Nothing sets DNS_RDATASETATTR_NEGATIVE; remove code dealing with that

and then remove ncache.c.

6 files changed, 5 insertions, 762 deletions

diff --git a/usr.sbin/bind/lib/dns/Makefile.inc b/usr.sbin/bind/lib/dns/Makefile.inc
index 9742cf66ebc..238e87d96c5 100644
--- a/usr.sbin/bind/lib/dns/Makefile.inc
+++ b/usr.sbin/bind/lib/dns/Makefile.inc
@@ -1,11 +1,10 @@
-#	$OpenBSD: Makefile.inc,v 1.7 2020/02/04 19:34:39 florian Exp $
+#	$OpenBSD: Makefile.inc,v 1.8 2020/02/04 19:38:54 florian Exp $
 
 .PATH: ${.CURDIR}/lib/dns
 
 SRCS+=	byaddr.c callbacks.c compress.c dns_log.c dns_result.c dns_time.c
 SRCS+=	dst_api.c dst_parse.c dst_result.c masterdump.c
 SRCS+=	hmac_link.c key.c lib.c name.c openssl_link.c message.c
-SRCS+=	ncache.c
 SRCS+=	rcode.c rdata.c rdatalist.c
 SRCS+=	rdataset.c tsig.c ttl.c
 
diff --git a/usr.sbin/bind/lib/dns/include/dns/ncache.h b/usr.sbin/bind/lib/dns/include/dns/ncache.h
deleted file mode 100644
index d420988b10b..00000000000
--- a/usr.sbin/bind/lib/dns/include/dns/ncache.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: ncache.h,v 1.4 2020/01/18 16:55:01 florian Exp $ */
-
-#ifndef DNS_NCACHE_H
-#define DNS_NCACHE_H 1
-
-/*****
- ***** Module Info
- *****/
-
-/*! \file dns/ncache.h
- *\brief
- * DNS Ncache
- *
- * XXX TBS XXX
- *
- * MP:
- *\li	The caller must ensure any required synchronization.
- *
- * Reliability:
- *\li	No anticipated impact.
- *
- * Resources:
- *\li	TBS
- *
- * Security:
- *\li	No anticipated impact.
- *
- * Standards:
- *\li	RFC2308
- */
-
-#include <isc/lang.h>
-#include <isc/stdtime.h>
-
-#include <dns/types.h>
-
-ISC_LANG_BEGINDECLS
-
-/*%
- * _OMITDNSSEC:
- *      Omit DNSSEC records when rendering.
- */
-#define DNS_NCACHETOWIRE_OMITDNSSEC   0x0001
-
-isc_result_t
-dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx,
-		  isc_buffer_t *target, unsigned int options,
-		  unsigned int *countp);
-/*%<
- * Convert the negative caching rdataset 'rdataset' to wire format,
- * compressing names as specified in 'cctx', and storing the result in
- * 'target'.  If 'omit_dnssec' is set, DNSSEC records will not
- * be added to 'target'.
- *
- * Notes:
- *\li	The number of RRs added to target will be added to *countp.
- *
- * Requires:
- *\li	'rdataset' is a valid negative caching rdataset.
- *
- *\li	'rdataset' is not empty.
- *
- *\li	'countp' is a valid pointer.
- *
- * Ensures:
- *\li	On a return of ISC_R_SUCCESS, 'target' contains a wire format
- *	for the data contained in 'rdataset'.  Any error return leaves
- *	the buffer unchanged.
- *
- *\li	*countp has been incremented by the number of RRs added to
- *	target.
- *
- * Returns:
- *\li	#ISC_R_SUCCESS		- all ok
- *\li	#ISC_R_NOSPACE		- 'target' doesn't have enough room
- *
- *\li	Any error returned by dns_rdata_towire(), dns_rdataset_next(),
- *	dns_name_towire().
- */
-
-isc_result_t
-dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,
-		       dns_rdatatype_t type, dns_rdataset_t *rdataset);
-/*%<
- * Search the negative caching rdataset for an rdataset with the
- * specified name and type.
- *
- * Requires:
- *\li	'ncacherdataset' is a valid negative caching rdataset.
- *
- *\li	'ncacherdataset' is not empty.
- *
- *\li	'name' is a valid name.
- *
- *\li	'type' is not SIG, or a meta-RR type.
- *
- *\li	'rdataset' is a valid disassociated rdataset.
- *
- * Ensures:
- *\li	On a return of ISC_R_SUCCESS, 'rdataset' is bound to the found
- *	rdataset.
- *
- * Returns:
- *\li	#ISC_R_SUCCESS		- the rdataset was found.
- *\li	#ISC_R_NOTFOUND		- the rdataset was not found.
- *
- */
-
-isc_result_t
-dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,
-			  dns_rdatatype_t covers, dns_rdataset_t *rdataset);
-/*%<
- * Similar to dns_ncache_getrdataset() but get the rrsig that matches.
- */
-
-void
-dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found,
-		   dns_rdataset_t *rdataset);
-
-/*%<
- * Extract the current rdataset and name from a ncache entry.
- *
- * Requires:
- * \li	'ncacherdataset' to be valid and to be a negative cache entry
- * \li	'found' to be valid.
- * \li	'rdataset' to be unassociated.
- */
-
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_NCACHE_H */
diff --git a/usr.sbin/bind/lib/dns/include/dns/rdataset.h b/usr.sbin/bind/lib/dns/include/dns/rdataset.h
index 97d58273d4f..7b17c7ecd93 100644
--- a/usr.sbin/bind/lib/dns/include/dns/rdataset.h
+++ b/usr.sbin/bind/lib/dns/include/dns/rdataset.h
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rdataset.h,v 1.11 2020/01/28 17:17:05 florian Exp $ */
+/* $Id: rdataset.h,v 1.12 2020/02/04 19:38:54 florian Exp $ */
 
