Tweak query_addds() comments to avoid confusion

It has been noticed that commit 7a87bf468b9e092bf65db55a8e9234853c7db63d
did not only fix NSEC record handling in signed, insecure delegations
prepared using both wildcard expansion and CNAME chaining - it also
inadvertently fixed DS record handling in signed, secure delegations
of that flavor.  This is because the 'rdataset' variable in the relevant
location in query_addds() can be either a DS RRset or an NSEC RRset.
Update a code comment in query_addds() to avoid confusion.

Update the comments describing the purpose of query_addds() so that they
also mention NSEC(3) records.

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 74540df904308f73b9c75cff9fa838d8e9c67529..a9b1cd9dbb3a14f4380f91679b6cb81bf0809004 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -8688,7 +8688,7 @@ query_prepare_delegation_response(query_ctx_t *qctx) {
        }
 
        /*
-        * Add a DS if needed.
+        * Add DS/NSEC(3) record(s) if needed.
         */
        query_addds(qctx);
 
@@ -8946,7 +8946,7 @@ cleanup:
 }
 
 /*%
- * Add a DS record if needed.
+ * Add DS/NSEC(3) record(s) if needed.
  */
 static void
 query_addds(query_ctx_t *qctx) {
@@ -9032,7 +9032,7 @@ query_addds(query_ctx_t *qctx) {
        }
 
        /*
-        * Add the NSEC record to the delegation.
+        * Add the relevant RRset (DS or NSEC) to the delegation.
         */
        query_addrrset(qctx, &rname, &rdataset, &sigrdataset, NULL,
                       DNS_SECTION_AUTHORITY);