[master] clarify dnssec-checkds output

3426. [bug] dnssec-checkds: Clearer output when records are not found. [RT #31968]
2025-09-01 06:55:30 +00:00 · 2012-11-27 14:52:36 -08:00
parent 2e22f903da
commit 4d077be135
2 changed files with 23 additions and 4 deletions
--- a/bin/python/dnssec-checkds.py.in
+++ b/bin/python/dnssec-checkds.py.in
@@ -169,6 +169,10 @@ def checkds(zone, masterfile = None):

    fp.close()

+    if (len(dsklist) < 1):
+        print ("No DNSKEY records found in zone apex")
+        return False
+
    found = False
    for ds in dsklist:
        if ds in dslist:
@@ -177,8 +181,12 @@ def checkds(zone, masterfile = None):
                    ds.keyid, DSRR.hashalgs[ds.hashalg]))
            found = True
        else:
-            print ("No DS records found for KSK %s/%03d/%05d" %
-                   (ds.rrname, ds.keyalg, ds.keyid))
+            print ("DS for KSK %s/%03d/%05d (%s) missing from parent" %
+                   (ds.rrname.strip('.'), ds.keyalg,
+                    ds.keyid, DSRR.hashalgs[ds.hashalg]))
+
+    if not found:
+        print ("No DS records were found for any DNSKEY")

    return found

@@ -217,6 +225,10 @@ def checkdlv(zone, lookaside, masterfile = None):

    fp.close()

+    if (len(dlvklist) < 1):
+        print ("No DNSKEY records found in zone apex")
+        return False
+
    found = False
    for dlv in dlvklist:
        if dlv in dlvlist:
@@ -225,8 +237,12 @@ def checkdlv(zone, lookaside, masterfile = None):
                    DLVRR.hashalgs[dlv.hashalg], dlv.dlvname))
            found = True
        else:
-            print ("No DLV records found for KSK %s/%03d/%05d in %s" %
-                   (dlv.parent, dlv.keyalg, dlv.keyid, dlv.dlvname))
+            print ("DLV for KSK %s/%03d/%05d (%s) missing from %s" %
+                   (dlv.parent, dlv.keyalg, dlv.keyid, 
+                    DLVRR.hashalgs[dlv.hashalg], dlv.dlvname))
+
+    if not found:
+        print ("No DLV records were found for any DNSKEY")

    return found