man/directives-template.xml

@@ -132,17 +132,11 @@
   <refsect1>
     <title>Constants</title>
 
-    <para>Various constants used and/or defined by systemd.</para>
+    <para>Various constant used and/or defined by systemd.</para>
 
     <variablelist id='constants' />
   </refsect1>
 
-  <refsect1>
-    <title>DNS resource record types</title>
-
-    <variablelist id='dns' />
-  </refsect1>
-
   <refsect1>
     <title>Miscellaneous options and directives</title>
 

man/dnssec-trust-anchors.d.xml

@@ -43,10 +43,12 @@
   <refsect1>
     <title>Positive Trust Anchors</title>
 
-    <para>Positive trust anchor configuration files contain <constant class='dns'>DNSKEY</constant> and
+    <para>Positive trust anchor configuration files contain DNSKEY and
-    <constant class='dns'>DS</constant> resource record definitions to use as base for DNSSEC integrity
+    DS resource record definitions to use as base for DNSSEC integrity
-    proofs. See <ulink url="https://tools.ietf.org/html/rfc4035#section-4.4">RFC 4035, Section 4.4</ulink>
+    proofs. See <ulink
-    for more information about DNSSEC trust anchors.</para>
+    url="https://tools.ietf.org/html/rfc4035#section-4.4">RFC 4035,
+    Section 4.4</ulink> for more information about DNSSEC trust
+    anchors.</para>
 
     <para>Positive trust anchors are read from files with the suffix
     <filename>.positive</filename> located in
@@ -62,12 +64,13 @@
     <filename>/run/dnssec-trust-anchors.d/</filename> that is either
     empty or a symlink to <filename>/dev/null</filename> ("masked").</para>
 
-    <para>Positive trust anchor files are simple text files resembling DNS zone files, as documented in
+    <para>Positive trust anchor files are simple text files resembling
-    <ulink url="https://tools.ietf.org/html/rfc1035#section-5">RFC 1035, Section 5</ulink>. One <constant
+    DNS zone files, as documented in <ulink
-    class='dns'>DS</constant> or <constant class='dns'>DNSKEY</constant> resource record may be listed per
+    url="https://tools.ietf.org/html/rfc1035#section-5">RFC 1035, Section
-    line. Empty lines and lines starting with <literal>#</literal> or <literal>;</literal> are ignored, which
+    5</ulink>. One DS or DNSKEY resource record may be listed per
-    may be used for commenting. A <consant class='dns'>DS</consant> resource record is specified like in the
+    line. Empty lines and lines starting with a semicolon
-    following example:</para>
+    (<literal>;</literal>) are ignored and considered comments. A DS
+    resource record is specified like in the following example:</para>
 
     <programlisting>. IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5</programlisting>
 
@@ -82,20 +85,24 @@
     Section 5</ulink> for details about the precise syntax and meaning
     of these fields.</para>
 
-    <para>Alternatively, <constant class='dns'>DNSKEY</constant> resource records may be used to define trust
+    <para>Alternatively, DNSKEY resource records may be used to define
-    anchors, like in the following example:</para>
+    trust anchors, like in the following example:</para>
 
     <programlisting>. IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=</programlisting>
 
-    <para>The first word specifies the domain again, the second word must be <literal>IN</literal>, followed
+    <para>The first word specifies the domain again, the second word
-    by <literal>DNSKEY</literal>. The subsequent words encode the <constant class='dns'>DNSKEY</constant>
+    must be <literal>IN</literal>, followed by
-    flags, protocol and algorithm fields, followed by the key data encoded in Base64. See <ulink
+    <literal>DNSKEY</literal>. The subsequent words encode the DNSKEY
-    url="https://tools.ietf.org/html/rfc4034#section-2">RFC 4034, Section 2</ulink> for details about the
+    flags, protocol and algorithm fields, followed by the key data
-    precise syntax and meaning of these fields.</para>
+    encoded in Base64. See <ulink
+    url="https://tools.ietf.org/html/rfc4034#section-2">RFC 4034,
+    Section 2</ulink> for details about the precise syntax and meaning
+    of these fields.</para>
 
-    <para>If multiple <constant class='dns'>DS</constant> or <constant class='dns'>DNSKEY</constant> records
+    <para>If multiple DS or DNSKEY records are defined for the same
-    are defined for the same domain (possibly even in different trust anchor files), all keys are used and
+    domain (possibly even in different trust anchor files), all keys
-    are considered equivalent as base for DNSSEC proofs.</para>
+    are used and are considered equivalent as base for DNSSEC
+    proofs.</para>
 
