Commit 04038baf authored by Michał Kępień's avatar Michał Kępień

Do not call exit() upon check_no_nsec() errors

Replace the fatal() call inside check_no_nsec() with a
zoneverify_log_error() call.  Enable check_no_nsec() to signal errors to
the caller using its return value.

Modify all call sites of check_no_nsec() so that its errors are properly
parent 4354f44d
......@@ -876,8 +876,9 @@ is_empty(const vctx_t *vctx, dns_dbnode_t *node) {
return (ISC_FALSE);
static void
static isc_result_t
check_no_nsec(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node) {
isc_boolean_t nsec_exists = ISC_FALSE;
dns_rdataset_t rdataset;
isc_result_t result;
......@@ -888,11 +889,15 @@ check_no_nsec(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node) {
if (result != ISC_R_NOTFOUND) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf));
fatal("unexpected NSEC RRset at %s\n", namebuf);
zoneverify_log_error(vctx, "unexpected NSEC RRset at %s",
nsec_exists = ISC_TRUE;
if (dns_rdataset_isassociated(&rdataset))
return (nsec_exists ? ISC_R_FAILURE : ISC_R_SUCCESS);
static isc_boolean_t
......@@ -1460,7 +1465,11 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
goto done;
if (!dns_name_issubdomain(name, vctx->origin)) {
check_no_nsec(vctx, name, node);
result = check_no_nsec(vctx, name, node);
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(vctx->db, &node);
goto done;
dns_db_detachnode(vctx->db, &node);
result = dns_dbiterator_next(dbiter);
if (result == ISC_R_NOMORE) {
......@@ -1501,7 +1510,13 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
(zonecut != NULL &&
dns_name_issubdomain(nextname, zonecut)))
check_no_nsec(vctx, nextname, nextnode);
result = check_no_nsec(vctx, nextname,
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(vctx->db, &node);
dns_db_detachnode(vctx->db, &nextnode);
goto done;
dns_db_detachnode(vctx->db, &nextnode);
result = dns_dbiterator_next(dbiter);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment