From 3366cebf7dd4c9ca96e34caf1ca9fc61984f5e60 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Sat, 16 May 2026 13:18:25 +0800
Subject: [PATCH] refactor: always probe DNSKEY regardless of parent DS
 presence

Move the "skip DNSKEY when no parent DS" decision out of Collect and
into the rules, so the prober stays a pure observer. The dnskeyQueryRule
and dnskeyMatchesDSRule already return StatusUnknown when no parent DS
is present.
---
 checker/collect.go | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/checker/collect.go b/checker/collect.go
index 0f6ad6d..b0b5fff 100644
--- a/checker/collect.go
+++ b/checker/collect.go
@@ -142,22 +142,12 @@ func (p *delegationProvider) Collect(ctx context.Context, opts sdk.CheckerOption
 				av.ChildGlueAddrs = addrsAt
 			}
 
-			// DNSKEY is only useful when there's a parent DS to match against.
-			parentHasDS := false
-			for _, pv := range data.ParentViews {
-				if len(pv.DS) > 0 {
-					parentHasDS = true
-					break
-				}
-			}
-			if parentHasDS {
-				keys, kerr := queryDNSKEY(ctx, srv, delegatedFQDN)
-				if kerr != nil {
-					av.DNSKEYError = kerr.Error()
-				} else {
-					for _, k := range keys {
-						av.DNSKEYs = append(av.DNSKEYs, NewDNSKEYRecord(k))
-					}
+			keys, kerr := queryDNSKEY(ctx, srv, delegatedFQDN)
+			if kerr != nil {
+				av.DNSKEYError = kerr.Error()
+			} else {
+				for _, k := range keys {
+					av.DNSKEYs = append(av.DNSKEYs, NewDNSKEYRecord(k))
 				}
 			}