fix(dnssec): return nil sigs on sign error (#7999)

2026-04-05 19:55:32 -04:00 · 2026-04-04 20:40:29 +03:00
parent ce9da6fa41
commit cb40d84c85
2 changed files with 54 additions and 2 deletions
--- a/plugin/dnssec/dnssec.go
+++ b/plugin/dnssec/dnssec.go
@@ -139,7 +139,7 @@ func (d Dnssec) sign(rrs []dns.RR, signerName string, ttl, incep, expir uint32,
 			}
 			sig := k.newRRSIG(signerName, ttl, incep, expir)
 			if e := sig.Sign(k.s, rrs); e != nil {
-				return sigs, e
+				return nil, e
 			}
 			sigs = append(sigs, sig)
 		}
@@ -148,7 +148,10 @@ func (d Dnssec) sign(rrs []dns.RR, signerName string, ttl, incep, expir uint32,
 		}
 		return sigs, nil
 	})
-	return sigs.([]dns.RR), err
+	if err != nil {
+		return nil, err
+	}
+	return sigs.([]dns.RR), nil
 }

 func (d Dnssec) set(key uint64, sigs []dns.RR) { d.cache.Add(key, sigs) }