From 245d9f25a767be585dad02075ea2fb671f5c0b64 Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Thu, 18 May 2000 17:14:35 +0000
Subject: [PATCH] better wildcard warning

---
 bin/dnssec/dnssec-signzone.c | 16 ++++++++++------
 bin/tests/signer.c           | 16 ++++++++++------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 4a5fcbeab0..5f5a2dae62 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -758,12 +758,16 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
 	static int warnwild = 0;
 
 	if (dns_name_iswildcard(name)) {
-		if (warnwild++ == 0)
-			fprintf(stderr, "%s: warning: BIND 9 doesn't "
-				"handle wildcards in secure zones\n", PROGRAM);
-		else
-			fprintf(stderr, "%s: warning: wildcard name seen: %s\n",
-				PROGRAM, nametostr(name));
+		if (warnwild++ == 0) {
+			fprintf(stderr, "%s: warning: BIND 9 doesn't properly "
+				"handle wildcards in secure zones:\n", PROGRAM);
+			fprintf(stderr, "\t- wildcard nonexistence proof is "
+				"not generated by the server\n");
+			fprintf(stderr, "\t- wildcard nonexistence proof is "
+				"not required by the resolver\n");
+		}
+		fprintf(stderr, "%s: warning: wildcard name seen: %s\n",
+			PROGRAM, nametostr(name));
 	}
 	if (!atorigin) {
 		dns_rdataset_t nsset;
diff --git a/bin/tests/signer.c b/bin/tests/signer.c
index 4a5fcbeab0..5f5a2dae62 100644
--- a/bin/tests/signer.c
+++ b/bin/tests/signer.c
@@ -758,12 +758,16 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
 	static int warnwild = 0;
 
 	if (dns_name_iswildcard(name)) {
-		if (warnwild++ == 0)
-			fprintf(stderr, "%s: warning: BIND 9 doesn't "
-				"handle wildcards in secure zones\n", PROGRAM);
-		else
-			fprintf(stderr, "%s: warning: wildcard name seen: %s\n",
-				PROGRAM, nametostr(name));
+		if (warnwild++ == 0) {
+			fprintf(stderr, "%s: warning: BIND 9 doesn't properly "
+				"handle wildcards in secure zones:\n", PROGRAM);
+			fprintf(stderr, "\t- wildcard nonexistence proof is "
+				"not generated by the server\n");
+			fprintf(stderr, "\t- wildcard nonexistence proof is "
+				"not required by the resolver\n");
+		}
+		fprintf(stderr, "%s: warning: wildcard name seen: %s\n",
+			PROGRAM, nametostr(name));
 	}
 	if (!atorigin) {
 		dns_rdataset_t nsset;