diff --git a/trifid-api/src/routes/v1/dnclient.rs b/trifid-api/src/routes/v1/dnclient.rs
index 967ba7b..ac573fa 100644
--- a/trifid-api/src/routes/v1/dnclient.rs
+++ b/trifid-api/src/routes/v1/dnclient.rs
@@ -70,13 +70,11 @@ pub async fn dnclient(
     let client_keys = host_in_ks
         .client_keys
         .iter()
-        .find(|u| u.id == req.counter as u64)
-        .unwrap();
+        .find(|u| u.id == req.counter as u64);
     let client_keys_2 = host_in_ks
         .client_keys
         .iter()
-        .find(|u| u.id == host_in_ks.current_client_key)
-        .unwrap();
+        .find(|u| u.id == host_in_ks.current_client_key);;
 
     let signature = match Signature::from_slice(&req.signature) {
         Ok(sig) => sig,
@@ -92,15 +90,20 @@ pub async fn dnclient(
         }
     };
 
-    if client_keys
-        .ed_pub
-        .verify(req.message.as_bytes(), &signature)
-        .is_err()
-        && client_keys_2
-            .ed_pub
-            .verify(req.message.as_bytes(), &signature)
-            .is_err()
-    {
+    let mut valid = false;
+
+    if let Some(client_keys) = client_keys {
+        if client_keys.ed_pub.verify(req.message.as_bytes(), &signature).is_ok() {
+            valid = true;
+        }
+    }
+    if let Some(client_keys_2) = client_keys_2 {
+        if client_keys_2.ed_pub.verify(req.message.as_bytes(), &signature).is_ok() {
+            valid = true;
+        }
+    }
+
+    if !valid {
         // Be intentionally vague as the message is invalid.
         warn!("! invalid signature from {}", host);
         return HttpResponse::Unauthorized().json(vec![APIError {