From 7236ea818ef206ee3774c9844d2891bf71d44ca0 Mon Sep 17 00:00:00 2001
From: Yannik Sembritzki <yannik@sembritzki.me>
Date: Thu, 23 Feb 2023 01:13:27 +0530
Subject: [PATCH] Verify that registrar and dns providers match if autodnssec
 is enabled (#2056) (#2090)

Co-authored-by: Yannik Sembritzki <yannik@sembritzki.org>
---
 pkg/normalize/validate.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 4aa151b9a..031631c81 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -550,6 +550,14 @@ func checkAutoDNSSEC(dc *models.DomainConfig) (errs []error) {
 	if dc.AutoDNSSEC != "" && dc.AutoDNSSEC != "on" && dc.AutoDNSSEC != "off" {
 		errs = append(errs, fmt.Errorf("domain %q AutoDNSSEC=%q is invalid (expecting \"\", \"off\", or \"on\")", dc.Name, dc.AutoDNSSEC))
 	}
+
+	if dc.AutoDNSSEC == "on" {
+		for providerName, _ := range dc.DNSProviderNames {
+			if dc.RegistrarName != providerName {
+				errs = append(errs, fmt.Errorf("AutoDNSSEC is enabled, but DNS provider %s does not match registrar %s", providerName, dc.RegistrarName))
+			}
+		}
+	}
 	return
 }