add dns_zone_cdscheck to integrity checks

(cherry picked from commit cd40c9fe611ac39977ff837e6ba4b6df4b055833)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 03889cbde4b9fd61dca0c2a5318495e474535a1d..b799ede6db6cb94a2aad0fbb03becb41a9cdb35a 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -4767,6 +4767,16 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
                        goto cleanup;
                }
 
+               if (zone->type == dns_zone_master) {
+                       result = dns_zone_cdscheck(zone, db, NULL);
+                       if (result != ISC_R_SUCCESS) {
+                               dns_zone_log(zone, ISC_LOG_ERROR,
+                                            "CDS/CDNSKEY consistency checks "
+                                            "failed");
+                               goto cleanup;
+                       }
+               }
+
                result = dns_zone_verifydb(zone, db, NULL);
                if (result != ISC_R_SUCCESS) {
                        goto cleanup;