     <para>Note that <filename>systemd-resolved</filename> will
     automatically use a built-in trust anchor key for the Internet
@@ -105,15 +112,17 @@
     as soon as at least one trust anchor key for the root domain is
     defined in trust anchor files.</para>
 
-    <para>It is generally recommended to encode trust anchors in <constant class='dns'>DS</constant> resource
+    <para>It is generally recommended to encode trust anchors in DS
-    records, rather than <constant class='dns'>DNSKEY</constant> resource records.</para>
+    resource records, rather than DNSKEY resource records.</para>
 
-    <para>If a trust anchor specified via a <constant class='dns'>DS</constant> record is found revoked it is
+    <para>If a trust anchor specified via a DS record is found revoked
-    automatically removed from the trust anchor database for the runtime. See <ulink
+    it is automatically removed from the trust anchor database for the
-    url="https://tools.ietf.org/html/rfc5011">RFC 5011</ulink> for details about revoked trust anchors. Note
+    runtime. See <ulink url="https://tools.ietf.org/html/rfc5011">RFC
-    that <filename>systemd-resolved</filename> will not update its trust anchor database from DNS servers
+    5011</ulink> for details about revoked trust anchors. Note that
-    automatically. Instead, it is recommended to update the resolver software or update the new trust anchor
+    <filename>systemd-resolved</filename> will not update its trust
-    via adding in new trust anchor files.</para>
+    anchor database from DNS servers automatically. Instead, it is
+    recommended to update the resolver software or update the new
+    trust anchor via adding in new trust anchor files.</para>
 
     <para>The current DNSSEC trust anchor for the Internet's root
     domain is available at the <ulink

man/org.freedesktop.resolve1.xml

@@ -308,15 +308,12 @@ node /org/freedesktop/resolve1 {
       records of many types, it is crucial that clients using this API understand that the RR data originates
       from the network and should be thoroughly validated before use.</para>
 
-      <para><function>ResolveService()</function> may be used to resolve a DNS
+      <para><function>ResolveService()</function> may be used to resolve a DNS SRV service record, as well as the
-      <constant class="dns">SRV</constant> service record, as well as the hostnames referenced in it, and
+      hostnames referenced in it, and possibly an accompanying DNS-SD TXT record containing additional
-      possibly an accompanying DNS-SD <constant class="dns">TXT</constant> record containing additional
       service metadata. The primary benefit of using this method over <function>ResolveRecord()</function>
-      specifying the <constant class="dns">SRV</constant> type is that it will resolve the
+      specifying the SRV type is that it will resolve the SRV and TXT RRs as well as the hostnames referenced
-      <constant class="dns">SRV</constant> and <constant class="dns">TXT</constant> RRs as well as the
+      in the SRV in a single operation. As parameters it takes a Linux network interface index, a service
-      hostnames referenced in the SRV in a single operation. As parameters it takes a Linux network interface
+      name, a service type and a service domain. This method may be invoked in three different modes:</para>
-      index, a service name, a service type and a service domain. This method may be invoked in three
-      different modes:</para>
 
       <orderedlist>
         <listitem><para>To resolve a DNS-SD service, specify the service name (e.g. <literal>Lennart's
@@ -326,13 +323,13 @@ node /org/freedesktop/resolve1 {
         specifications). However, if necessary, IDNA conversion is applied to the domain parameter.</para>
         </listitem>
 
-        <listitem><para>To resolve a plain <constant class="dns">SRV</constant> record, set the service name
+        <listitem><para>To resolve a plain SRV record, set the service name parameter to the empty string
-        parameter to the empty string and set the service type and domain properly. (IDNA conversion is
+        and set the service type and domain properly. (IDNA conversion is applied to the domain, if
-        applied to the domain, if necessary.)</para></listitem>
+        necessary.)</para></listitem>
 
-        <listitem><para>Alternatively, leave both the service name and type empty and specify the full domain
+        <listitem><para>Alternatively, leave both the service name and type empty and specify the full
-        name of the <constant class="dns">SRV</constant> record (i.e. prefixed with the service type) in the
+        domain name of the SRV record (i.e. prefixed with the service type) in the domain parameter. (No IDNA
-        domain parameter. (No IDNA conversion is applied in this mode.)</para></listitem>
+        conversion is applied in this mode.)</para></listitem>
       </orderedlist>
 
       <para>The <varname>family</varname> parameter of the <function>ResolveService()</function> method encodes
@@ -342,16 +339,15 @@ node /org/freedesktop/resolve1 {
       <varname>flags</varname> parameter takes a couple of flags that may be used to alter the resolver
       operation.</para>
 
