From: Michał Kępień Date: Fri, 16 Jul 2021 05:20:15 +0000 (+0200) Subject: Tweak query_addds() comments to avoid confusion X-Git-Tag: v9.17.17~22^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=29d8d35869ad44531fc0690a24074df9c7e0927a;p=thirdparty%2Fbind9.git Tweak query_addds() comments to avoid confusion It has been noticed that commit 7a87bf468b9e092bf65db55a8e9234853c7db63d did not only fix NSEC record handling in signed, insecure delegations prepared using both wildcard expansion and CNAME chaining - it also inadvertently fixed DS record handling in signed, secure delegations of that flavor. This is because the 'rdataset' variable in the relevant location in query_addds() can be either a DS RRset or an NSEC RRset. Update a code comment in query_addds() to avoid confusion. Update the comments describing the purpose of query_addds() so that they also mention NSEC(3) records. --- diff --git a/lib/ns/query.c b/lib/ns/query.c index 74540df9043..a9b1cd9dbb3 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -8688,7 +8688,7 @@ query_prepare_delegation_response(query_ctx_t *qctx) { } /* - * Add a DS if needed. + * Add DS/NSEC(3) record(s) if needed. */ query_addds(qctx); @@ -8946,7 +8946,7 @@ cleanup: } /*% - * Add a DS record if needed. + * Add DS/NSEC(3) record(s) if needed. */ static void query_addds(query_ctx_t *qctx) { @@ -9032,7 +9032,7 @@ query_addds(query_ctx_t *qctx) { } /* - * Add the NSEC record to the delegation. + * Add the relevant RRset (DS or NSEC) to the delegation. */ query_addrrset(qctx, &rname, &rdataset, &sigrdataset, NULL, DNS_SECTION_AUTHORITY);