From cf8c243bd90ad19097b333618ce9a15dda3ca0fb Mon Sep 17 00:00:00 2001
From: SomberNight <somber.night@protonmail.com>
Date: Fri, 5 Dec 2025 16:35:35 +0000
Subject: [PATCH] dnssec: log warning if dependency is missing

Calling dnssec.query() with missing "cryptography" dep behaves the same as if DNSSEC validation failed: validated=False will be returned.
When used for openalias, we mandate validated=True.
---
 electrum/dnssec.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/electrum/dnssec.py b/electrum/dnssec.py
index c45c5050d..9a9d7337e 100644
--- a/electrum/dnssec.py
+++ b/electrum/dnssec.py
@@ -30,6 +30,7 @@
 #  http://backreference.org/2010/11/17/dnssec-verification-with-dig/
 #  https://github.com/rthalley/dnspython/blob/master/tests/test_dnssec.py
 
+import logging
 
 import dns
 import dns.name
@@ -150,7 +151,8 @@ async def query(url: str, rtype: dns.rdatatype.RdataType) -> Tuple[dns.rrset.RRs
         out = await _get_and_validate(ns, url, rtype)
         validated = True
     except Exception as e:
-        _logger.info(f"DNSSEC error: {repr(e)}")
+        log_level = logging.WARNING if isinstance(e, ImportError) else logging.INFO
+        _logger.log(log_level, f"DNSSEC error: {repr(e)}")
         out = await dns.asyncresolver.resolve(url, rtype)
         validated = False
     return out, validated