Don't do DS checks over disabled address families

(cherry picked from commit 05472e63e8930753d7fa8d3bbf840be2085a2f23)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 6419bd410ac91a03fd3e95180d23478741f8770f..cf714779643f973ff31fe76c25cf06cc36bca6f9 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -6392,6 +6392,8 @@ dns_zone_setparentals(dns_zone_t *zone, const isc_sockaddr_t *parentals,
                goto unlock;
        }
 
+       report_no_active_addresses(zone, parentals, count, "parental-agents");
+
        /*
         * Now set up the parentals and parental key lists
         */
@@ -21800,6 +21802,16 @@ checkds_send(dns_zone_t *zone) {
 
                dst = zone->parentals[i];
 
+               if (isc_sockaddr_disabled(&dst)) {
+                       if (key != NULL) {
+                               dns_tsigkey_detach(&key);
+                       }
+                       if (transport != NULL) {
+                               dns_transport_detach(&transport);
+                       }
+                       continue;
+               }
+
                /* TODO: glue the transport to the checkds request */
 
                if (checkds_isqueued(zone, &dst, key, transport)) {
@@ -21827,6 +21839,12 @@ checkds_send(dns_zone_t *zone) {
                                     "checkds: create DS query for "
                                     "parent %d failed",
                                     i);
+                       if (key != NULL) {
+                               dns_tsigkey_detach(&key);
+                       }
+                       if (transport != NULL) {
+                               dns_transport_detach(&transport);
+                       }
                        continue;
                }
                zone_iattach(zone, &checkds->zone);