1 files changed, 23 insertions, 5 deletions

diff --git a/bin/python/dnssec-checkds.py.in b/bin/python/dnssec-checkds.py.in
index 9f662f5b..ffb2f980 100644
--- a/bin/python/dnssec-checkds.py.in
+++ b/bin/python/dnssec-checkds.py.in
@@ -1,6 +1,6 @@
 #!@PYTHON@
 ############################################################################
-# Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -15,6 +15,8 @@
 # PERFORMANCE OF THIS SOFTWARE.
 ############################################################################
 
+# $Id$
+
 import argparse
 import pprint
 import os
@@ -169,6 +171,10 @@ def checkds(zone, masterfile = None):
 
     fp.close()
 
+    if (len(dsklist) < 1):
+        print ("No DNSKEY records found in zone apex")
+        return False
+
     found = False
     for ds in dsklist:
         if ds in dslist:
@@ -177,8 +183,12 @@ def checkds(zone, masterfile = None):
                     ds.keyid, DSRR.hashalgs[ds.hashalg]))
             found = True
         else:
-            print ("No DS records found for KSK %s/%03d/%05d" %
-                   (ds.rrname, ds.keyalg, ds.keyid))
+            print ("DS for KSK %s/%03d/%05d (%s) missing from parent" %
+                   (ds.rrname.strip('.'), ds.keyalg,
+                    ds.keyid, DSRR.hashalgs[ds.hashalg]))
+
+    if not found:
+        print ("No DS records were found for any DNSKEY")
 
     return found
 
@@ -217,6 +227,10 @@ def checkdlv(zone, lookaside, masterfile = None):
 
     fp.close()
 
+    if (len(dlvklist) < 1):
+        print ("No DNSKEY records found in zone apex")
+        return False
+
     found = False
     for dlv in dlvklist:
         if dlv in dlvlist:
@@ -225,8 +239,12 @@ def checkdlv(zone, lookaside, masterfile = None):
                     DLVRR.hashalgs[dlv.hashalg], dlv.dlvname))
             found = True
         else:
-            print ("No DLV records found for KSK %s/%03d/%05d in %s" %
-                   (dlv.parent, dlv.keyalg, dlv.keyid, dlv.dlvname))
+            print ("DLV for KSK %s/%03d/%05d (%s) missing from %s" %
+                   (dlv.parent, dlv.keyalg, dlv.keyid, 
+                    DLVRR.hashalgs[dlv.hashalg], dlv.dlvname))
+
+    if not found:
+        print ("No DLV records were found for any DNSKEY")
 
     return found