From 714a6c424241546209a0cd137876f1d7c2944869 Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Tue, 6 Feb 2024 05:46:31 +0000
Subject: [PATCH] Correct proof validation for records at a zone root

---
 src/validation.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/validation.rs b/src/validation.rs
index 5ce7530..30a541a 100644
--- a/src/validation.rs
+++ b/src/validation.rs
@@ -293,7 +293,7 @@ pub fn verify_rr_stream<'a>(inp: &'a [RR]) -> Result<VerifiedRRStream<'a>, Valid
 				min_ttl = cmp::min(min_ttl, rrsig.orig_ttl);
 				for rrsig in inp.iter()
 					.filter_map(|rr| if let RR::RRSig(sig) = rr { Some(sig) } else { None })
-					.filter(move |rrsig| rrsig.key_name.as_str() == zone && rrsig.name.as_str() != zone)
+					.filter(move |rrsig| rrsig.key_name.as_str() == zone && rrsig.ty != DnsKey::TYPE)
 				{
 					if !rrsig.name.ends_with(zone) { return Err(ValidationError::Invalid); }
 					let signed_records = inp.iter()
-- 
2.39.5