-      <para>On completion, <function>ResolveService()</function> returns an array of
+      <para>On completion, <function>ResolveService()</function> returns an array of SRV record structures. Each
-      <constant class="dns">SRV</constant> record structures. Each items consisting of the priority, weight and port
+      items consisting of the priority, weight and port fields as well as the hostname to contact, as encoded in the SRV
-      fields as well as the hostname to contact, as encoded in the <constant class="dns">SRV</constant>
       record. Immediately following is an array of the addresses of this hostname, with each item consisting
       of the interface index, the address family and the address data in a byte array. This address array is
-      followed by the canonicalized hostname. After this array of <constant class="dns">SRV</constant> record
+      followed by the canonicalized hostname. After this array of SRV record structures an array of byte
-      structures an array of byte arrays follows that encodes the TXT RR strings, in case DNS-SD look-ups are
+      arrays follows that encodes the TXT RR strings, in case DNS-SD look-ups are enabled. The next parameters
-      enabled. The next parameters are the canonical service name, type and domain. This may or may not be
+      are the canonical service name, type and domain. This may or may not be identical to the parameters
-      identical to the parameters passed in. Finally, a <varname>flags</varname> field is returned that
+      passed in. Finally, a <varname>flags</varname> field is returned that contains information about the
-      contains information about the resolver operation performed.</para>
+      resolver operation performed.</para>
 
       <para>The <function>ResetStatistics()</function> method resets the various statistics counters that
       <filename>systemd-resolved</filename> maintains to zero. (For details, see the statistics properties below.)</para>
@@ -783,8 +779,8 @@ node /org/freedesktop/resolve1/link/_1 {
       </varlistentry>
 
       <varlistentry><term><constant>org.freedesktop.resolve1.NoSuchService</constant></term>
-      <listitem><para>A service look-up was successful, but the <constant class="dns">SRV</constant> record
+      <listitem><para>A service look-up was successful, but the SRV record reported that the service is not
-      reported that the service is not available.</para></listitem></varlistentry>
+      available.</para></listitem></varlistentry>
 
       <varlistentry><term><constant>org.freedesktop.resolve1.DnssecFailed</constant></term>
       <listitem><para>The acquired response did not pass DNSSEC validation.</para></listitem>

man/resolvectl.xml

@@ -75,26 +75,21 @@
         [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>]
         <replaceable>DOMAIN</replaceable></term>
 
-        <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and <ulink
+        <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and
-        url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of
+        <ulink url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of parameters.
-        parameters.  If three parameters are passed the first is assumed to be the DNS-SD service name, the
+        If three parameters are passed the first is assumed to be the DNS-SD service name, the second the SRV service type,
-        second the <constant class='dns'>SRV</constant> service type, and the third the domain to search in.
+        and the third the domain to search in. In this case a full DNS-SD style SRV and TXT lookup is executed. If only two
-        In this case a full DNS-SD style <constant class='dns'>SRV</constant> and <constant
+        parameters are specified, the first is assumed to be the SRV service type, and the second the domain to look in. In
-        class='dns'>TXT</constant> lookup is executed. If only two parameters are specified, the first is
+        this case no TXT RR is requested. Finally, if only one parameter is specified, it is assumed to be a domain name,
-        assumed to be the <constant class='dns'>SRV</constant> service type, and the second the domain to look
+        that is already prefixed with an SRV type, and an SRV lookup is done (no TXT).</para></listitem>
-        in. In this case no <constant class='dns'>TXT</constant> resource record is requested. Finally, if
-        only one parameter is specified, it is assumed to be a domain name, that is already prefixed with an
-        <constant class='dns'>SRV</constant> type, and an <constant class='dns'>SRV</constant> lookup is done
-        (no <constant class='dns'>TXT</constant>).</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term><command>openpgp</command> <replaceable>EMAIL@DOMAIN</replaceable>…</term>
 
-        <listitem><para>Query PGP keys stored as <constant class='dns'>OPENPGPKEY</constant> resource records,
+        <listitem><para>Query PGP keys stored as <ulink url="https://tools.ietf.org/html/rfc7929">OPENPGPKEY</ulink>
-        ssee <ulink url="https://tools.ietf.org/html/rfc7929">RFC 7929</ulink>. Specified e-mail addresses
+        resource records. Specified e-mail addresses are converted to the corresponding DNS domain name, and any
-        are converted to the corresponding DNS domain name, and any <constant class='dns'>OPENPGPKEY</constant>
+        OPENPGPKEY keys are printed.</para></listitem>
-        keys are printed.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -102,13 +97,11 @@
         [<replaceable>FAMILY</replaceable>]
         <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</term>
 
