diff options
author | Casey Deccio <casey@deccio.net> | 2015-08-10 20:21:36 +0300 |
---|---|---|
committer | Casey Deccio <casey@deccio.net> | 2015-08-10 20:21:36 +0300 |
commit | e12e74ffd0bacc854a2ea4f283427ffd73dd095b (patch) | |
tree | 6eb09a5c142919130b96afbfe75c74511cc36087 | |
parent | f26364acb8865096b145de725fba27d6f1ead212 (diff) |
Consider whether the DNSKEY is a trust anchorv0.4.0-beta
-rw-r--r-- | dnsviz/analysis/offline.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/dnsviz/analysis/offline.py b/dnsviz/analysis/offline.py index 515e05d..ad47e3d 100644 --- a/dnsviz/analysis/offline.py +++ b/dnsviz/analysis/offline.py @@ -1427,9 +1427,9 @@ class OfflineDomainNameAnalysis(OnlineDomainNameAnalysis): if servers_clients_without: err = Errors.DNSKEYMissingFromServers() # if the key is shown to be signing anything other than the - # DNSKEY RRset, then mark it as an error; otherwise, mark it as - # a warning - if dnskey in self.zsks or dnskey in self.dnskey_with_ds: + # DNSKEY RRset, or if it associated with a DS or trust anchor, + # then mark it as an error; otherwise, mark it as a warning. + if dnskey in self.zsks or dnskey in self.dnskey_with_ds or dnskey in trusted_keys_existing: dnskey.errors.append(err) else: dnskey.warnings.append(err) |