
 		switch (ch) {
 		case '1':
@@ -417,9 +417,6 @@ main(int argc, char **argv) {
 		case 'f':
 			filename = isc_commandline_argument;
 			break;
-		case 'l':
-			fatal("-l option (DLV lookaside) is obsolete");
-			break;
 		case 's':
 			usekeyset = true;
 			break;

bin/dnssec/dnssec-signzone.c

@@ -3372,9 +3372,12 @@ main(int argc, char *argv[]) {
 	atomic_init(&shuttingdown, false);
 	atomic_init(&finished, false);
 
-	/* Unused letters: Bb G J q Yy (and F is reserved). */
-#define CMDLINE_FLAGS                                                          \
-	"3:AaCc:Dd:E:e:f:FgG:hH:i:I:j:J:K:k:L:l:m:M:n:N:o:O:PpQqRr:s:ST:tuUv:" \
+	/*
+	 * Unused letters: Bb G J l q Yy (and F is reserved).
+	 * l was previously used for DLV lookaside.
+	 */
+#define CMDLINE_FLAGS                                                        \
+	"3:AaCc:Dd:E:e:f:FgG:hH:i:I:j:J:K:k:L:m:M:n:N:o:O:PpQqRr:s:ST:tuUv:" \
 	"VX:xzZ:"
 
 	/*
@@ -3548,10 +3551,6 @@ main(int argc, char *argv[]) {
 			}
 			break;
 
-		case 'l':
-			fatal("-l option (DLV lookaside) is obsolete");
-			break;
-
 		case 'M':
 			endp = NULL;
 			set_maxttl = true;

doc/design/unsupported-algorithms-in-bind9

@@ -62,8 +62,7 @@ BIND 9 also does not allow unsupported algorithms to be used with `auto-dnssec`:
 A validator has more possible interactions with unsupported algorithms:
 
   * a key using one of these algorithms may be configured as a trust anchor,
-  * a DLV record for such a key may be placed in a DLV zone.
-  * upstream answers may contain signatures using such algorithms,
+  * upstream answers may contain signatures using such algorithms.
 
 ### Disabled algorithms
 
@@ -99,38 +98,6 @@ This behavior has changed to be more consistent with unsupported algorithms:
 BIND 9 will ignore such trust anchors, and responses for those domains will
 now be treated as insecure.
 
-### DLV
-
-If a DLV record in a DLV zone points to a DNSKEY using an unsupported algorithm
-or an algorithm which has been disabled for the relevant part of the tree using
-a `disable-algorithms` clause in `named.conf`, the corresponding zone will be
-treated as insecure.
-
-However, if the trust anchor specified for the DLV zone itself uses an
-unsupported or disabled algorithm, no DLV record in that DLV zone can be
-treated as secure and thus attempts to resolve names in the domains pointed to
-by the records in that DLV zone will yield SERVFAIL responses.  Consider the
-following example:
-
-    trust-anchors {
-        "dlv.example." static-key 257 3 1 ...;
-    };
-
-    options {
-        ...
-        dnssec-lookaside "foo." trust-anchor "dlv.example";
-    };
-
-The example above specifies a DLV trust anchor using the RSAMD5 algorithm
-(algorithm number 1), which effectively prevents resolution of data in any zone
-at and below `foo.` that is listed in `dlv.example` (and does not have a valid,
-non-DLV chain of trust established otherwise).  This outcome is different than
-for a trust anchor which uses an unsupported or disabled algorithm and is not
-associated with a `dnssec-lookaside` clause; the reason for this is that in the
-case of a DLV-referenced, unusable key, the trust point is still defined, but
-has no keys associated with it, whereas non-DLV-referenced, unusable keys are
-ignored altogether and do not cause an associated trust point to be defined.
-
 ### Algorithm rollover
 
 A zone for which BIND 9 has a trust anchor configured may decide to do an