diff --git a/src/knot/server/name-server.c b/src/knot/server/name-server.c
index cac9b3f6aa099ffe767811ec06beae2e8b5cb550..792a10f16a63369e0826b3b15d2ddb1d925ba252 100644
--- a/src/knot/server/name-server.c
+++ b/src/knot/server/name-server.c
@@ -10,27 +10,52 @@
 #include "knot/stat/stat.h"
 #include "dnslib/dnslib.h"
 #include "dnslib/debug.h"
+#include "other/error.h"
 
-//static const uint8_t  RCODE_MASK           = 0xf0;
-static const int      OFFSET_FLAGS2        = 3;
-static const size_t   RR_FIXED_SIZE        = 10;
-static const size_t   QUESTION_FIXED_SIZE  = 4;
+/*----------------------------------------------------------------------------*/
+
+/*! \brief Maximum UDP payload with EDNS enabled. */
 static const uint16_t MAX_UDP_PAYLOAD_EDNS = 4096;
+/*! \brief Maximum UDP payload with EDNS disabled. */
 static const uint16_t MAX_UDP_PAYLOAD      = 512;
+/*! \brief Supported EDNS version. */
 static const uint8_t  EDNS_VERSION         = 0;
-static const uint8_t  OPT_SIZE             = 11;
+/*! \brief Determines whether EDNS is enabled. */
 static const int      EDNS_ENABLED         = 1;
+
+/*! \brief TTL of a CNAME synthetized from a DNAME. */
 static const uint32_t SYNTH_CNAME_TTL      = 0;
+
+/*! \brief Determines whether DNSSEC is enabled. */
 static const int      DNSSEC_ENABLED       = 1;
+
+/*! \brief Determines whether NSID is enabled. */
 static const int      NSID_ENABLED         = 1;
+
+/*! \brief Length of NSID option data. */
 static const uint16_t NSID_LENGTH          = 6;
+/*! \brief NSID option data. */
 static const uint8_t  NSID_DATA[6] = {0x46, 0x6f, 0x6f, 0x42, 0x61, 0x72};
+
+/*! \brief Internal error code to propagate need for SERVFAIL response. */
 static const int      NS_ERR_SERVFAIL      = -999;
 
 /*----------------------------------------------------------------------------*/
 /* Private functions                                                          */
 /*----------------------------------------------------------------------------*/
-
+/*!
+ * \brief Prepares wire format of an error response using generic error template
+ *        stored in the nameserver structure.
+ *
+ * The error response will not contain the Question section from the query, just
+ * a header with ID copied from the query and the given RCODE.
+ *
+ * \param nameserver Nameserver structure containing the error template.
+ * \param query_wire Wire format of the query.
+ * \param rcode RCODE to set in the response.
+ * \param response_wire Place for wire format of the response.
+ * \param rsize Size of the error response will be stored here.
+ */
 static inline void ns_error_response(ns_nameserver *nameserver,
                                      const uint8_t *query_wire,
                                      uint8_t rcode,
@@ -47,7 +72,19 @@ static inline void ns_error_response(ns_nameserver *nameserver,
 }
 
 /*----------------------------------------------------------------------------*/
-
+/*!
+ * \brief Finds zone where to search for the QNAME.
+ *
+ * \note As QTYPE DS requires special handling, this function finds a zone for
+ *       a direct predecessor of QNAME in such case.
+ *
+ * \param zdb Zone database where to search for the proper zone.
+ * \param qname QNAME.
+ * \param qtype QTYPE.
+ *
+ * \return Zone to which QNAME belongs (according to QTYPE), or NULL if no such
+ *         zone was found.
+ */
 static const dnslib_zone_t *ns_get_zone_for_qname(dnslib_zonedb_t *zdb,
                                                   const dnslib_dname_t *qname,
                                                   uint16_t qtype)
@@ -76,7 +113,18 @@ static const dnslib_zone_t *ns_get_zone_for_qname(dnslib_zonedb_t *zdb,
 }
 
 /*----------------------------------------------------------------------------*/
-
+/*!
+ * \brief Synthetizes RRSet from a wildcard RRSet using the given QNAME.
+ *
+ * The synthetized RRSet is identical to the wildcard RRSets, except that the
+ * owner name is replaced by \a qname.
+ *
+ * \param wildcard_rrset Wildcard RRSet to synthetize from.
+ * \param qname Domain name to be used as the owner of the synthetized RRset.
+ *
+ * \return The synthetized RRSet (this is a newly created RRSet, remember to
+ *         free it).
+ */
 dnslib_rrset_t *ns_synth_from_wildcard(const dnslib_rrset_t *wildcard_rrset,
                                        const dnslib_dname_t *qname)
 {
@@ -122,7 +170,16 @@ dnslib_rrset_t *ns_synth_from_wildcard(const dnslib_rrset_t *wildcard_rrset,
 }
 