 #ifndef DNS_RDATASET_H
 #define DNS_RDATASET_H 1
@@ -205,7 +205,6 @@ struct dns_rdataset {
 #define DNS_RDATASETATTR_RESIGN		0x00040000
 #define DNS_RDATASETATTR_CLOSEST	0x00080000
 #define DNS_RDATASETATTR_OPTOUT		0x00100000	/*%< OPTOUT proof */
-#define DNS_RDATASETATTR_NEGATIVE	0x00200000
 #define DNS_RDATASETATTR_PREFETCH	0x00400000
 
 /*%
diff --git a/usr.sbin/bind/lib/dns/masterdump.c b/usr.sbin/bind/lib/dns/masterdump.c
index 1e901d8e52a..2e5014c1be1 100644
--- a/usr.sbin/bind/lib/dns/masterdump.c
+++ b/usr.sbin/bind/lib/dns/masterdump.c
@@ -18,11 +18,11 @@
 
 #include <limits.h>
 #include <stdlib.h>
+#include <string.h>
 
 #include <isc/event.h>
 #include <isc/magic.h>
 #include <isc/stdio.h>
-#include <string.h>
 #include <isc/task.h>
 #include <isc/time.h>
 #include <isc/types.h>
@@ -33,7 +33,6 @@
 #include <dns/lib.h>
 #include <dns/log.h>
 #include <dns/masterdump.h>
-#include <dns/ncache.h>
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
@@ -343,52 +342,6 @@ str_totext(const char *source, isc_buffer_t *target) {
 	return (ISC_R_SUCCESS);
 }
 
