Server looks for cryptokeys when DNSSEC is disabled

[pckv]

Since my zones have no keys, dns-ui fails with the following exception:

[Mon Aug 13 11:10:29.531784 2018] [:error] [pid 1712] [client 192.168.1.105:41220] 1534151429: Pest_InvalidRecord: {"error": "No keys for zone 'example.org.'"} in /var/www/dns-ui/Pest.php:328

It seems somewhere in PowerDNS, the API started returning an error when no cryptokeys are found. In earlier versions of PowerDNS, an empty list was returned, which works fine with dns-ui.

This is the output when there are 0 cryptokeys:

curl -H 'X-API-Key: key' http://192.168.1.101:8081/api/v1/servers/localhost/zones/example.org/cryptokeys
{"error": "No keys for zone 'example.org.'"}

Whereas previously:

curl -H 'X-API-Key: key' http://192.168.1.101:8081/api/v1/servers/localhost/zones/example.org/cryptokeys
[]

I suggest not calling get_cryptokeys() when DNSSEC is disabled, or otherwise implementing an override setting for this. My current solution is to manually set the $cryptokeys variable in views/zone.php to an empty list.

[thomas-pike]

To me this feels like unexpected behaviour on the part of PowerDNS, but I think the only sensible way to handle it is for us to catch the Pest_InvalidRecord exception.