 /*----------------------------------------------------------------------------*/
-
+/*!
+ * \brief Checks if the given RRSet is a wildcard RRSet and replaces it with
+ *        a synthetized RRSet if required.
+ *
+ * \param name Domain name to be used as the owner of the possibly synthetized
+ *             RRSet
+ * \param resp Response to which the synthetized RRSet should be stored (as a
+ *             temporary RRSet).
+ * \param rrset RRSet to check (and possibly replace).
+ */
 static void ns_check_wildcard(const dnslib_dname_t *name,
                               dnslib_response_t *resp,
                               const dnslib_rrset_t **rrset)
@@ -138,7 +195,26 @@ static void ns_check_wildcard(const dnslib_dname_t *name,
 }
 
 /*----------------------------------------------------------------------------*/
-
+/*!
+ * \brief Adds signatures (RRSIGs) for the given RRSet to the response.
+ *
+ * This function first checks if DNSSEC is enabled and if it was requested in
+ * the response (DO bit set). If not, it does nothing and returns 0. If yes,
+ * it retrieves RRSIGs stored in the RRSet, deals with possible wildcard owner
+ * and adds the RRSIGs to response using the given function (that determines
+ * to which section of the response they will be added).
+ *
+ * \param rrset RRSet to get the RRSIGs from.
+ * \param resp Response where to add the RRSIGs.
+ * \param name Actual name to be used as owner in case of wildcard RRSet.
+ * \param add_rrset_to_resp Function for adding the RRSIG RRset to the response.
+ * \param tc Set to 1 if omitting the RRSIG RRSet should result in setting the
+ *           TC bit in the response.
+ *
+ * \return KNOT_EOK
+ * \return DNSLIB_ENOMEM
+ * \return DNSLIB_ESPACE
+ */
 static int ns_add_rrsigs(const dnslib_rrset_t *rrset, dnslib_response_t *resp,
                          const dnslib_dname_t *name,
                          int (*add_rrset_to_resp)(dnslib_response_t *,
@@ -160,11 +236,22 @@ static int ns_add_rrsigs(const dnslib_rrset_t *rrset, dnslib_response_t *resp,
 		return add_rrset_to_resp(resp, rrsigs, tc, 0);
 	}
 
-	return 0;
+	return KNOT_EOK;
 }
 
 /*----------------------------------------------------------------------------*/
-
+/*!
+ * \brief Resolves CNAME chain starting in \a node, stores all the CNAMEs in the
+ *        response and updates \a node and \a qname to the last node in the
+ *        chain.
+ *
+ * \param node Node (possibly) containing a CNAME RR.
+ * \param qname Searched name. Will be updated to the canonical name.
+ * \param resp Response where to add the CNAME RRs.
+ * \param add_rrset_to_resp Function for adding the CNAME RRs to the response.
+ * \param tc Set to 1 if omitting the RRSIG RRSet should result in setting the
+ *           TC bit in the response.
+ */
 static void ns_follow_cname(const dnslib_node_t **node,
                             const dnslib_dname_t **qname,
                             dnslib_response_t *resp,
@@ -217,6 +304,18 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Retrieves RRSet(s) of given type from the given node and adds them to
+ *        the response's Answer section.
+ *
+ * \param node Node where to take the RRSet from.
+ * \param name Actual searched name (used in case of wildcard RRSet(s)).
+ * \param type Type of the RRSet(s). If set to DNSLIB_RRTYPE_ANY, all RRSets
+ *             from the node will be added to the answer.
+ * \param resp Response where to add the RRSets.
+ *
+ * \return Number of RRSets added.
+ */
 static int ns_put_answer(const dnslib_node_t *node, const dnslib_dname_t *name,
                           uint16_t type, dnslib_response_t *resp)
 {
@@ -316,6 +415,23 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Adds RRSets to Additional section of the response.
+ *
+ * This function uses dnslib_rdata_get_name() to get the domain name from the
+ * RDATA of the RRSet according to its type. It also does not search for the
+ * retrieved domain name, but just uses its node field. Thus to work correctly,
+ * the zone where the RRSet is from should be adjusted using
+ * dnslib_zone_adjust_dnames().
+ *
+ * A and AAAA RRSets (and possible CNAMEs) for the found domain names are added.
+ *
+ * \warning Use this function only with types containing some domain name,
+ *          otherwise it will crash (or behave strangely).
+ *
+ * \param resp Response where to add the Additional data.
+ * \param rrset RRSet to get the Additional data for.
+ */
 static void ns_put_additional_for_rrset(dnslib_response_t *resp,
                                         const dnslib_rrset_t *rrset)
 {
@@ -329,7 +445,7 @@ static void ns_put_additional_for_rrset(dnslib_response_t *resp,
 		debug_ns("Getting name from RDATA, type %s..\n",
 			 dnslib_rrtype_to_string(dnslib_rrset_type(rrset)));
 		dname = dnslib_rdata_get_name(rdata,
-					      dnslib_rrset_type(rrset));
+		                              dnslib_rrset_type(rrset));
 		assert(dname != NULL);
 		node = dnslib_dname_node(dname);
 
