+ In the unbound-prototype, we split the CNAME chain and then
+ requeried for each element of the chain. This would allow us to
+ re-determine the chain of trust for each element. In this code,
+ however, since we don't have a facility (nor want one) to establish
+ chains of trust, we are going to try and validate the response in
+ one pass. Note that we have to account for wildcard CNAME
+ expressions, as well as validate the end-of-chain.