-static isc_result_t
-ncache_summary(dns_rdataset_t *rdataset, isc_boolean_t omit_final_dot,
-	       isc_buffer_t *target)
-{
-	isc_result_t result = ISC_R_SUCCESS;
-	dns_rdataset_t rds;
-	dns_name_t name;
-
-	dns_rdataset_init(&rds);
-	dns_name_init(&name, NULL);
-
-	do {
-		dns_ncache_current(rdataset, &name, &rds);
-		for (result = dns_rdataset_first(&rds);
-		     result == ISC_R_SUCCESS;
-		     result = dns_rdataset_next(&rds)) {
-			CHECK(str_totext("; ", target));
-			CHECK(dns_name_totext(&name, omit_final_dot, target));
-			CHECK(str_totext(" ", target));
-			CHECK(dns_rdatatype_totext(rds.type, target));
-			if (rds.type == dns_rdatatype_rrsig) {
-				CHECK(str_totext(" ", target));
-				CHECK(dns_rdatatype_totext(rds.covers, target));
-				CHECK(str_totext(" ...\n", target));
-			} else {
-				dns_rdata_t rdata = DNS_RDATA_INIT;
-				dns_rdataset_current(&rds, &rdata);
-				CHECK(str_totext(" ", target));
-				CHECK(dns_rdata_tofmttext(&rdata, dns_rootname,
-							  0, 0, 0, " ", target));
-				CHECK(str_totext("\n", target));
-			}
-		}
-		dns_rdataset_disassociate(&rds);
-		result = dns_rdataset_next(rdataset);
-	} while (result == ISC_R_SUCCESS);
-
-	if (result == ISC_R_NOMORE)
-		result = ISC_R_SUCCESS;
- cleanup:
-	if (dns_rdataset_isassociated(&rds))
-		dns_rdataset_disassociate(&rds);
-
-	return (result);
-}
-
 /*
  * Convert 'rdataset' to master file text format according to 'ctx',
  * storing the result in 'target'.  If 'owner_name' is NULL, it
@@ -496,16 +449,10 @@ rdataset_totext(dns_rdataset_t *rdataset,
 		 * Type.
 		 */
 
-		if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
-			type = rdataset->covers;
-		} else {
-			type = rdataset->type;
-		}
+		type = rdataset->type;
 
 		INDENT_TO(type_column);
 		type_start = target->used;
-		if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
-			RETERR(str_totext("\\-", target));
 		switch (type) {
 		case dns_rdatatype_keydata:
 #define KEYDATA "KEYDATA"
@@ -528,19 +475,7 @@ rdataset_totext(dns_rdataset_t *rdataset,
 		 * Rdata.
 		 */
 		INDENT_TO(rdata_column);
-		if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
-			if (NXDOMAIN(rdataset))
-				RETERR(str_totext(";-$NXDOMAIN\n", target));
-			else
-				RETERR(str_totext(";-$NXRRSET\n", target));
-			/*
-			 * Print a summary of the cached records which make
-			 * up the negative response.
-			 */
-			RETERR(ncache_summary(rdataset, omit_final_dot,
-					      target));
-			break;
-		} else {
+		{
 			dns_rdata_t rdata = DNS_RDATA_INIT;
 			isc_region_t r;
 
