upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch '1086-cleanup-config-option-flags' into 'main'

Browse source 
Resolve "Reduce the number of "bad configuration options" flags"

Closes #1086

See merge request isc-projects/bind9!4476
This commit is contained in:
Matthijs Mekking 2021-01-19 09:59:03 +00:00
commit 0d6347b55e
31 changed files with 177 additions and 495 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,3 +1,8 @@
5563. [cleanup] Changed several obsolete configuration options to
ancient, making them into fatal errors. Also cleaned
up the number of clause flags in the configuration
parser. [GL #1086]
5562. [placeholder]
5561. [bug] KASP incorrectly set signature validity to the value

2
bin/named/config.c
View file

@ -131,7 +131,6 @@ options {\n\
# treat-cr-as-space <obsolete>;\n\
trust-anchor-telemetry yes;\n\
# use-id-pool <obsolete>;\n\
# use-ixfr <obsolete>;\n\
\n\
/* view */\n\
allow-new-zones no;\n\
@ -141,7 +140,6 @@ options {\n\
allow-recursion { localnets; localhost; };\n\
allow-recursion-on { any; };\n\
allow-update-forwarding {none;};\n\
# allow-v6-synthesis <obsolete>;\n\
auth-nxdomain false;\n\
check-dup-records warn;\n\
check-mx warn;\n\

7
bin/named/named.conf.rst
View file

@ -165,7 +165,7 @@ OPTIONS
* ) ] [ dscp integer ];
answer-cookie boolean;
attach-cache string;
auth-nxdomain boolean; // default changed
auth-nxdomain boolean;
auto-dnssec ( allow | maintain | off );
automatic-interface-scan boolean;
avoid-v4-udp-ports { portrange; ... };
@ -519,7 +519,10 @@ TLS
tls string {
cert-file quoted_string;
ciphers string; // experimental
dh-param quoted_string; // experimental
key-file quoted_string;
protocols sslprotos; // experimental
};
TRUST-ANCHORS
@ -568,7 +571,7 @@ VIEW
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
attach-cache string;
auth-nxdomain boolean; // default changed
auth-nxdomain boolean;
auto-dnssec ( allow | maintain | off );
cache-file quoted_string;
catalog-zones { zone string [ default-masters [ port integer ]

8
bin/tests/named.conf
View file

@ -26,9 +26,6 @@
// watch out for ";" -- it's important!
options {
additional-from-auth true;
additional-from-cache false;
version "my version string";
random-device "/dev/random";
directory "/tmp";
@ -265,8 +262,6 @@ view "test-view" in {
sig-validity-interval 45;
max-cache-size 100000;
allow-query { 10.0.0.30;};
additional-from-cache false;
additional-from-auth no;
match-clients { 10.0.0.1 ; };
check-names master warn;
check-names slave ignore;
@ -418,9 +413,6 @@ server 1.2.3.4 {
keys { "sample_key" }; // for TSIG; supported by the parser
// but not yet implemented in the
// rest of the server
# Now called 'request-ixfr'
# support-ixfr yes; // for IXFR supported by server
// if yes, the listed server talks IXFR
};
logging {

14
bin/tests/system/checkconf/bad-geoip-use-ecs.conf
View file

@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
geoip-use-ecs yes;
};

15
bin/tests/system/checkconf/dnssec.1
View file

@ -9,6 +9,17 @@
* information regarding copyright ownership.
*/
options {
dnssec-enable no;
view view1 {
match-clients { any; };
dnssec-validation yes;
};
view view2 {
match-clients { none; };
dnssec-validation auto;
};
view view3 {
match-clients { none; };
auto-dnssec maintain;
};

13
bin/tests/system/checkconf/dnssec.2
View file

@ -11,15 +11,22 @@
view view1 {
match-clients { any; };
dnssec-validation yes;
};
view view2 {
match-clients { none; };
dnssec-validation auto;
};
view view3 {
match-clients { none; };
auto-dnssec maintain;
dnssec-validation auto;
};
view view4 {
match-clients { none; };
};
view view5 {
match-clients { none; };
auto-dnssec off;
};

32
bin/tests/system/checkconf/dnssec.3
View file

@ -1,32 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
view view1 {
match-clients { any; };
};
view view2 {
match-clients { none; };
};
view view3 {
match-clients { none; };
dnssec-validation auto;
};
view view4 {
match-clients { none; };
};
view view5 {
match-clients { none; };
auto-dnssec off;
};

