From 4eb6eca9f052f02abb3e5a3f39365a89f5b87fca Mon Sep 17 00:00:00 2001
From: Ville Vesilehto <ville@vesilehto.fi>
Date: Sat, 4 Apr 2026 20:40:47 +0300
Subject: [PATCH] fix(dnssec): return nil from ParseKeyFile on error (#8000)

---
 plugin/dnssec/dnskey.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugin/dnssec/dnskey.go b/plugin/dnssec/dnskey.go
index cfe59845a..ec1cf4e9d 100644
--- a/plugin/dnssec/dnskey.go
+++ b/plugin/dnssec/dnskey.go
@@ -71,7 +71,7 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) {
 	if s, ok := p.(ed25519.PrivateKey); ok {
 		return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: s, tag: dk.KeyTag()}, nil
 	}
-	return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: nil, tag: 0}, errors.New("no private key found")
+	return nil, errors.New("no private key found")
 }
 
 // ParseKeyFromAWSSecretsManager retrieves and parses a DNSSEC key pair from AWS Secrets Manager.