plugin/dnssec: Drop inserting DS records on delegation (#1266)

See #1211 for disuccsion; current code is probably the wrong thing to
do; rethink if we need/want this. Comment out the code for now.

plugin/dnssec/dnssec.go

@@ -46,16 +46,21 @@ func (d Dnssec) Sign(state request.Request, zone string, now time.Time) *dns.Msg
 
 	mt, _ := response.Typify(req, time.Now().UTC()) // TODO(miek): need opt record here?
 	if mt == response.Delegation {
-		ttl := req.Ns[0].Header().Ttl
-
-		ds := []dns.RR{}
-		for i := range d.keys {
-			ds = append(ds, d.keys[i].D)
-		}
-		if sigs, err := d.sign(ds, zone, ttl, incep, expir); err == nil {
-			req.Ns = append(req.Ns, ds...)
-			req.Ns = append(req.Ns, sigs...)
-		}
+		// This reverts 11203e44. Reverting with git revert leads to conflicts in dnskey.go, and I'm
+		// not sure yet if we just should fiddle with inserting DSs or not.
+		// Easy way to, see #1211 for discussion.
+		/*
+			ttl := req.Ns[0].Header().Ttl
+
+			ds := []dns.RR{}
+			for i := range d.keys {
+				ds = append(ds, d.keys[i].D)
+			}
+			if sigs, err := d.sign(ds, zone, ttl, incep, expir); err == nil {
+				req.Ns = append(req.Ns, ds...)
+				req.Ns = append(req.Ns, sigs...)
+			}
+		*/
 		return req
 	}
 

plugin/dnssec/dnssec_test.go

@@ -95,7 +95,8 @@ func TestSigningCname(t *testing.T) {
 	}
 }
 
-func TestZoneSigningDelegation(t *testing.T) {
+// Disabled for now, see #1211.
+func testZoneSigningDelegation(t *testing.T) {
 	d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
 	defer rm1()
 	defer rm2()