-        <listitem><para>Query TLS public keys stored as <constant class='dns'>TLSA</constant> resource
+        <listitem><para>Query TLS public keys stored as <ulink url="https://tools.ietf.org/html/rfc6698">TLSA</ulink>
-        records, see <ulink url="https://tools.ietf.org/html/rfc6698">RFC 6698</ulink>. A query will be
+        resource records. A query will be performed for each of the specified names prefixed with the port and family
-        performed for each of the specified names prefixed with the port and family
         (<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>).
-        The port number may be specified after a colon (<literal>:</literal>), otherwise
+        The port number may be specified after a colon (<literal>:</literal>), otherwise <constant>443</constant> will be used
-        <constant>443</constant> will be used by default. The family may be specified as the first argument,
+        by default. The family may be specified as the first argument, otherwise <constant>tcp</constant> will be used.</para></listitem>
-        otherwise <constant>tcp</constant> will be used.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -135,8 +128,8 @@
       <varlistentry>
         <term><command>flush-caches</command></term>
 
-        <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly
+        <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly equivalent
-        equivalent to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command>
+        to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command>
         service.</para></listitem>
       </varlistentry>
 
@@ -253,11 +246,10 @@
         <term><option>--class=</option><replaceable>CLASS</replaceable></term>
 
         <listitem><para>When used in conjunction with the <command>query</command> command, specifies the DNS
-        resource record type (e.g. <constant class='dns'>A</constant>, <constant class='dns'>AAAA</constant>,
+        resource record type (e.g. A, AAAA, MX, …) and class (e.g. IN, ANY, …) to look up. If these options
-        <constant class='dns'>MX</constant>, …) and class (e.g. <constant>IN</constant>,
+        are used a DNS resource record set matching the specified class and type is requested. The class
-        <constant>ANY</constant>, …) to look up. If these options are used a DNS resource record set matching
+        defaults to IN if only a type is specified. The special value <literal>help</literal> may be used to
-        the specified class and type is requested. The class defaults to <constant>IN</constant> if only a
+        list known values.</para>
-        type is specified. The special value <literal>help</literal> may be used to list known values.</para>
 
         <para>Without these options <command>resolvectl query</command> provides high-level domain name to
         address and address to domain name resolution. With these options it provides low-level DNS resource
@@ -272,23 +264,20 @@
         <term><option>--service-address=</option><replaceable>BOOL</replaceable></term>
 
         <listitem><para>Takes a boolean parameter. If true (the default), when doing a service lookup with
-        <option>--service</option> the hostnames contained in the <constant class='dns'>SRV</constant>
+        <option>--service</option> the hostnames contained in the SRV resource records are resolved as well.</para></listitem>
-        resource records are resolved as well.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term><option>--service-txt=</option><replaceable>BOOL</replaceable></term>
 
-        <listitem><para>Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup
+        <listitem><para>Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup with
-        with <option>--service</option> the <constant class='dns'>TXT</constant> service metadata record is
+        <option>--service</option> the TXT service metadata record is resolved as well.</para></listitem>
-        resolved as well.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term><option>--cname=</option><replaceable>BOOL</replaceable></term>
 
-        <listitem><para>Takes a boolean parameter. If true (the default), DNS <constant
+        <listitem><para>Takes a boolean parameter. If true (the default), DNS CNAME or DNAME redirections are
-        class='dns'>CNAME</constant> or <constant class='dns'>DNAME</constant> redirections are
         followed. Otherwise, if a CNAME or DNAME record is encountered while resolving, an error is
         returned.</para></listitem>
       </varlistentry>
@@ -476,7 +465,7 @@
     <title>Examples</title>
 
     <example>
-      <title>Retrieve the addresses of the <literal>www.0pointer.net</literal> domain (<constant class='dns'>A</constant> and <constant class='dns'>AAAA</constant> resource records)</title>
+      <title>Retrieve the addresses of the <literal>www.0pointer.net</literal> domain</title>
 
       <programlisting>$ resolvectl query www.0pointer.net
 www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74
@@ -488,8 +477,7 @@ www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74
     </example>
 
     <example>
-      <title>Retrieve the domain of the <literal>85.214.157.71</literal> IP address
+      <title>Retrieve the domain of the <literal>85.214.157.71</literal> IP address</title>
-      (<constant class='dns'>PTR</constant> resource record)</title>
 
       <programlisting>$ resolvectl query 85.214.157.71
 85.214.157.71: gardel.0pointer.net
@@ -500,8 +488,7 @@ www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74
     </example>
 
