Don't trust a placeholder KEYDATA record
When named starts it creates an empty KEYDATA record in the managed-keys zone as a placeholder, then schedules a key refresh. If key refresh fails for some reason (e.g. connectivity problems), named will load the placeholder key into secroots as a trusted key during the next startup, which will break the chain of trust, and named will never recover from that state until managed-keys.bind and managed-keys.bind.jnl files are manually deleted before (re)starting named.
Before calling load_secroots(), check that we are not dealing with a placeholder.
Closes #2895 (closed)
Edited by Arаm Sаrgsyаn