From c2ab7033c4b3a7ddfa73b8de117dea409004c551 Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Wed, 5 Dec 2012 15:51:42 +0100
Subject: [PATCH] Be more carefull when adding to the NSEC type list

---
 zone.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/zone.go b/zone.go
index a7316adc..b6d49bf7 100644
--- a/zone.go
+++ b/zone.go
@@ -496,13 +496,24 @@ func (node *ZoneData) Sign(next *ZoneData, keys map[*RR_DNSKEY]PrivateKey, keyta
 	node.Lock()
 	defer node.Unlock()
 
-	// NSEC checks: is it already there, check consitency or add a new one.
 	bitmap := make([]uint16, 0)
+	r := false
+	n := false
 	for t, _ := range node.RR {
+		if t == TypeRRSIG {
+			r = true
+		}
+		if t == TypeNSEC {
+			n = true
+		}
 		bitmap = append(bitmap, t)
 	}
-	bitmap = append(bitmap, TypeRRSIG) // Add sig too
-	bitmap = append(bitmap, TypeNSEC)  // Add me too!
+	if r == false {
+		bitmap = append(bitmap, TypeRRSIG) // Add sig too
+	}
+	if n == false {
+		bitmap = append(bitmap, TypeNSEC) // Add me too!
+	}
 	sort.Sort(uint16Slice(bitmap))
 
 	if v, ok := node.RR[TypeNSEC]; ok {