diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 1466bb39e3..5e9a2c2399 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: dnssec.c,v 1.7 1999/09/30 02:50:54 bwelling Exp $
+ * $Id: dnssec.c,v 1.8 1999/10/07 21:51:49 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -38,9 +38,11 @@
 
 #include <dns/db.h>
 #include <dns/keyvalues.h>
+#include <dns/message.h>
 #include <dns/name.h>
 #include <dns/rdata.h>
 #include <dns/rdataset.h>
+#include <dns/rdatalist.h>
 #include <dns/rdatastruct.h>
 #include <dns/dnssec.h>
 
@@ -262,13 +264,9 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	sig.common.rdtype = dns_rdatatype_sig;
 	ISC_LINK_INIT(&sig.common, link);
 
-	sig.signer = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
-	if (sig.signer == NULL) {
-		ret = ISC_R_NOMEMORY;
-	}
-	ret = keyname_to_name(dst_key_name(key), mctx, sig.signer);
+	ret = keyname_to_name(dst_key_name(key), mctx, &sig.signer);
 	if (ret != ISC_R_SUCCESS)
-		goto cleanup_signer;
+		return (ret);
 
 	sig.covered = set->type;
 	sig.algorithm = dst_key_alg(key);
@@ -279,12 +277,11 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	sig.timesigned = *inception;
 	sig.timeexpire = *expire;
 	sig.keyid = dst_key_id(key);
-	sig.siglen = dst_sig_size(key);
-	if (sig.siglen < 0) {
+	if (dst_sig_size(key) < 0) {
 		/* close enough for now */
 		return (DNS_R_KEYUNAUTHORIZED);
-		goto cleanup_signer;
 	}
+	sig.siglen = dst_sig_size(key);
 	sig.signature = isc_mem_get(mctx, sig.siglen);
 	if (sig.signature == NULL)
 		goto cleanup_name;
@@ -370,9 +367,7 @@ cleanup_array:
 cleanup_signature:
 	isc_mem_put(mctx, sig.signature, sig.siglen);
 cleanup_name:
-	dns_name_free(sig.signer, mctx);
-cleanup_signer:
-	isc_mem_put(mctx, sig.signer, sizeof(dns_name_t));
+	dns_name_free(&sig.signer, mctx);
 
 	return (ret);
 }
diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
index 355c8882a4..3477982823 100644
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tsig.c,v 1.13 1999/10/05 19:50:10 halley Exp $
+ * $Id: tsig.c,v 1.14 1999/10/07 21:51:49 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -183,7 +183,7 @@ dns_tsig_sign(dns_message_t *msg) {
 	REQUIRE(msg->tsig == NULL);
 
 	/* If this is a response, there should be a query tsig */
-	if (is_response(msg) && msg->querytsig != NULL)
+	if (is_response(msg) && msg->querytsig == NULL)
 		return (DNS_R_EXPECTEDTSIG);
 
 	dynbuf = NULL;
@@ -199,13 +199,8 @@ dns_tsig_sign(dns_message_t *msg) {
 	tsig->common.rdclass = dns_rdataclass_any;
 	tsig->common.rdtype = dns_rdatatype_tsig;
 	ISC_LINK_INIT(&tsig->common, link);
-	tsig->algorithm = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
-	if (tsig->algorithm == NULL) {
-		ret = ISC_R_NOMEMORY;
-		goto cleanup_struct;
-	}
-	dns_name_init(tsig->algorithm, NULL);
-	ret = dns_name_dup(&key->algorithm, mctx, tsig->algorithm);
+	dns_name_init(&tsig->algorithm, NULL);
+	ret = dns_name_dup(&key->algorithm, mctx, &tsig->algorithm);
 	if (ret != ISC_R_SUCCESS)
 		goto cleanup_struct;
 
@@ -300,7 +295,7 @@ dns_tsig_sign(dns_message_t *msg) {
 			if (ret != ISC_R_SUCCESS)
 				goto cleanup_other;
 
-			dns_name_toregion(tsig->algorithm, &r);
+			dns_name_toregion(&tsig->algorithm, &r);
 			ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
 				       NULL);
 			if (ret != ISC_R_SUCCESS)
@@ -421,7 +416,7 @@ cleanup_other:
 	if (tsig->other != NULL)
 		isc_mem_put(mctx, tsig->other, tsig->otherlen);
 cleanup_algorithm:
-	dns_name_free(tsig->algorithm, mctx);
+	dns_name_free(&tsig->algorithm, mctx);
 cleanup_struct:
 	msg->tsig = NULL;
 	isc_mem_put(mctx, tsig, sizeof(dns_rdata_any_tsig_t));
@@ -494,14 +489,14 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 	/* Do the key name and algorithm match that of the query? */
 	if (is_response(msg) &&
 	    (!dns_name_equal(keyname, &msg->tsigkey->name) ||
-	     !dns_name_equal(tsig->algorithm, msg->querytsig->algorithm)))
+	     !dns_name_equal(&tsig->algorithm, &msg->querytsig->algorithm)))
 	{
 		msg->tsigstatus = dns_tsigerror_badkey;
 		return (DNS_R_TSIGVERIFYFAILURE);
 	}
 
 	/* Find dns_tsig_key_t based on keyname */
-	ret = dns_tsig_findkey(&tsigkey, keyname, tsig->algorithm); 
+	ret = dns_tsig_findkey(&tsigkey, keyname, &tsig->algorithm); 
 	if (ret != ISC_R_SUCCESS) {
 		msg->tsigstatus = dns_tsigerror_badkey;
 		msg->tsigkey = NULL;
@@ -509,7 +504,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 		 * this key must be deleted later - an empty key can be found
 		 * by calling dns_tsig_emptykey()
 		 */
-		ret = dns_tsig_key_create(keyname, tsig->algorithm, NULL, 0,
+		ret = dns_tsig_key_create(keyname, &tsig->algorithm, NULL, 0,
 					   mctx, &msg->tsigkey);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_struct;
@@ -714,7 +709,8 @@ dns_tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
 	
 		/* Do the key name and algorithm match that of the query? */
 		if (!dns_name_equal(keyname, &msg->tsigkey->name) ||
-		    !dns_name_equal(tsig->algorithm, msg->querytsig->algorithm))
+		    !dns_name_equal(&tsig->algorithm,
+				    &msg->querytsig->algorithm))
 		{
 			msg->tsigstatus = dns_tsigerror_badkey;
 			return (DNS_R_TSIGVERIFYFAILURE);