From fbbb988fac34fd86dab372c11a21a4ec2bf04deb Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Sun, 2 Jan 2022 17:20:39 +0000
Subject: [PATCH] wipwip

---
 pkg/dnssec/integration_test.go | 44 ++++++++++++++++++----------------
 pkg/dnssec/signedzone.go       |  3 +++
 2 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/pkg/dnssec/integration_test.go b/pkg/dnssec/integration_test.go
index b4718321..39cc292b 100644
--- a/pkg/dnssec/integration_test.go
+++ b/pkg/dnssec/integration_test.go
@@ -1,6 +1,3 @@
-//go:build integration
-// +build integration
-
 package dnssec
 
 import (
@@ -63,27 +60,32 @@ func Test_validator_fetchAndValidateZone(t *testing.T) {
 		errWrapped error
 		errMessage string
 	}{
-		"valid DNSSEC": {
-			zone:     "qqq.ninja.",
+		// "valid DNSSEC": {
+		// 	zone:     "qqq.ninja.",
+		// 	dnsType:  dns.TypeA,
+		// 	rrset:    getRRSetWithoutValidation(t, "qqq.ninja.", dns.TypeA, dns.ClassINET),
+		// 	exchange: testExchange(),
+		// },
+		"www.iana.org.": {
+			zone:     "vip.icann.org.",
 			dnsType:  dns.TypeA,
-			rrset:    getRRSetWithoutValidation(t, "qqq.ninja.", dns.TypeA, dns.ClassINET),
 			exchange: testExchange(),
 		},
-		"no DNSSEC": {
-			zone:     "github.com.",
-			dnsType:  dns.TypeA,
-			rrset:    getRRSetWithoutValidation(t, "github.com.", dns.TypeA, dns.ClassINET),
-			exchange: testExchange(),
-		},
-		"bad DNSSEC already failed by upstream": {
-			zone:       "dnssec-failed.org.",
-			dnsType:    dns.TypeA,
-			exchange:   testExchange(),
-			errWrapped: ErrValidationFailedUpstream,
-			errMessage: "cannot fetch desired RRSet and RRSig: " +
-				"for dnssec-failed.org. IN A: " +
-				"DNSSEC validation might had failed upstream",
-		},
+		// "no DNSSEC": {
+		// 	zone:     "github.com.",
+		// 	dnsType:  dns.TypeA,
+		// 	rrset:    getRRSetWithoutValidation(t, "github.com.", dns.TypeA, dns.ClassINET),
+		// 	exchange: testExchange(),
+		// },
+		// "bad DNSSEC already failed by upstream": {
+		// 	zone:       "dnssec-failed.org.",
+		// 	dnsType:    dns.TypeA,
+		// 	exchange:   testExchange(),
+		// 	errWrapped: ErrValidationFailedUpstream,
+		// 	errMessage: "cannot fetch desired RRSet and RRSig: " +
+		// 		"for dnssec-failed.org. IN A: " +
+		// 		"DNSSEC validation might had failed upstream",
+		// },
 	}
 	for name, testCase := range testCases {
 		testCase := testCase
diff --git a/pkg/dnssec/signedzone.go b/pkg/dnssec/signedzone.go
index 1f1721ac..e0852bbe 100644
--- a/pkg/dnssec/signedzone.go
+++ b/pkg/dnssec/signedzone.go
@@ -19,6 +19,9 @@ type signedZone struct {
 func dnsKeyRRSetToMap(rrset []dns.RR) (keyTagToDNSKey map[uint16]*dns.DNSKEY) {
 	keyTagToDNSKey = make(map[uint16]*dns.DNSKEY, len(rrset))
 	for _, rr := range rrset {
+		if rr.Header().Rrtype != dns.TypeDNSKEY {
+			continue
+		}
 		dnsKey := rr.(*dns.DNSKEY)
 		keyTagToDNSKey[dnsKey.KeyTag()] = dnsKey
 	}