Fast fail a validator deadlock

We return DNS_R_NOVALIDSIG if we detected a deadlock. Then in
'validate_async_done()', this result value is used to check if we
need to fall back to insecure. As part of that we create a new fetch
but that fails because of the detected deadlock. This results in a loop
of deadlock detected, fallback to insecure, deadlock detected, ...

Add a new result value, ISC_R_DEADLOCK, and return this instead when
we have detected a deadlock. This will be treated as a generic error,
as there is no special handling for this result value.

lib/dns/validator.c

@@ -972,7 +972,7 @@ create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
 	if (check_deadlock(val, name, type, NULL, NULL)) {
 		validator_log(val, ISC_LOG_DEBUG(3),
 			      "deadlock found (create_fetch)");
-		return DNS_R_NOVALIDSIG;
+		return ISC_R_DEADLOCK;
 	}
 
 	if ((val->options & DNS_VALIDATOR_NOCDFLAG) != 0) {
@@ -1016,7 +1016,7 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
 	if (check_deadlock(val, name, type, rdataset, sig)) {
 		validator_log(val, ISC_LOG_DEBUG(3),
 			      "deadlock found (create_validator)");
-		return DNS_R_NOVALIDSIG;
+		return ISC_R_DEADLOCK;
 	}
 
 	/* OK to clear other options, but preserve NOCDFLAG and NONTA. */

lib/isc/include/isc/result.h

@@ -85,6 +85,7 @@ typedef enum isc_result {
 	ISC_R_HTTP2ALPNERROR,	/*%< ALPN for HTTP/2 failed */
 	ISC_R_DOTALPNERROR,	/*%< ALPN for DoT failed */
 	ISC_R_INVALIDPROTO,	/*%< invalid protocol */
+	ISC_R_DEADLOCK,		/*%< deadlock found */
 
 	DNS_R_LABELTOOLONG,
 	DNS_R_BADESCAPE,

lib/isc/result.c

@@ -88,6 +88,7 @@ static const char *description[ISC_R_NRESULTS] = {
 	[ISC_R_HTTP2ALPNERROR] = "ALPN for HTTP/2 failed",
 	[ISC_R_DOTALPNERROR] = "ALPN for DoT failed",
 	[ISC_R_INVALIDPROTO] = "invalid protocol",
+	[ISC_R_DEADLOCK] = "deadlock found",
 
 	[DNS_R_LABELTOOLONG] = "label too long",
 	[DNS_R_BADESCAPE] = "bad escape",