@@ -393,6 +509,16 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Checks whether the given type requires additional processing.
+ *
+ * Only MX, NS and SRV types require additional processing.
+ *
+ * \param qtype Type to check.
+ *
+ * \retval <> 0 if additional processing is needed for \a qtype.
+ * \retval 0 otherwise.
+ */
 static int ns_additional_needed(uint16_t qtype)
 {
 	return (qtype == DNSLIB_RRTYPE_MX ||
@@ -402,6 +528,15 @@ static int ns_additional_needed(uint16_t qtype)
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Adds whatever Additional RRSets are required for the response.
+ *
+ * For each RRSet in Answer and Authority sections this function checks if
+ * additional processing is needed and if yes, it puts any Additional RRSets
+ * available to the Additional section of the response.
+ *
+ * \param resp Response to process.
+ */
 static void ns_put_additional(dnslib_response_t *resp)
 {
         debug_ns("ADDITIONAL SECTION PROCESSING\n");
@@ -426,6 +561,12 @@ static void ns_put_additional(dnslib_response_t *resp)
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Puts authority NS RRSet to the Auhority section of the response.
+ *
+ * \param zone Zone to take the authority NS RRSet from.
+ * \param resp Response where to add the RRSet.
+ */
 static void ns_put_authority_ns(const dnslib_zone_t *zone,
                                 dnslib_response_t *resp)
 {
@@ -440,6 +581,12 @@ static void ns_put_authority_ns(const dnslib_zone_t *zone,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Puts SOA RRSet to the Auhority section of the response.
+ *
+ * \param zone Zone to take the SOA RRSet from.
+ * \param resp Response where to add the RRSet.
+ */
 static void ns_put_authority_soa(const dnslib_zone_t *zone,
                                  dnslib_response_t *resp)
 {
@@ -454,20 +601,31 @@ static void ns_put_authority_soa(const dnslib_zone_t *zone,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Creates a 'next closer name' to the given domain name.
+ *
+ * For definition of 'next closer name', see RFC5155, Page 6.
+ *
+ * \param closest_encloser Closest encloser of \a name.
+ * \param name Domain name to create the 'next closer' name to.
+ *
+ * \return 'Next closer name' to the given domain name or NULL if an error
+ *         occured.
+ */
 static dnslib_dname_t *ns_next_closer(const dnslib_dname_t *closest_encloser,
-                                      const dnslib_dname_t *qname)
+                                      const dnslib_dname_t *name)
 {
 	int ce_labels = dnslib_dname_label_count(closest_encloser);
-	int qname_labels = dnslib_dname_label_count(qname);
+	int qname_labels = dnslib_dname_label_count(name);
 
 	assert(ce_labels < qname_labels);
 
 	// the common labels should match
-	assert(dnslib_dname_matched_labels(closest_encloser, qname)
+	assert(dnslib_dname_matched_labels(closest_encloser, name)
 	       == ce_labels);
 
