From: Kees Monshouwer <mind04@monshouwer.org>
Date: Wed, 13 Nov 2013 22:26:06 +0000 (+0100)
Subject: pdnssec check-zone, fix DNSKEY checks
X-Git-Tag: auth-3.3.1~34^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52058922e527e0fc293e092041ba6883cbaed684;p=thirdparty%2Fpdns.git

pdnssec check-zone, fix DNSKEY checks
---

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index 64719d4bdd..c3c0e3bd20 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -470,24 +470,21 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
       continue;
     }
 
-    if(rr.qtype.getCode() == QType::DNSKEY)
+    if(!presigned && rr.qtype.getCode() == QType::DNSKEY)
     {
-      if(presigned)
+      if(::arg().mustDo("experimental-direct-dnskey"))
       {
-        if(::arg().mustDo("experimental-direct-dnskey"))
+        if(rr.ttl != sd.default_ttl)
         {
-          if(rr.ttl != sd.default_ttl)
-          {
-            cout<<"[Warning] DNSKEY TTL of "<<rr.ttl<<" at '"<<rr.qname<<"' differs from SOA minimum of "<<sd.default_ttl<<endl;
-            numwarnings++;
-          }
-        }
-        else
-        {
-          cout<<"[Warning] DNSKEY at '"<<rr.qname<<"' in non-presigned zone will mostly be ignored and can cause problems."<<endl;
+          cout<<"[Warning] DNSKEY TTL of "<<rr.ttl<<" at '"<<rr.qname<<"' differs from SOA minimum of "<<sd.default_ttl<<endl;
           numwarnings++;
         }
       }
+      else
+      {
+        cout<<"[Warning] DNSKEY at '"<<rr.qname<<"' in non-presigned zone will mostly be ignored and can cause problems."<<endl;
+        numwarnings++;
+      }
     }
 
     if(rr.qtype.getCode() == QType::URL || rr.qtype.getCode() == QType::MBOXFW) {