add comments for future generations of coders

author Miek Gieben <miekg@NLnetLabs.nl>

Thu, 8 Jun 2006 08:21:31 +0000 (08:21 +0000)

committer Miek Gieben <miekg@NLnetLabs.nl>

Thu, 8 Jun 2006 08:21:31 +0000 (08:21 +0000)
author Miek Gieben <miekg@NLnetLabs.nl>
Thu, 8 Jun 2006 08:21:31 +0000 (08:21 +0000)
committer Miek Gieben <miekg@NLnetLabs.nl>
Thu, 8 Jun 2006 08:21:31 +0000 (08:21 +0000)
diff --git a/drill/securetrace.c b/drill/securetrace.c

index 278e3429bb2b94b77c6b6b8eb89669108e271450..1e3e401f891bf94b211188c832af775f886bcc31 100644 (file)
--- a/drill/securetrace.c
+++ b/drill/securetrace.c
@@ -210,6 +210,13 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
          * ask: dnskey and ds for the label 
          */
         for(i = (ssize_t)labels_count + 1; i > 0; i--) {
+               /* this tries to get the nameserver for the node we
+                * currently have. This fails sometimes, because of 
+                * caching, or the failure to cache. A better way would
+                * be to do a trace from the root to the nameserver (a non
+                * DNSSEC trace). After that you can just query for
+                * the DNSKEY and DS and perform the validation magic
+                */
                 status = ldns_resolver_send(&local_p, local_res, labels[i], LDNS_RR_TYPE_NS, c, 0);
                 new_nss = ldns_pkt_rr_list_by_type(local_p,
                                         LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER);
author	Miek Gieben <miekg@NLnetLabs.nl>
	Thu, 8 Jun 2006 08:21:31 +0000 (08:21 +0000)
committer	Miek Gieben <miekg@NLnetLabs.nl>
	Thu, 8 Jun 2006 08:21:31 +0000 (08:21 +0000)