add dns_zone_cdscheck to integrity checks

author Mark Andrews <marka@isc.org>

Fri, 9 Aug 2019 06:26:32 +0000 (16:26 +1000)

committer Mark Andrews <marka@isc.org>

Wed, 28 Aug 2019 05:46:41 +0000 (15:46 +1000)
author Mark Andrews <marka@isc.org>
Fri, 9 Aug 2019 06:26:32 +0000 (16:26 +1000)
committer Mark Andrews <marka@isc.org>
Wed, 28 Aug 2019 05:46:41 +0000 (15:46 +1000)
diff --git a/lib/dns/zone.c b/lib/dns/zone.c

index 15f8e6541588c3693b9ae58a6bbced06c7b5da82..f52acb8c52e5ead2d0789e192bd2acf8c3d25c0d 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -4732,6 +4732,16 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
                         goto cleanup;
                 }
  
+               if (zone->type == dns_zone_master) {
+                       result = dns_zone_cdscheck(zone, db, NULL);
+                       if (result != ISC_R_SUCCESS) {
+                               dns_zone_log(zone, ISC_LOG_ERROR,
+                                            "CDS/CDNSKEY consistency checks "
+                                            "failed");
+                               goto cleanup;
+                       }
+               }
+
                 result = dns_zone_verifydb(zone, db, NULL);
                 if (result != ISC_R_SUCCESS) {
                         goto cleanup;
author	Mark Andrews <marka@isc.org>
	Fri, 9 Aug 2019 06:26:32 +0000 (16:26 +1000)
committer	Mark Andrews <marka@isc.org>
	Wed, 28 Aug 2019 05:46:41 +0000 (15:46 +1000)