From 79282be643a6d1e1e82f908d81a188142efb353a Mon Sep 17 00:00:00 2001
From: Shreyas Zare <shreyas@technitium.com>
Date: Sun, 27 Feb 2022 19:57:39 +0530
Subject: [PATCH] AuthZoneManager: updated LoadTrustAnchorsTo() to skip revoked
 dns keys.

---
 DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs b/DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs
index a081bf27..41c9e18b 100644
--- a/DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs
+++ b/DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs
@@ -1897,7 +1897,7 @@ namespace DnsServerCore.Dns.ZoneManagers
                 {
                     DnsDNSKEYRecord dnsKey = dnsKeyRecord.RDATA as DnsDNSKEYRecord;
 
-                    if (dnsKey.Flags.HasFlag(DnsDnsKeyFlag.SecureEntryPoint))
+                    if (dnsKey.Flags.HasFlag(DnsDnsKeyFlag.SecureEntryPoint) && !dnsKey.Flags.HasFlag(DnsDnsKeyFlag.Revoke))
                     {
                         DnsDSRecord dsRecord = dnsKey.CreateDS(dnsKeyRecord.Name, DnssecDigestType.SHA256);
                         dnsClient.AddTrustAnchor(zoneInfo.Name, dsRecord);