dnssec: library uses (both internally and for logging) dnames in ascii format w/o trailing dot
An example of Knot log:
2017-01-12T15:41:20 info: [example.com.] DNSSEC, signing zone
2017-01-12T15:41:20 info: [example.com.] DNSSEC, executing event 'ZSK rollover, replace signatures'
2017-01-12T15:41:20 info: [example.com] DNSSEC, loaded key, tag 5026, algorithm 8, KSK yes, ZSK no, public yes, active yes
2017-01-12T15:41:20 info: [example.com] DNSSEC, loaded key, tag 15526, algorithm 8, KSK no, ZSK yes, public no, active no
2017-01-12T15:41:20 info: [example.com] DNSSEC, loaded key, tag 31765, algorithm 8, KSK no, ZSK yes, public yes, active no
2017-01-12T15:41:20 info: [example.com] DNSSEC, loaded key, tag 64213, algorithm 8, KSK no, ZSK yes, public yes, active yes
2017-01-12T15:41:20 info: [example.com.] DNSSEC, signing started
2017-01-12T15:41:21 info: [example.com.] DNSSEC, successfully signed
```
it is inconsistent that the logs coming from DNSSEC library have no trailing dot after example.com.
Looking deeper at the library, it often operates with ascii-formatted domain names (converted by dname_to_ascii() function) inside. Dunno if a simple change adding the dot doesn't break anything...