From d76f90f1711e55d23ee6c8c0957fa3db17927327 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 5 Jan 2016 14:19:05 +0100
Subject: resolved: also skip built-in trust anchor addition of there's a
 DNSKEY RR for the root domain defined

We already skip this when the trust anchor files define a DS RR for the
root domain, now also skip it if there's a DNSKEY RR.
---
 src/resolve/resolved-dns-trust-anchor.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c
index 432a8a6455..53b49b091a 100644
--- a/src/resolve/resolved-dns-trust-anchor.c
+++ b/src/resolve/resolved-dns-trust-anchor.c
@@ -56,6 +56,9 @@ static int dns_trust_anchor_add_builtin(DnsTrustAnchor *d) {
         if (hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DS, ".")))
                 return 0;
 
+        if (hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DNSKEY, ".")))
+                return 0;
+
         /* Add the RR from https://data.iana.org/root-anchors/root-anchors.xml */
         rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, "");
         if (!rr)
-- 
cgit v1.2.3-54-g00ecf