0
bin/tests/system/checkconf/good-lmdb-mapsize-largest.conf → bin/tests/system/checkconf/lmdb-mapsize-largest.conf
View file

0
bin/tests/system/checkconf/good-lmdb-mapsize-smallest.conf → bin/tests/system/checkconf/lmdb-mapsize-smallest.conf
View file

62
bin/tests/system/checkconf/tests.sh
View file

@ -78,6 +78,24 @@ do
status=`expr $status + $ret`
done
for lmdb in lmdb-*.conf
do
n=`expr $n + 1`
ret=0
$FEATURETEST --with-lmdb
if [ $? -eq 0 ]; then
echo_i "checking that named-checkconf detects no error in $lmdb ($n)"
$CHECKCONF $lmdb > checkconf.out$n 2>&1
if [ $? != 0 ]; then echo_i "failed"; ret=1; fi
else
echo_i "checking that named-checkconf detects error in $lmdb ($n)"
$CHECKCONF $lmdb > checkconf.out$n 2>&1
if [ $? == 0 ]; then echo_i "failed"; ret=1; fi
fi
status=`expr $status + $ret`
done
n=`expr $n + 1`
echo_i "checking that ancient options report a fatal error ($n)"
ret=0
@ -113,14 +131,11 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking named-checkconf dnssec warnings ($n)"
ret=0
# dnssec.1: dnssec-enable is obsolete
$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1
grep "'dnssec-enable' is obsolete and should be removed" < checkconf.out$n.1 > /dev/null || ret=1
# dnssec.2: auto-dnssec warning
$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1
# dnssec.1: auto-dnssec warning
$CHECKCONF dnssec.1 > checkconf.out$n.2 2>&1
grep 'auto-dnssec may only be ' < checkconf.out$n.2 > /dev/null || ret=1
# dnssec.3: should have no warnings
$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1
# dnssec.2: should have no warnings
$CHECKCONF dnssec.2 > checkconf.out$n.3 2>&1
grep '.*' < checkconf.out$n.3 > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@ -403,30 +418,6 @@ diff good.zonelist checkconf.out$n > diff.out$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)"
ret=0
$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
ret=0
$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates a warning ($n)"
ret=0
$CHECKCONF warn-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)"
ret=0
@ -484,15 +475,6 @@ grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that 'geoip-use-ecs no' generates a warning ($n)"
ret=0
$CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] || ret=1
grep "'geoip-use-ecs' is obsolete" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking named-checkconf kasp errors ($n)"
ret=0

14
bin/tests/system/checkconf/warn-dlv-auto.conf
View file

@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
dnssec-lookaside auto;
};

14
bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf
View file

@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
dnssec-lookaside . trust-anchor dlv.example.com;
};

14
bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf
View file

@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
dnssec-lookaside . trust-anchor dlv.isc.org;
};

14
bin/tests/system/checkconf/warn-geoip-use-ecs.conf
View file

@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
geoip-use-ecs no;
};

1
bin/tests/system/keepalive/ns2/named.conf.in
View file

@ -27,7 +27,6 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion yes;
acache-enable yes;
send-cookie yes;
tcp-advertised-timeout 150;
};

1
bin/tests/system/padding/ns2/named.conf.in
View file

@ -27,7 +27,6 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion yes;
acache-enable yes;
send-cookie yes;
response-padding { !10.53.0.8; any; } block-size 64;
};

3
bin/tests/system/rrl/tests.sh
View file

@ -163,8 +163,7 @@ ckstats () {
#########
sec_start
# Tests of referrals to "." must be done before the hints are loaded
# or with "additional-from-cache no"
# Tests of referrals to "." must be done before the hints are loaded.
burst 5 a1.tld3 +norec
# basic rate limiting
burst 3 a1.tld2

