Rename isdelegation() to is_insecure_referral()

The name 'isdelegation()' was confusing. This function is not checking
whether this message is a delegation, but whether the denial of
existence proofs in this message is a proof of a referral to an
unsigned zone.

The name 'is_unsecure_referral()' is more appropriate.

diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 93838f174a85941ada54434e56cc8720ef391bc4..0806dde03ab22947a18dd843fc619a2e2f5ed0c4 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -245,9 +245,9 @@ validator_done(dns_validator_t *val, isc_result_t result) {
 }
 
 /*%
- * The isdelegation() function is called as part of seeking the DS record.
- * Look in the NSEC or NSEC3 record returned from a DS query to see if the
- * record has the NS bitmap set. If so, we are at a delegation point.
+ * The is_insecure_referral() function is called as part of seeking the DS
+ * record. Look in the NSEC or NSEC3 record returned from a DS query to see if
+ * the record has the NS bitmap set. If so, we are at a delegation point.
  *
  * If the response contains NSEC3 records with too high iterations, we cannot
  * (or rather we are not going to) validate the insecurity proof. Instead we
@@ -262,8 +262,9 @@ validator_done(dns_validator_t *val, isc_result_t result) {
  *\li  #false the NS bitmap was not set.
  */
 static bool
-isdelegation(dns_validator_t *val, dns_name_t *name, dns_rdataset_t *rdataset,
-            isc_result_t dbresult, const char *caller) {
+is_insecure_referral(dns_validator_t *val, dns_name_t *name,
+                    dns_rdataset_t *rdataset, isc_result_t dbresult,
+                    const char *caller) {
        dns_fixedname_t fixed;
        dns_label_t hashlabel;
        dns_name_t nsec3name;
@@ -621,8 +622,9 @@ fetch_callback_ds(void *arg) {
                        break;
                case DNS_R_NXRRSET:
                case DNS_R_NCACHENXRRSET:
-                       if (isdelegation(val, resp->foundname, &val->frdataset,
-                                        eresult, "fetch_callback_ds"))
+                       if (is_insecure_referral(val, resp->foundname,
+                                                &val->frdataset, eresult,
+                                                "fetch_callback_ds"))
                        {
                                /*
                                 * Failed to find a DS while trying to prove
@@ -740,8 +742,9 @@ validator_callback_ds(void *arg) {
                if ((val->attributes & VALATTR_INSECURITY) != 0 &&
                    val->frdataset.covers == dns_rdatatype_ds &&
                    NEGATIVE(&val->frdataset) &&
-                   isdelegation(val, name, &val->frdataset,
-                                DNS_R_NCACHENXRRSET, "validator_callback_ds"))
+                   is_insecure_referral(val, name, &val->frdataset,
+                                        DNS_R_NCACHENXRRSET,
+                                        "validator_callback_ds"))
                {
                        result = markanswer(val, "validator_callback_ds");
                } else if ((val->attributes & VALATTR_INSECURITY) != 0) {
@@ -3312,8 +3315,8 @@ seek_ds(dns_validator_t *val, isc_result_t *resp) {
                        return ISC_R_COMPLETE;
                }
 
-               if (isdelegation(val, tname, &val->frdataset, result,
-                                "seek_ds"))
+               if (is_insecure_referral(val, tname, &val->frdataset, result,
+                                        "seek_ds"))
                {
                        *resp = markanswer(val, "seek_ds (3)");
                        return ISC_R_COMPLETE;