Properly build the NSEC/NSEC3 type bit map

author Mark Andrews <marka@isc.org>

Tue, 9 Jan 2024 01:12:33 +0000 (12:12 +1100)

committer Mark Andrews <marka@isc.org>

Thu, 16 May 2024 01:53:39 +0000 (01:53 +0000)
author Mark Andrews <marka@isc.org>
Tue, 9 Jan 2024 01:12:33 +0000 (12:12 +1100)
committer Mark Andrews <marka@isc.org>
Thu, 16 May 2024 01:53:39 +0000 (01:53 +0000)
diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c

index b3ff4461b989fa2cef43dfbbce648a5539af0a56..8e706182661607c88a24198cbaf9011a52734d39 100644 (file)
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -939,7 +939,6 @@ verifynode(vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
                  * other than NSEC and DS is not signed at a delegation.
                  */
                 if (rdataset.type != dns_rdatatype_rrsig &&
-                   rdataset.type != dns_rdatatype_dnskey &&
                     (!delegation || rdataset.type == dns_rdatatype_ds ||
                      rdataset.type == dns_rdatatype_nsec))
                 {
@@ -954,9 +953,7 @@ verifynode(vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
                         if (rdataset.type > maxtype) {
                                 maxtype = rdataset.type;
                         }
-               } else if (rdataset.type != dns_rdatatype_rrsig &&
-                          rdataset.type != dns_rdatatype_dnskey)
-               {
+               } else if (rdataset.type != dns_rdatatype_rrsig) {
                         if (rdataset.type == dns_rdatatype_ns) {
                                 dns_nsec_setbit(types, rdataset.type, 1);
                                 if (rdataset.type > maxtype) {
author	Mark Andrews <marka@isc.org>
	Tue, 9 Jan 2024 01:12:33 +0000 (12:12 +1100)
committer	Mark Andrews <marka@isc.org>
	Thu, 16 May 2024 01:53:39 +0000 (01:53 +0000)