diff --git a/lib/dns/include/dns/tsig.h b/lib/dns/include/dns/tsig.h
index 07b54032c9..3a02ba2854 100644
--- a/lib/dns/include/dns/tsig.h
+++ b/lib/dns/include/dns/tsig.h
@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: tsig.h,v 1.26 2000/07/21 20:53:59 bwelling Exp $ */
+/* $Id: tsig.h,v 1.27 2000/07/21 22:38:31 bwelling Exp $ */
 
 #ifndef DNS_TSIG_H
 #define DNS_TSIG_H 1
@@ -155,7 +155,7 @@ dns_tsig_sign(dns_message_t *msg);
 
 isc_result_t
 dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
-		dns_tsig_keyring_t *sring, dns_tsig_keyring_t *dring);
+		dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2);
 /*
  *	Verifies the TSIG record in this message
  *
@@ -165,8 +165,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
  *		'msg->tsigkey' is a valid TSIG key if this is a response
  *		'msg->tsig' is NULL
  *		'msg->querytsig' is not NULL if this is a response
- *		'sring' is a valid keyring or NULL
- *		'dring' is a valid keyring or NULL
+ *		'ring1' and 'ring2' are each either a valid keyring or NULL
  *
  *	Returns:
  *		ISC_R_SUCCESS
diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
index 8e6547893a..90599f1097 100644
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tsig.c,v 1.76 2000/07/21 20:53:58 bwelling Exp $
+ * $Id: tsig.c,v 1.77 2000/07/21 22:38:29 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -549,7 +549,7 @@ cleanup_other:
 
 isc_result_t
 dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
-		dns_tsig_keyring_t *sring, dns_tsig_keyring_t *dring)
+		dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2)
 {
 	dns_rdata_any_tsig_t tsig, querytsig;
 	isc_region_t r, source_r, header_r, sig_r;
@@ -636,15 +636,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
 	 */
 	if (tsigkey == NULL) {
 		ret = ISC_R_NOTFOUND;
-		if (sring != NULL)
+		if (ring1 != NULL)
 			ret = dns_tsigkey_find(&tsigkey, keyname,
-					       &tsig.algorithm, sring); 
-		if (ret == ISC_R_NOTFOUND && dring != NULL)
+					       &tsig.algorithm, ring1); 
+		if (ret == ISC_R_NOTFOUND && ring2 != NULL)
 			ret = dns_tsigkey_find(&tsigkey, keyname,
-					       &tsig.algorithm, dring);
+					       &tsig.algorithm, ring2);
 		if (ret != ISC_R_SUCCESS) {
-			if (dring == NULL)
-				return (DNS_R_TSIGVERIFYFAILURE);
 			msg->tsigstatus = dns_tsigerror_badkey;
 			ret = dns_tsigkey_create(keyname, &tsig.algorithm,
 						 NULL, 0, ISC_FALSE, NULL,