diff --git a/usr.sbin/bind/lib/dns/ncache.c b/usr.sbin/bind/lib/dns/ncache.c
deleted file mode 100644
index e9a1824403e..00000000000
--- a/usr.sbin/bind/lib/dns/ncache.c
+++ /dev/null
@@ -1,529 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: ncache.c,v 1.12 2020/01/28 17:17:05 florian Exp $ */
-
-/*! \file */
-
-
-
-#include <isc/buffer.h>
-#include <isc/util.h>
-
-
-#include <dns/message.h>
-#include <dns/ncache.h>
-#include <dns/rdata.h>
-#include <dns/rdatalist.h>
-#include <dns/rdataset.h>
-#include "rdatastruct.h"
-
-#define DNS_NCACHE_RDATA 20U
-
-/*
- * The format of an ncache rdata is a sequence of zero or more records of
- * the following format:
- *
- *	owner name
- *	type
- *	trust
- *	rdata count
- *		rdata length			These two occur 'rdata count'
- *		rdata				times.
- *
- */
-
-isc_result_t
-dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx,
-		  isc_buffer_t *target, unsigned int options,
-		  unsigned int *countp)
-{
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	isc_result_t result;
-	isc_region_t remaining, tavailable;
-	isc_buffer_t source, savedbuffer, rdlen;
-	dns_name_t name;
-	dns_rdatatype_t type;
-	unsigned int i, rcount, count;
-
-	/*
-	 * Convert the negative caching rdataset 'rdataset' to wire format,
-	 * compressing names as specified in 'cctx', and storing the result in
-	 * 'target'.
-	 */
-
-	REQUIRE(rdataset != NULL);
-	REQUIRE(rdataset->type == 0);
-	REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
-
-	savedbuffer = *target;
-	count = 0;
-
-	result = dns_rdataset_first(rdataset);
-	while (result == ISC_R_SUCCESS) {
-		dns_rdataset_current(rdataset, &rdata);
-		isc_buffer_init(&source, rdata.data, rdata.length);
-		isc_buffer_add(&source, rdata.length);
-		dns_name_init(&name, NULL);
-		isc_buffer_remainingregion(&source, &remaining);
-		dns_name_fromregion(&name, &remaining);
-		INSIST(remaining.length >= name.length);
-		isc_buffer_forward(&source, name.length);
-		remaining.length -= name.length;
-
-		INSIST(remaining.length >= 5);
-		type = isc_buffer_getuint16(&source);
-		isc_buffer_forward(&source, 1);
-		rcount = isc_buffer_getuint16(&source);
-
-		for (i = 0; i < rcount; i++) {
-			/*
-			 * Get the length of this rdata and set up an
-			 * rdata structure for it.
-			 */
-			isc_buffer_remainingregion(&source, &remaining);
-			INSIST(remaining.length >= 2);
-			dns_rdata_reset(&rdata);
-			rdata.length = isc_buffer_getuint16(&source);
-			isc_buffer_remainingregion(&source, &remaining);
-			rdata.data = remaining.base;
-			rdata.type = type;
-			rdata.rdclass = rdataset->rdclass;
-			INSIST(remaining.length >= rdata.length);
-			isc_buffer_forward(&source, rdata.length);
-
-			if ((options & DNS_NCACHETOWIRE_OMITDNSSEC) != 0 &&
-			    dns_rdatatype_isdnssec(type))
-				continue;
-
-			/*
-			 * Write the name.
-			 */
-			dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14);
-			result = dns_name_towire(&name, cctx, target);
-			if (result != ISC_R_SUCCESS)
-				goto rollback;
-
-			/*
-			 * See if we have space for type, class, ttl, and
-			 * rdata length.  Write the type, class, and ttl.
-			 */
-			isc_buffer_availableregion(target, &tavailable);
-			if (tavailable.length < 10) {
-				result = ISC_R_NOSPACE;
-				goto rollback;
-			}
-			isc_buffer_putuint16(target, type);
-			isc_buffer_putuint16(target, rdataset->rdclass);
-			isc_buffer_putuint32(target, rdataset->ttl);
-
-			/*
-			 * Save space for rdata length.
-			 */
-			rdlen = *target;
-			isc_buffer_add(target, 2);
-
-			/*
-			 * Write the rdata.
-			 */
-			result = dns_rdata_towire(&rdata, cctx, target);
-			if (result != ISC_R_SUCCESS)
-				goto rollback;