     <example>
-      <title>Retrieve the <constant class='dns'>MX</constant> record of the <literal>yahoo.com</literal>
+      <title>Retrieve the MX record of the <literal>yahoo.com</literal> domain</title>
-      domain</title>
 
       <programlisting>$ resolvectl --legend=no -t MX query yahoo.com
 yahoo.com. IN MX    1 mta7.am0.yahoodns.net
@@ -511,7 +498,7 @@ yahoo.com. IN MX    1 mta5.am0.yahoodns.net
     </example>
 
     <example>
-      <title>Resolve an <constant class='dns'>SRV</constant> service</title>
+      <title>Resolve an SRV service</title>
 
       <programlisting>$ resolvectl service _xmpp-server._tcp gmail.com
 _xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, weight=0]
@@ -523,7 +510,7 @@ _xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, we
     </example>
 
     <example>
-      <title>Retrieve a PGP key (<constant class='dns'>OPENPGP</constant> resource record)</title>
+      <title>Retrieve a PGP key</title>
 
       <programlisting>$ resolvectl openpgp zbyszek@fedoraproject.org
 d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY
@@ -534,7 +521,8 @@ d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproje
     </example>
 
     <example>
-      <title>Retrieve a TLS key (<constant class='dns'>TLSA</constant> resource record)</title>
+      <title>Retrieve a TLS key (<literal>tcp</literal> and
+      <literal>:443</literal> could be skipped)</title>
 
       <programlisting>$ resolvectl tlsa tcp fedoraproject.org:443
 _443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0
@@ -542,8 +530,6 @@ _443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0
         -- Selector: Full Certificate
         -- Matching type: SHA-256
 </programlisting>
-
-      <para><literal>tcp</literal> and <literal>:443</literal> are optional and could be skipped.</para>
     </example>
   </refsect1>
 

man/resolved.conf.xml

@@ -334,7 +334,7 @@ DNSStubListenerExtra=udp:[2001:db8:0:f102::13]:9953</programlisting>
       <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>dnssec-trust-anchors.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-      <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>4</manvolnum></citerefentry>
       </para>
   </refsect1>
 

man/systemd.dnssd.xml

@@ -123,15 +123,13 @@
         <varlistentry>
           <term><varname>Priority=</varname></term>
           <listitem>
-            <para>A priority number set in <constant class='dns'>SRV</constant> resource records corresponding
+            <para>A priority number set in SRV resource records corresponding to the network service.</para>
-            to the network service.</para>
           </listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>Weight=</varname></term>
           <listitem>
-            <para>A weight number set in <constant class='dns'>SRV</constant> resource records corresponding
+            <para>A weight number set in SRV resource records corresponding to the network service.</para>
-            to the network service.</para>
           </listitem>
         </varlistentry>
         <varlistentry>

src/resolve/resolved-dns-rr.c

@@ -1613,11 +1613,9 @@ DnsResourceRecord *dns_resource_record_copy(DnsResourceRecord *rr) {
                 copy->nsec.next_domain_name = strdup(rr->nsec.next_domain_name);
                 if (!copy->nsec.next_domain_name)
                         return NULL;
-                if (rr->nsec.types) {
                 copy->nsec.types = bitmap_copy(rr->nsec.types);
                 if (!copy->nsec.types)
                         return NULL;
-                }
                 break;
 
         case DNS_TYPE_DS:
@@ -1642,11 +1640,9 @@ DnsResourceRecord *dns_resource_record_copy(DnsResourceRecord *rr) {
                 if (!copy->nsec3.next_hashed_name)
                         return NULL;
                 copy->nsec3.next_hashed_name_size = rr->nsec3.next_hashed_name_size;
-                if (rr->nsec3.types) {
                 copy->nsec3.types = bitmap_copy(rr->nsec3.types);
                 if (!copy->nsec3.types)
                         return NULL;
-                }
                 break;
 
         case DNS_TYPE_TLSA:

tools/make-directive-index.py

@@ -77,14 +77,13 @@ def _extract_directives(directive_groups, formatting, page):
                 storfile[text].append((pagename, section))
                 formatting[text] = name
 
+    storfile = directive_groups['constants']
     for name in t.iterfind('.//constant'):
         if name.attrib.get('index') == 'false':
             continue
         name.tail = ''
         if name.text.startswith('('): # a cast, strip it
             name.text = name.text.partition(' ')[2]
-        klass = name.attrib.get('class') or 'constants'
-        storfile = directive_groups[klass]
         storfile[name.text].append((pagename, section))
         formatting[name.text] = name