Tweak query_addds() comments to avoid confusion

It has been noticed that commit f88c90f47f39a044d23912bcd823c36654c5236b
did not only fix NSEC record handling in signed, insecure delegations
prepared using both wildcard expansion and CNAME chaining - it also
inadvertently fixed DS record handling in signed, secure delegations
of that flavor.  This is because the 'rdataset' variable in the relevant
location in query_addds() can be either a DS RRset or an NSEC RRset.
Update a code comment in query_addds() to avoid confusion.

Update the comments describing the purpose of query_addds() so that they
also mention NSEC(3) records.

(cherry picked from commit 29d8d35869ad44531fc0690a24074df9c7e0927a)

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 4619cb39d70afd854d307694fd1037528ef39659..6e17aa93e28b2a4a1a1137bae7cd89bbac7c313d 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -8413,7 +8413,7 @@ query_prepare_delegation_response(query_ctx_t *qctx) {
        }
 
        /*
-        * Add a DS if needed.
+        * Add DS/NSEC(3) record(s) if needed.
         */
        query_addds(qctx);
 
@@ -8671,7 +8671,7 @@ cleanup:
 }
 
 /*%
- * Add a DS record if needed.
+ * Add DS/NSEC(3) record(s) if needed.
  */
 static void
 query_addds(query_ctx_t *qctx) {
@@ -8757,7 +8757,7 @@ query_addds(query_ctx_t *qctx) {
        }
 
        /*
-        * Add the NSEC record to the delegation.
+        * Add the relevant RRset (DS or NSEC) to the delegation.
         */
        query_addrrset(qctx, &rname, &rdataset, &sigrdataset, NULL,
                       DNS_SECTION_AUTHORITY);