-
-			/*
-			 * Set the rdata length field to the compressed
-			 * length.
-			 */
-			INSIST((target->used >= rdlen.used + 2) &&
-			       (target->used - rdlen.used - 2 < 65536));
-			isc_buffer_putuint16(&rdlen,
-					     (uint16_t)(target->used -
-							    rdlen.used - 2));
-
-			count++;
-		}
-		INSIST(isc_buffer_remaininglength(&source) == 0);
-		result = dns_rdataset_next(rdataset);
-		dns_rdata_reset(&rdata);
-	}
-	if (result != ISC_R_NOMORE)
-		goto rollback;
-
-	*countp = count;
-
-	return (ISC_R_SUCCESS);
-
- rollback:
-	INSIST(savedbuffer.used < 65536);
-	dns_compress_rollback(cctx, (uint16_t)savedbuffer.used);
-	*countp = 0;
-	*target = savedbuffer;
-
-	return (result);
-}
-
-static void
-rdataset_disassociate(dns_rdataset_t *rdataset) {
-	UNUSED(rdataset);
-}
-
-static isc_result_t
-rdataset_first(dns_rdataset_t *rdataset) {
-	unsigned char *raw = rdataset->private3;
-	unsigned int count;
-
-	count = raw[0] * 256 + raw[1];
-	if (count == 0) {
-		rdataset->private5 = NULL;
-		return (ISC_R_NOMORE);
-	}
-	raw += 2;
-	/*
-	 * The privateuint4 field is the number of rdata beyond the cursor
-	 * position, so we decrement the total count by one before storing
-	 * it.
-	 */
-	count--;
-	rdataset->privateuint4 = count;
-	rdataset->private5 = raw;
-
-	return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-rdataset_next(dns_rdataset_t *rdataset) {
-	unsigned int count;
-	unsigned int length;
-	unsigned char *raw;
-
-	count = rdataset->privateuint4;
-	if (count == 0)
-		return (ISC_R_NOMORE);
-	count--;
-	rdataset->privateuint4 = count;
-	raw = rdataset->private5;
-	length = raw[0] * 256 + raw[1];
-	raw += length + 2;
-	rdataset->private5 = raw;
-
-	return (ISC_R_SUCCESS);
-}
-
-static void
-rdataset_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) {
-	unsigned char *raw = rdataset->private5;
-	isc_region_t r;
-
-	REQUIRE(raw != NULL);
-
-	r.length = raw[0] * 256 + raw[1];
-	raw += 2;
-	r.base = raw;
-	dns_rdata_fromregion(rdata, rdataset->rdclass, rdataset->type, &r);
-}
-
-static void
-rdataset_clone(dns_rdataset_t *source, dns_rdataset_t *target) {
-	*target = *source;
-
-	/*
-	 * Reset iterator state.
-	 */
-	target->privateuint4 = 0;
-	target->private5 = NULL;
-}
-
-static unsigned int
-rdataset_count(dns_rdataset_t *rdataset) {
-	unsigned char *raw = rdataset->private3;
-	unsigned int count;
-
-	count = raw[0] * 256 + raw[1];
-
-	return (count);
-}
-
-static void
-rdataset_settrust(dns_rdataset_t *rdataset, dns_trust_t trust) {
-	unsigned char *raw = rdataset->private3;
-
-	raw[-1] = (unsigned char)trust;
-}
-
-static dns_rdatasetmethods_t rdataset_methods = {
-	rdataset_disassociate,
-	rdataset_first,
-	rdataset_next,
-	rdataset_current,
-	rdataset_clone,
-	rdataset_count,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	rdataset_settrust,
-	NULL,
-	NULL
-};
-
-isc_result_t
-dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,
-		       dns_rdatatype_t type, dns_rdataset_t *rdataset)
-{
-	isc_result_t result;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	isc_region_t remaining;
-	isc_buffer_t source;
-	dns_name_t tname;
-	dns_rdatatype_t ttype;
-	dns_trust_t trust = dns_trust_none;
-	dns_rdataset_t rclone;
-
-	REQUIRE(ncacherdataset != NULL);
-	REQUIRE(ncacherdataset->type == 0);
-	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
-	REQUIRE(name != NULL);
-	REQUIRE(!dns_rdataset_isassociated(rdataset));
-	REQUIRE(type != dns_rdatatype_rrsig);
-
-	dns_rdataset_init(&rclone);
-	dns_rdataset_clone(ncacherdataset, &rclone);
-	result = dns_rdataset_first(&rclone);
-	while (result == ISC_R_SUCCESS) {
-		dns_rdataset_current(&rclone, &rdata);
