From 0a0f82c8b3a81752e86daa3e7a821ee4c7facdde Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Wed, 13 Nov 2013 23:26:06 +0100
Subject: [PATCH] pdnssec check-zone, fix DNSKEY checks

---
 pdns/pdnssec.cc | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index 48c33c8942..e3fb8fca04 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -477,24 +477,21 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const std::string& zone)
       continue;
     }
 
-    if(rr.qtype.getCode() == QType::DNSKEY)
+    if(!presigned && rr.qtype.getCode() == QType::DNSKEY)
     {
-      if(presigned)
+      if(::arg().mustDo("experimental-direct-dnskey"))
       {
-        if(::arg().mustDo("experimental-direct-dnskey"))
+        if(rr.ttl != sd.default_ttl)
         {
-          if(rr.ttl != sd.default_ttl)
-          {
-            cout<<"[Warning] DNSKEY TTL of "<<rr.ttl<<" at '"<<rr.qname<<"' differs from SOA minimum of "<<sd.default_ttl<<endl;
-            numwarnings++;
-          }
-        }
-        else
-        {
-          cout<<"[Warning] DNSKEY at '"<<rr.qname<<"' in non-presigned zone will mostly be ignored and can cause problems."<<endl;
+          cout<<"[Warning] DNSKEY TTL of "<<rr.ttl<<" at '"<<rr.qname<<"' differs from SOA minimum of "<<sd.default_ttl<<endl;
           numwarnings++;
         }
       }
+      else
+      {
+        cout<<"[Warning] DNSKEY at '"<<rr.qname<<"' in non-presigned zone will mostly be ignored and can cause problems."<<endl;
+        numwarnings++;
+      }
     }
 
     if(rr.qtype.getCode() == QType::URL || rr.qtype.getCode() == QType::MBOXFW) {
-- 
2.47.2