 	// chop some labels from the qname
-	dnslib_dname_t *next_closer = dnslib_dname_copy(qname);
+	dnslib_dname_t *next_closer = dnslib_dname_copy(name);
 	if (next_closer == NULL) {
 		return NULL;
 	}
@@ -481,6 +639,13 @@ static dnslib_dname_t *ns_next_closer(const dnslib_dname_t *closest_encloser,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Adds NSEC3 RRSet (together with corresponding RRSIGs) from the given
+ *        node into the response.
+ *
+ * \param node Node to get the NSEC3 RRSet from.
+ * \param resp Response where to add the RRSets.
+ */
 static void ns_put_nsec3_from_node(const dnslib_node_t *node,
                                    dnslib_response_t *resp)
 {
@@ -499,12 +664,24 @@ static void ns_put_nsec3_from_node(const dnslib_node_t *node,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief Finds and adds NSEC3 covering the given domain name (and their
+ *        associated RRSIGs) to the response.
+ *
+ * \param zone Zone where to take the NSEC3s from.
+ * \param name Domain name to cover.
+ * \param resp Response where to add the RRSets.
+ *
+ * \retval KNOT_OK
+ * \retval NS_ERR_SERVFAIL if a runtime collision occured. The server should
+ *                         respond with SERVFAIL in such case.
+ */
 static int ns_put_covering_nsec3(const dnslib_zone_t *zone,
-                                  const dnslib_dname_t *nsec3_name,
-                                  dnslib_response_t *resp)
+                                 const dnslib_dname_t *name,
+                                 dnslib_response_t *resp)
 {
 	const dnslib_node_t *prev, *node;
-	int match = dnslib_zone_find_nsec3_for_name(zone, nsec3_name,
+	int match = dnslib_zone_find_nsec3_for_name(zone, name,
 	                                            &node, &prev);
 
 	if (match == DNSLIB_ZONE_NAME_FOUND){
@@ -520,11 +697,21 @@ DEBUG_NS(
 
 	ns_put_nsec3_from_node(prev, resp);
 
