From: Matthijs Mekking Date: Thu, 2 Apr 2026 09:20:32 +0000 (+0200) Subject: Rename isdelegation() to is_insecure_referral() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0f09bb3743015b405ae48c9664f46a422f546e2;p=thirdparty%2Fbind9.git Rename isdelegation() to is_insecure_referral() The name 'isdelegation()' was confusing. This function is not checking whether this message is a delegation, but whether the denial of existence proofs in this message is a proof of a referral to an unsigned zone. The name 'is_unsecure_referral()' is more appropriate. --- diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 93838f174a8..0806dde03ab 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -245,9 +245,9 @@ validator_done(dns_validator_t *val, isc_result_t result) { } /*% - * The isdelegation() function is called as part of seeking the DS record. - * Look in the NSEC or NSEC3 record returned from a DS query to see if the - * record has the NS bitmap set. If so, we are at a delegation point. + * The is_insecure_referral() function is called as part of seeking the DS + * record. Look in the NSEC or NSEC3 record returned from a DS query to see if + * the record has the NS bitmap set. If so, we are at a delegation point. * * If the response contains NSEC3 records with too high iterations, we cannot * (or rather we are not going to) validate the insecurity proof. Instead we @@ -262,8 +262,9 @@ validator_done(dns_validator_t *val, isc_result_t result) { *\li #false the NS bitmap was not set. */ static bool -isdelegation(dns_validator_t *val, dns_name_t *name, dns_rdataset_t *rdataset, - isc_result_t dbresult, const char *caller) { +is_insecure_referral(dns_validator_t *val, dns_name_t *name, + dns_rdataset_t *rdataset, isc_result_t dbresult, + const char *caller) { dns_fixedname_t fixed; dns_label_t hashlabel; dns_name_t nsec3name; @@ -621,8 +622,9 @@ fetch_callback_ds(void *arg) { break; case DNS_R_NXRRSET: case DNS_R_NCACHENXRRSET: - if (isdelegation(val, resp->foundname, &val->frdataset, - eresult, "fetch_callback_ds")) + if (is_insecure_referral(val, resp->foundname, + &val->frdataset, eresult, + "fetch_callback_ds")) { /* * Failed to find a DS while trying to prove @@ -740,8 +742,9 @@ validator_callback_ds(void *arg) { if ((val->attributes & VALATTR_INSECURITY) != 0 && val->frdataset.covers == dns_rdatatype_ds && NEGATIVE(&val->frdataset) && - isdelegation(val, name, &val->frdataset, - DNS_R_NCACHENXRRSET, "validator_callback_ds")) + is_insecure_referral(val, name, &val->frdataset, + DNS_R_NCACHENXRRSET, + "validator_callback_ds")) { result = markanswer(val, "validator_callback_ds"); } else if ((val->attributes & VALATTR_INSECURITY) != 0) { @@ -3312,8 +3315,8 @@ seek_ds(dns_validator_t *val, isc_result_t *resp) { return ISC_R_COMPLETE; } - if (isdelegation(val, tname, &val->frdataset, result, - "seek_ds")) + if (is_insecure_referral(val, tname, &val->frdataset, result, + "seek_ds")) { *resp = markanswer(val, "seek_ds (3)"); return ISC_R_COMPLETE;