-		isc_buffer_init(&source, rdata.data, rdata.length);
-		isc_buffer_add(&source, rdata.length);
-		dns_name_init(&tname, NULL);
-		isc_buffer_remainingregion(&source, &remaining);
-		dns_name_fromregion(&tname, &remaining);
-		INSIST(remaining.length >= tname.length);
-		isc_buffer_forward(&source, tname.length);
-		remaining.length -= tname.length;
-
-		INSIST(remaining.length >= 3);
-		ttype = isc_buffer_getuint16(&source);
-
-		if (ttype == type && dns_name_equal(&tname, name)) {
-			trust = isc_buffer_getuint8(&source);
-			INSIST(trust <= dns_trust_ultimate);
-			isc_buffer_remainingregion(&source, &remaining);
-			break;
-		}
-		result = dns_rdataset_next(&rclone);
-		dns_rdata_reset(&rdata);
-	}
-	dns_rdataset_disassociate(&rclone);
-	if (result == ISC_R_NOMORE)
-		return (ISC_R_NOTFOUND);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	INSIST(remaining.length != 0);
-
-	rdataset->methods = &rdataset_methods;
-	rdataset->rdclass = ncacherdataset->rdclass;
-	rdataset->type = type;
-	rdataset->covers = 0;
-	rdataset->ttl = ncacherdataset->ttl;
-	rdataset->trust = trust;
-	rdataset->private1 = NULL;
-	rdataset->private2 = NULL;
-
-	rdataset->private3 = remaining.base;
-
-	/*
-	 * Reset iterator state.
-	 */
-	rdataset->privateuint4 = 0;
-	rdataset->private5 = NULL;
-	rdataset->private6 = NULL;
-	return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,
-			  dns_rdatatype_t covers, dns_rdataset_t *rdataset)
-{
-	dns_name_t tname;
-	dns_rdata_rrsig_t rrsig;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	dns_rdataset_t rclone;
-	dns_rdatatype_t type;
-	dns_trust_t trust = dns_trust_none;
-	isc_buffer_t source;
-	isc_region_t remaining, sigregion;
-	isc_result_t result;
-	unsigned char *raw;
-	unsigned int count;
-
-	REQUIRE(ncacherdataset != NULL);
-	REQUIRE(ncacherdataset->type == 0);
-	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
-	REQUIRE(name != NULL);
-	REQUIRE(!dns_rdataset_isassociated(rdataset));
-
-	dns_rdataset_init(&rclone);
-	dns_rdataset_clone(ncacherdataset, &rclone);
-	result = dns_rdataset_first(&rclone);
-	while (result == ISC_R_SUCCESS) {
-		dns_rdataset_current(&rclone, &rdata);
-		isc_buffer_init(&source, rdata.data, rdata.length);
-		isc_buffer_add(&source, rdata.length);
-		dns_name_init(&tname, NULL);
-		isc_buffer_remainingregion(&source, &remaining);
-		dns_name_fromregion(&tname, &remaining);
-		INSIST(remaining.length >= tname.length);
-		isc_buffer_forward(&source, tname.length);
-		isc_region_consume(&remaining, tname.length);
-
-		INSIST(remaining.length >= 2);
-		type = isc_buffer_getuint16(&source);
-		isc_region_consume(&remaining, 2);
-
-		if (type != dns_rdatatype_rrsig ||
-		    !dns_name_equal(&tname, name)) {
-			result = dns_rdataset_next(&rclone);
-			dns_rdata_reset(&rdata);
-			continue;
-		}
-
-		INSIST(remaining.length >= 1);
-		trust = isc_buffer_getuint8(&source);
-		INSIST(trust <= dns_trust_ultimate);
-		isc_region_consume(&remaining, 1);
-
-		raw = remaining.base;
-		count = raw[0] * 256 + raw[1];
-		INSIST(count > 0);
-		raw += 2;
-		sigregion.length = raw[0] * 256 + raw[1];
-		raw += 2;
-		sigregion.base = raw;
-		dns_rdata_reset(&rdata);
-		dns_rdata_fromregion(&rdata, rdataset->rdclass,
-				     dns_rdatatype_rrsig, &sigregion);
-		(void)dns_rdata_tostruct(&rdata, &rrsig);
-		if (rrsig.covered == covers) {
-			isc_buffer_remainingregion(&source, &remaining);
-			break;
-		}
-
-		result = dns_rdataset_next(&rclone);
-		dns_rdata_reset(&rdata);
-	}
-	dns_rdataset_disassociate(&rclone);
-	if (result == ISC_R_NOMORE)
-		return (ISC_R_NOTFOUND);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	INSIST(remaining.length != 0);