-	return 0;
+	return KNOT_OK;
 }
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param zone
+ * \param closest_encloser
+ * \param qname
+ * \param resp
+ *
+ * \return int
+ */
 static int ns_put_nsec3_closest_encloser_proof(const dnslib_zone_t *zone,
                                          const dnslib_node_t **closest_encloser,
                                          const dnslib_dname_t *qname,
@@ -609,6 +796,12 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param name
+ * \return dnslib_dname_t *
+ */
 static dnslib_dname_t *ns_wildcard_child_name(const dnslib_dname_t *name)
 {
 	assert(name != NULL);
@@ -633,6 +826,14 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param zone
+ * \param node
+ * \param resp
+ * \return int
+ */
 static int ns_put_nsec3_no_wildcard_child(const dnslib_zone_t *zone,
                                           const dnslib_node_t *node,
                                           dnslib_response_t *resp)
@@ -654,6 +855,12 @@ static int ns_put_nsec3_no_wildcard_child(const dnslib_zone_t *zone,
 }
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param node
+ * \param resp
+ */
 static void ns_put_nsec_nsec3_nodata(const dnslib_node_t *node,
                                      dnslib_response_t *resp)
 {
@@ -676,6 +883,16 @@ static void ns_put_nsec_nsec3_nodata(const dnslib_node_t *node,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param qname
+ * \param zone
+ * \param previous
+ * \param closest_encloser
+ * \param resp
+ * \return int
+ */
 static int ns_put_nsec_nxdomain(const dnslib_dname_t *qname,
                                 const dnslib_zone_t *zone,
                                 const dnslib_node_t *previous,
@@ -745,6 +962,15 @@ static int ns_put_nsec_nxdomain(const dnslib_dname_t *qname,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param zone
+ * \param closest_encloser
+ * \param qname
+ * \param resp
+ * \return int
+ */
 static int ns_put_nsec3_nxdomain(const dnslib_zone_t *zone,
                                  const dnslib_node_t *closest_encloser,
                                  const dnslib_dname_t *qname,
@@ -764,6 +990,16 @@ static int ns_put_nsec3_nxdomain(const dnslib_zone_t *zone,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param zone
+ * \param previous
+ * \param closest_encloser
+ * \param qname
+ * \param resp
+ * \return int
+ */
 static int ns_put_nsec_nsec3_nxdomain(const dnslib_zone_t *zone,
                                       const dnslib_node_t *previous,
                                       const dnslib_node_t *closest_encloser,
@@ -785,6 +1021,15 @@ static int ns_put_nsec_nsec3_nxdomain(const dnslib_zone_t *zone,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param zone
+ * \param closest_encloser
+ * \param qname
+ * \param resp
+ * \return int
+ */
 static int ns_put_nsec3_wildcard(const dnslib_zone_t *zone,
                                  const dnslib_node_t *closest_encloser,
                                  const dnslib_dname_t *qname,
@@ -820,6 +1065,15 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param zone
+ * \param qname
+ * \param node
+ * \param previous
+ * \param resp
+ */
 static void ns_put_nsec_wildcard(const dnslib_zone_t *zone,
                                  const dnslib_dname_t *qname,
                                  const dnslib_node_t *node,
@@ -847,6 +1101,17 @@ static void ns_put_nsec_wildcard(const dnslib_zone_t *zone,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param node
+ * \param closest_encloser
+ * \param previous
+ * \param zone
+ * \param qname
+ * \param resp
+ * \return int
+ */
 static int ns_put_nsec_nsec3_wildcard_nodata(const dnslib_node_t *node,
                                           const dnslib_node_t *closest_encloser,
                                           const dnslib_node_t *previous,
@@ -876,6 +1141,17 @@ static int ns_put_nsec_nsec3_wildcard_nodata(const dnslib_node_t *node,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param node
+ * \param closest_encloser
+ * \param previous
+ * \param zone
+ * \param qname
+ * \param resp
+ * \return int
+ */
 static int ns_put_nsec_nsec3_wildcard_answer(const dnslib_node_t *node,
                                           const dnslib_node_t *closest_encloser,
                                           const dnslib_node_t *previous,
@@ -898,6 +1174,15 @@ static int ns_put_nsec_nsec3_wildcard_answer(const dnslib_node_t *node,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param node
+ * \param zone
+ * \param qname
+ * \param resp
+ * \return int
+ */
 static inline int ns_referral(const dnslib_node_t *node,
                               const dnslib_zone_t *zone,
                               const dnslib_dname_t *qname,
@@ -959,6 +1244,18 @@ static inline int ns_referral(const dnslib_node_t *node,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param node
+ * \param closest_encloser
+ * \param previous
+ * \param zone
+ * \param qname
+ * \param qtype
+ * \param resp
+ * \return int
+ */
 static int ns_answer_from_node(const dnslib_node_t *node,
                                const dnslib_node_t *closest_encloser,
                                const dnslib_node_t *previous,
@@ -1001,6 +1298,13 @@ static int ns_answer_from_node(const dnslib_node_t *node,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param dname_rrset
+ * \param qname
+ * \return dnslib_rrset_t *
+ */
 static dnslib_rrset_t *ns_cname_from_dname(const dnslib_rrset_t *dname_rrset,
                                            const dnslib_dname_t *qname)
 {
@@ -1043,6 +1347,13 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param dname_rrset
+ * \param qname
+ * \return int
+ */
 static int ns_dname_is_too_long(const dnslib_rrset_t *dname_rrset,
                                 const dnslib_dname_t *qname)
 {
@@ -1060,6 +1371,13 @@ static int ns_dname_is_too_long(const dnslib_rrset_t *dname_rrset,
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param dname_rrset
+ * \param qname
+ * \param resp
+ */
 static void ns_process_dname(const dnslib_rrset_t *dname_rrset,
                              const dnslib_dname_t *qname,
                              dnslib_response_t *resp)
@@ -1096,6 +1414,12 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param apex
+ * \param resp
+ */
 static void ns_add_dnskey(const dnslib_node_t *apex, dnslib_response_t *resp)
 {
 
@@ -1110,6 +1434,15 @@ static void ns_add_dnskey(const dnslib_node_t *apex, dnslib_response_t *resp)
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param zone
+ * \param qname
+ * \param qtype
+ * \param resp
+ * \return int
+ */
 static int ns_answer_from_zone(const dnslib_zone_t *zone,
                                const dnslib_dname_t *qname, uint16_t qtype,
                                dnslib_response_t *resp)
@@ -1275,6 +1608,13 @@ finalize:
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param db
+ * \param resp
+ * \return int
+ */
 static int ns_answer(dnslib_zonedb_t *db, dnslib_response_t *resp)
 {
 	dnslib_dname_t *qname = resp->question.qname;
@@ -1307,6 +1647,14 @@ DEBUG_NS(
 
 /*----------------------------------------------------------------------------*/
 
+/*!
+ * \brief
+ *
+ * \param resp
+ * \param wire
+ * \param wire_size
+ * \return int
+ */
 static int ns_response_to_wire(dnslib_response_t *resp, uint8_t *wire,
                                size_t *wire_size)
 {
@@ -1494,6 +1842,8 @@ void ns_destroy(ns_nameserver **nameserver)
 	*nameserver = NULL;
 }
 
+/*----------------------------------------------------------------------------*/
+
 int ns_conf_hook(const struct conf_t *conf, void *data)
 {
 	ns_nameserver *ns = (ns_nameserver *)data;