Add missing DNSSEC trace message

diff --git a/pdns/validate.cc b/pdns/validate.cc
index bb90f41dd193c4beeb07edecf79afa22342224f5..6795710450217d1b8b7d25808b04632c6543a495 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -390,8 +390,10 @@ vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, keyset_t &keyset)
               LOG("\t"<<r->getZoneRepresentation()<<endl);
               auto nsec = std::dynamic_pointer_cast<NSECRecordContent>(r);
               if(nsec) {
-                if(v.first.first == qname && !nsec->d_set.count(QType::DS))
+                if(v.first.first == qname && !nsec->d_set.count(QType::DS)) {
+                  LOG("Denies existence of DS!"<<endl);
                   return Insecure;
+                }
                 else if(v.first.first.canonCompare(qname) && qname.canonCompare(nsec->d_next) ) {
                   LOG("Did not find DS for this level, trying one lower"<<endl);
                   goto skipLevel;