-
-	rdataset->methods = &rdataset_methods;
-	rdataset->rdclass = ncacherdataset->rdclass;
-	rdataset->type = dns_rdatatype_rrsig;
-	rdataset->covers = covers;
-	rdataset->ttl = ncacherdataset->ttl;
-	rdataset->trust = trust;
-	rdataset->private1 = NULL;
-	rdataset->private2 = NULL;
-
-	rdataset->private3 = remaining.base;
-
-	/*
-	 * Reset iterator state.
-	 */
-	rdataset->privateuint4 = 0;
-	rdataset->private5 = NULL;
-	rdataset->private6 = NULL;
-	return (ISC_R_SUCCESS);
-}
-
-void
-dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found,
-		   dns_rdataset_t *rdataset)
-{
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	dns_trust_t trust;
-	isc_region_t remaining, sigregion;
-	isc_buffer_t source;
-	dns_name_t tname;
-	dns_rdatatype_t type;
-	unsigned int count;
-	dns_rdata_rrsig_t rrsig;
-	unsigned char *raw;
-
-	REQUIRE(ncacherdataset != NULL);
-	REQUIRE(ncacherdataset->type == 0);
-	REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
-	REQUIRE(found != NULL);
-	REQUIRE(!dns_rdataset_isassociated(rdataset));
-
-	dns_rdataset_current(ncacherdataset, &rdata);
-	isc_buffer_init(&source, rdata.data, rdata.length);
-	isc_buffer_add(&source, rdata.length);
-
-	dns_name_init(&tname, NULL);
-	isc_buffer_remainingregion(&source, &remaining);
-	dns_name_fromregion(found, &remaining);
-	INSIST(remaining.length >= found->length);
-	isc_buffer_forward(&source, found->length);
-	remaining.length -= found->length;
-
-	INSIST(remaining.length >= 5);
-	type = isc_buffer_getuint16(&source);
-	trust = isc_buffer_getuint8(&source);
-	INSIST(trust <= dns_trust_ultimate);
-	isc_buffer_remainingregion(&source, &remaining);
-
-	rdataset->methods = &rdataset_methods;
-	rdataset->rdclass = ncacherdataset->rdclass;
-	rdataset->type = type;
-	if (type == dns_rdatatype_rrsig) {
-		/*
-		 * Extract covers from RRSIG.
-		 */
-		raw = remaining.base;
-		count = raw[0] * 256 + raw[1];
-		INSIST(count > 0);
-		raw += 2;
-		sigregion.length = raw[0] * 256 + raw[1];
-		raw += 2;
-		sigregion.base = raw;
-		dns_rdata_reset(&rdata);
-		dns_rdata_fromregion(&rdata, rdataset->rdclass,
-				     rdataset->type, &sigregion);
-		(void)dns_rdata_tostruct(&rdata, &rrsig);
-		rdataset->covers = rrsig.covered;
-	} else
-		rdataset->covers = 0;
-	rdataset->ttl = ncacherdataset->ttl;
-	rdataset->trust = trust;
-	rdataset->private1 = NULL;
-	rdataset->private2 = NULL;
-
-	rdataset->private3 = remaining.base;
-
-	/*
-	 * Reset iterator state.
-	 */
-	rdataset->privateuint4 = 0;
-	rdataset->private5 = NULL;
-	rdataset->private6 = NULL;
-}
diff --git a/usr.sbin/bind/lib/dns/rdataset.c b/usr.sbin/bind/lib/dns/rdataset.c
index 63727fa8b57..81d84d69ba3 100644
--- a/usr.sbin/bind/lib/dns/rdataset.c
+++ b/usr.sbin/bind/lib/dns/rdataset.c
@@ -16,19 +16,14 @@
 
 /*! \file */
 
-
-
 #include <stdint.h>
 #include <stdlib.h>
 
 #include <isc/buffer.h>
-
-
 #include <isc/serial.h>
 #include <isc/util.h>
 
 #include <dns/name.h>
-#include <dns/ncache.h>
 #include <dns/rdata.h>
 #include <dns/rdataset.h>
 #include <dns/compress.h>
@@ -346,15 +341,6 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
 		count = 1;
 		result = dns_rdataset_first(rdataset);
 		INSIST(result == ISC_R_NOMORE);
-	} else if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
-		/*
-		 * This is a negative caching rdataset.
-		 */
-		unsigned int ncache_opts = 0;
-		if ((options & DNS_RDATASETTOWIRE_OMITDNSSEC) != 0)
-			ncache_opts |= DNS_NCACHETOWIRE_OMITDNSSEC;
-		return (dns_ncache_towire(rdataset, cctx, target, ncache_opts,
-					  countp));
 	} else {
 		count = (rdataset->methods->count)(rdataset);
 		result = dns_rdataset_first(rdataset);