From 4d077be1351ea10db3bc7843865a5d1ba1e81d5b Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 27 Nov 2012 14:52:36 -0800
Subject: [PATCH] [master] clarify dnssec-checkds output

3426.	[bug]		dnssec-checkds: Clearer output when records are not
			found. [RT #31968]
---
 CHANGES                         |  3 +++
 bin/python/dnssec-checkds.py.in | 24 ++++++++++++++++++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2164138ad3..a580affe81 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3426.	[bug]		dnssec-checkds: Clearer output when records are not
+			found. [RT #31968]
+
 3425.	[bug]		"acacheentry" reference counting was broken resulting
 			in use after free. [RT #31908]
 
diff --git a/bin/python/dnssec-checkds.py.in b/bin/python/dnssec-checkds.py.in
index 9f662f5b29..ebdb885b38 100644
--- a/bin/python/dnssec-checkds.py.in
+++ b/bin/python/dnssec-checkds.py.in
@@ -169,6 +169,10 @@ def checkds(zone, masterfile = None):
 
     fp.close()
 
+    if (len(dsklist) < 1):
+        print ("No DNSKEY records found in zone apex")
+        return False
+
     found = False
     for ds in dsklist:
         if ds in dslist:
@@ -177,8 +181,12 @@ def checkds(zone, masterfile = None):
                     ds.keyid, DSRR.hashalgs[ds.hashalg]))
             found = True
         else:
-            print ("No DS records found for KSK %s/%03d/%05d" %
-                   (ds.rrname, ds.keyalg, ds.keyid))
+            print ("DS for KSK %s/%03d/%05d (%s) missing from parent" %
+                   (ds.rrname.strip('.'), ds.keyalg,
+                    ds.keyid, DSRR.hashalgs[ds.hashalg]))
+
+    if not found:
+        print ("No DS records were found for any DNSKEY")
 
     return found
 
@@ -217,6 +225,10 @@ def checkdlv(zone, lookaside, masterfile = None):
 
     fp.close()
 
+    if (len(dlvklist) < 1):
+        print ("No DNSKEY records found in zone apex")
+        return False
+
     found = False
     for dlv in dlvklist:
         if dlv in dlvlist:
@@ -225,8 +237,12 @@ def checkdlv(zone, lookaside, masterfile = None):
                     DLVRR.hashalgs[dlv.hashalg], dlv.dlvname))
             found = True
         else:
-            print ("No DLV records found for KSK %s/%03d/%05d in %s" %
-                   (dlv.parent, dlv.keyalg, dlv.keyid, dlv.dlvname))
+            print ("DLV for KSK %s/%03d/%05d (%s) missing from %s" %
+                   (dlv.parent, dlv.keyalg, dlv.keyid, 
+                    DLVRR.hashalgs[dlv.hashalg], dlv.dlvname))
+
+    if not found:
+        print ("No DLV records were found for any DNSKEY")
 
     return found