From 91079ab9347b7326a11c4011ce7c6cf8cf8b1491 Mon Sep 17 00:00:00 2001
From: mailinabox-contributor
 <90476861+mailinabox-contributor@users.noreply.github.com>
Date: Fri, 10 Sep 2021 15:12:41 -0500
Subject: [PATCH] add numeric flag value to DNSSEC DS status message (#2033)

Some registrars (e.g. Porkbun) accept Key Data when creating a DS RR,
but accept only a numeric flags value to indicate the key type (256 for KSK, 257 for ZSK).

https://datatracker.ietf.org/doc/html/rfc5910#section-4.3
---
 management/status_checks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/management/status_checks.py b/management/status_checks.py
index e2d4b1a7..1e7223a5 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -646,7 +646,7 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False):
 		output.print_line("Option " + str(i+1) + ":")
 		output.print_line("----------")
 		output.print_line("Key Tag: " + ds_suggestion['keytag'])
-		output.print_line("Key Flags: KSK")
+		output.print_line("Key Flags: KSK (256)")
 		output.print_line("Algorithm: %s / %s" % (ds_suggestion['alg'], ds_suggestion['alg_name']))
 		output.print_line("Digest Type: %s / %s" % (ds_suggestion['digalg'], ds_suggestion['digalg_name']))
 		output.print_line("Digest: " + ds_suggestion['digest'])