From 0d829ebc6970813329f0a9728df307ab5b35f2be Mon Sep 17 00:00:00 2001
From: Giovanni Bajo <rasky@develer.com>
Date: Wed, 25 Apr 2012 18:17:50 +0200
Subject: [PATCH] Skip non-signing keys

---
 src/dnssec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/dnssec.c b/src/dnssec.c
index cc12dc9..6b73e3e 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -299,6 +299,9 @@ int dnssec_parsekey(struct dns_header *header, size_t pktlen, char *owner, unsig
 
   if (proto != 3)
     return 0;
+  /* Skip non-signing keys (as specified in RFC4034 */
+  if (!(flags & 0x100))
+    return 0;
 
   switch (alg)
     {