From: Mark Andrews <marka@isc.org>
Date: Fri, 9 Aug 2019 06:26:32 +0000 (+1000)
Subject: add dns_zone_cdscheck to integrity checks
X-Git-Tag: v9.15.4~27^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd40c9fe611ac39977ff837e6ba4b6df4b055833;p=thirdparty%2Fbind9.git

add dns_zone_cdscheck to integrity checks
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 15f8e654158..f52acb8c52e 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -4732,6 +4732,16 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
 			goto cleanup;
 		}
 
+		if (zone->type == dns_zone_master) {
+			result = dns_zone_cdscheck(zone, db, NULL);
+			if (result != ISC_R_SUCCESS) {
+				dns_zone_log(zone, ISC_LOG_ERROR,
+					     "CDS/CDNSKEY consistency checks "
+					     "failed");
+				goto cleanup;
+			}
+		}
+
 		result = dns_zone_verifydb(zone, db, NULL);
 		if (result != ISC_R_SUCCESS) {
 			goto cleanup;