diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c
index 7ab2b51002..86f46b7092 100644
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -1605,9 +1605,9 @@ check_dnskey(vctx_t *vctx) {
 		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		is_ksk = ((dnskey.flags & DNS_KEYFLAG_KSK) != 0);
 
-		if ((dnskey.flags & DNS_KEYOWNER_ZONE) == 0) {
-			/* Non zone key, skip. */
-		} else if ((dnskey.flags & DNS_KEYFLAG_REVOKE) != 0) {
+		if ((dnskey.flags & DNS_KEYOWNER_ZONE) != 0 &&
+		    (dnskey.flags & DNS_KEYFLAG_REVOKE) != 0)
+		{
 			if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
 			    !dns_dnssec_selfsigns(&rdata, vctx->origin,
 						  &vctx->keyset, &vctx->keysigs,