func sectionCheck(set []dns.RR, server string, tcp bool) { var key *dns.DNSKEY for _, rr := range set { if rr.Header().Rrtype == dns.TypeRRSIG { rrset := getRRset(set, rr.Header().Name, rr.(*dns.RRSIG).TypeCovered) if dnskey == nil { key = getKey(rr.(*dns.RRSIG).SignerName, rr.(*dns.RRSIG).KeyTag, server, tcp) } else { key = dnskey } if key == nil { fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RRSIG).SignerName, rr.(*dns.RRSIG).KeyTag) continue } where := "net" if dnskey != nil { where = "disk" } if err := rr.(*dns.RRSIG).Verify(key, rrset); err != nil { fmt.Printf(";- Bogus signature, %s does not validate (DNSKEY %s/%d/%s) [%s]\n", shortSig(rr.(*dns.RRSIG)), key.Header().Name, key.KeyTag(), where, err.Error()) } else { fmt.Printf(";+ Secure signature, %s validates (DNSKEY %s/%d/%s)\n", shortSig(rr.(*dns.RRSIG)), key.Header().Name, key.KeyTag(), where) } } } }