lib/zonecut: fetch root DNSKEY from cache correctly

previously it was always overwritten with SBELT for root + root TA
doesn't have to be in cache (it's in trust store)

diff --git a/lib/zonecut.c b/lib/zonecut.c
index b149459b8412c7dc37054497760a106488500927..1bd0e1a599a0881e7e29a05c1d88260e53a4f2b0 100644 (file)
--- a/lib/zonecut.c
+++ b/lib/zonecut.c
@@ -396,11 +396,11 @@ int kr_zonecut_find_cached(struct kr_context *ctx, struct kr_zonecut *cut, const
 
        /* Start at QNAME parent. */
        while (txn && name) {
-               bool has_ta = !secured || fetch_ta(cut, name, txn, timestamp) == 0;
-               if (secured) {
-                       fetch_dnskey(cut, name, txn, timestamp);
-               }
+               bool has_ta = !secured || !name[0] || fetch_ta(cut, name, txn, timestamp) == 0;
                if (has_ta && fetch_ns(ctx, cut, name, txn, timestamp) == 0) {
+                       if (secured) {
+                               fetch_dnskey(cut, name, txn, timestamp);
+                       }
                        update_cut_name(cut, name);
                        return kr_ok();
                }