From 05472e63e8930753d7fa8d3bbf840be2085a2f23 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 30 Nov 2023 16:46:50 +1100
Subject: [PATCH] Don't do DS checks over disabled address families

---
 lib/dns/zone.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 6dc10045b9..3c2b2011dc 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -6020,6 +6020,8 @@ dns_zone_setparentals(dns_zone_t *zone, isc_sockaddr_t *addresses,
 		goto unlock;
 	}
 
+	report_no_active_addresses(zone, addresses, count, "parental-agents");
+
 	/*
 	 * Now set up the parentals and parental key lists.
 	 */
@@ -21015,7 +21017,14 @@ checkds_find_address(dns_checkds_t *checkds) {
 	dns_adb_t *adb = NULL;
 
 	REQUIRE(DNS_CHECKDS_VALID(checkds));
-	options = DNS_ADBFIND_WANTEVENT | DNS_ADBFIND_INET | DNS_ADBFIND_INET6;
+
+	options = DNS_ADBFIND_WANTEVENT;
+	if (isc_net_probeipv4() != ISC_R_DISABLED) {
+		options |= DNS_ADBFIND_INET;
+	}
+	if (isc_net_probeipv6() != ISC_R_DISABLED) {
+		options |= DNS_ADBFIND_INET6;
+	}
 
 	dns_view_getadb(checkds->zone->view, &adb);
 	if (adb == NULL) {
@@ -21315,6 +21324,10 @@ checkds_send(dns_zone_t *zone) {
 		src = dns_remote_sourceaddr(&zone->parentals);
 		INSIST(isc_sockaddr_pf(&src) == isc_sockaddr_pf(&dst));
 
+		if (isc_sockaddr_disabled(&dst)) {
+			goto next;
+		}
+
 		/* TODO: glue the transport to the checkds request */
 
 		if (checkds_isqueued(zone, NULL, &dst, key, transport)) {