From 70edb60f09eab94859c1f331eaa60dd4457bc853 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 4 Jul 2015 13:14:16 +0200
Subject: [PATCH] Some comment about google public dns

---
 src/dnssec.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 9f3e3a8c..acb5a9de 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1410,9 +1410,13 @@ static int nsec3_find_next_closer(
 		*opt_out = 0;
 
 	if (!(keytag = find_nsec_covering_name(
-	    dnskey, rrset, nc_name, &my_opt_out)))
+	    dnskey, rrset, nc_name, &my_opt_out))) {
+		/* TODO: At least google doesn't return next_closer on wildcard
+		 * nodata for DS query.  And in fact returns even bogus for,
+		 * for example bladiebla.xavier.nlnet.nl DS.
+		 */
 		return 0;
-
+	}
 	if (opt_out)
 		*opt_out = my_opt_out;