pullup:

negative responses to cd queries should work now.

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 262e21101c6ebf340cec42ec45c8fbb5e3793279..bc256d6830df45a9e29d32be4fa01081a73eb183 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.137.2.6 2000/07/27 21:27:03 gson Exp $ */
+/* $Id: resolver.c,v 1.137.2.7 2000/07/27 21:39:42 gson Exp $ */
 
 #include <config.h>
 
@@ -2842,7 +2842,7 @@ ncache_message(fetchctx_t *fctx, dns_rdatatype_t covers, isc_stdtime_t now) {
        dns_db_t **adbp;
        dns_dbnode_t *node, **anodep;
        dns_rdataset_t *ardataset;
-       isc_boolean_t need_validation;
+       isc_boolean_t need_validation, secure_domain;
        dns_name_t *aname;
        dns_fetchevent_t *event;
 
@@ -2852,6 +2852,7 @@ ncache_message(fetchctx_t *fctx, dns_rdatatype_t covers, isc_stdtime_t now) {
 
        res = fctx->res;
        need_validation = ISC_FALSE;
+       secure_domain = ISC_FALSE;
        eresult = ISC_R_SUCCESS;
        name = &fctx->name;
 
@@ -2859,15 +2860,43 @@ ncache_message(fetchctx_t *fctx, dns_rdatatype_t covers, isc_stdtime_t now) {
         * Is DNSSEC validation required for this name?
         */
        result = dns_keytable_issecuredomain(res->view->secroots, name,
-                                            &need_validation);
+                                            &secure_domain);
        if (result != ISC_R_SUCCESS)
                return (result);
-       if (need_validation) {
+
+       if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0)
+               need_validation = ISC_FALSE;
+       else
+               need_validation = secure_domain;
+
+       if (secure_domain) {
                /*
                 * Do negative response validation.
                 */
-               dns_validator_t *validator = NULL;              
-               isc_task_t *task = res->buckets[fctx->bucketnum].task;
+               dns_validator_t *validator;
+               isc_task_t *task;
+               dns_rdataset_t *trdataset;
+               dns_name_t *tname;
+
+               result = dns_message_firstname(fctx->rmessage,
+                                              DNS_SECTION_AUTHORITY);
+               while (result == ISC_R_SUCCESS) {
+                       tname = NULL;
+                       dns_message_currentname(fctx->rmessage,
+                                               DNS_SECTION_AUTHORITY,
+                                               &tname);
+                       for (trdataset = ISC_LIST_HEAD(tname->list);
+                            trdataset != NULL;
+                            trdataset = ISC_LIST_NEXT(trdataset, link))
+                               trdataset->trust = dns_trust_pending;
+                       result = dns_message_nextname(fctx->rmessage,
+                                                     DNS_SECTION_AUTHORITY);
+               }
+               if (result != ISC_R_NOMORE)
+                       return (result);
+
+               validator = NULL;
+               task = res->buckets[fctx->bucketnum].task;
                result = dns_validator_create(res->view, name, fctx->type,
                                              NULL, NULL,
                                              fctx->rmessage, 0, task,
@@ -2876,7 +2905,13 @@ ncache_message(fetchctx_t *fctx, dns_rdatatype_t covers, isc_stdtime_t now) {
                if (result != ISC_R_SUCCESS)
                        return (result);
                fctx->validating++;
-               return (ISC_R_SUCCESS);
+               /*
+                * If validation is necessary, return now.  Otherwise continue
+                * to process the message, letting the validation complete
+                * in its own good time.
+                */
+               if (need_validation)
+                       return (ISC_R_SUCCESS);
        }
 
        LOCK(&res->buckets[fctx->bucketnum].lock);

diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index dc2d812044fb0575239d2908b3604aad57f210e7..57e82f8fa88497d25b3f5653f3641a12b5830a1e 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.63.2.1 2000/07/11 00:43:01 gson Exp $ */
+/* $Id: validator.c,v 1.63.2.2 2000/07/27 21:39:44 gson Exp $ */
 
 #include <config.h>
 
@@ -418,7 +418,9 @@ authvalidated(isc_task_t *task, isc_event_t *event) {
                validator_log(val, ISC_LOG_DEBUG(3), 
                              "authvalidated: got %s",
                              dns_result_totext(eresult));
-               validator_done(val, eresult);
+               result = nxtvalidate(val, ISC_TRUE);
+               if (result != DNS_R_WAIT)
+                       validator_done(val, result);
        } else {
                if (rdataset->type == dns_rdatatype_nxt &&
                    nxtprovesnonexistence(val, devent->name, rdataset,
@@ -1026,14 +1028,8 @@ nxtvalidate(dns_validator_t *val, isc_boolean_t resume) {
                        val->currentset = NULL;
                        resume = ISC_FALSE;
                }
-               else {
-                       for (rdataset = ISC_LIST_HEAD(name->list);
-                            rdataset != NULL;
-                            rdataset = ISC_LIST_NEXT(rdataset, link))
-                               rdataset->trust = dns_trust_pending;
-
+               else
                        rdataset = ISC_LIST_HEAD(name->list);
-               }
 
                for (;
                     rdataset != NULL;