78
doc/arm/reference.rst
View file

@ -1658,16 +1658,6 @@ Boolean Options
flush any pending zone writes. The default is
``flush-zones-on-shutdown no``.
``geoip-use-ecs``
This option was part of an experimental implementation of the EDNS
CLIENT-SUBNET for authoritative servers, but is now obsolete.
``ipv4only-enable``
Create the IPV4ONLY.ARPA zone as described in RFC 8880. By
default the zone is only created if a DNS64 prefix is configured.
Control the SOA contact and server values with ``ipv4only-contact``
and ``ipv4only-server`` respectively.
``root-key-sentinel``
If ``yes``, respond to root key sentinel probes as described in
draft-ietf-dnsop-kskroll-sentinel-08. The default is ``yes``.
@ -1781,9 +1771,6 @@ Boolean Options
option in its response, then its contents are logged in the ``nsid``
category at level ``info``. The default is ``no``.
``request-sit``
This experimental option is obsolete.
``require-server-cookie``
If ``yes``, require a valid server cookie before sending a full response to a UDP
request from a cookie-aware client. BADCOOKIE is sent if there is a
@ -1868,9 +1855,6 @@ Boolean Options
option may further limit the response size as the default for
``max-udp-size`` is 1232.
``sit-secret``
This experimental option is obsolete.
``cookie-algorithm``
This sets the algorithm to be used when generating the server cookie; the options are
"aes", "sha1", or "sha256". The default is "aes" if supported by
@ -1924,12 +1908,6 @@ Boolean Options
The default is ``yes``.
``use-ixfr``
*This option is obsolete*. To disable IXFR to a
particular server or servers, see the information on the
``provide-ixfr`` option in :ref:`server_statement_definition_and_usage`.
See also :ref:`incremental_zone_transfers`.
``provide-ixfr``
See the description of ``provide-ixfr`` in :ref:`server_statement_definition_and_usage`.
@ -2003,9 +1981,6 @@ Boolean Options
The default setting is ``auto-dnssec off``.
``dnssec-enable``
This option is obsolete and has no effect.
.. _dnssec-validation-option:
``dnssec-validation``
@ -2369,12 +2344,6 @@ for details on how to specify IP address lists.
and inherited by zones, this can lead to some zones unintentionally
forwarding updates.
``allow-v6-synthesis``
This option was introduced for the smooth transition from AAAA to A6
and from "nibble labels" to binary labels. However, since both A6 and
binary labels were then deprecated, this option was also deprecated.
It is now ignored with some warning messages.
.. _allow-transfer-access:
``allow-transfer``
@ -2534,6 +2503,14 @@ system default range; otherwise, it uses its own defaults:
use-v4-udp-ports { range 1024 65535; };
use-v6-udp-ports { range 1024 65535; };
The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports``
options are:
::
avoid-v4-udp-ports {};
avoid-v6-udp-ports {};
.. note:: Make sure the ranges are sufficiently large for security. A
desirable size depends on several parameters, but we generally recommend
it contain at least 16384 ports (14 bits of entropy). Note also that the
@ -2553,38 +2530,14 @@ system default range; otherwise, it uses its own defaults:
set of ports that can be safely used in the expected operational
environment.
The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports``
options are:
.. note:: The address specified in the ``query-source`` option is used for both
UDP and TCP queries, but the port applies only to UDP queries. TCP
queries always use a random unprivileged port.
::
.. note:: Solaris 2.5.1 and earlier does not support setting the source address
for TCP sockets.
avoid-v4-udp-ports {};
avoid-v6-udp-ports {};
.. note:: BIND 9.5.0 introduced the ``use-queryport-pool`` option to support
a pool of such random ports, but this option is now obsolete because
reusing the same ports in the pool may not be sufficiently secure. For
the same reason, it is generally strongly discouraged to specify a
particular port for the ``query-source`` or ``query-source-v6`` options;
it implicitly disables the use of randomized port numbers.
``use-queryport-pool``
This option is obsolete.
``queryport-pool-ports``
This option is obsolete.
``queryport-pool-updateinterval``
This option is obsolete.
.. note:: The address specified in the ``query-source`` option is used for both
UDP and TCP queries, but the port applies only to UDP queries. TCP
queries always use a random unprivileged port.
.. note:: Solaris 2.5.1 and earlier does not support setting the source address
for TCP sockets.
.. note:: See also ``transfer-source`` and ``notify-source``.
.. note:: See also ``transfer-source`` and ``notify-source``.
.. _zone_transfers:
@ -3062,9 +3015,6 @@ system.
Periodic Task Intervals
^^^^^^^^^^^^^^^^^^^^^^^
``cleaning-interval``
This option is obsolete.
``heartbeat-interval``
The server performs zone maintenance tasks for all zones marked
as ``dialup`` whenever this interval expires. The default is 60

7
doc/man/named.conf.5in
View file

@ -228,7 +228,7 @@ options {
* ) ] [ dscp integer ];
answer\-cookie boolean;
attach\-cache string;
auth\-nxdomain boolean; // default changed
auth\-nxdomain boolean;
auto\-dnssec ( allow | maintain | off );
automatic\-interface\-scan boolean;
avoid\-v4\-udp\-ports { portrange; ... };
@ -602,7 +602,10 @@ statistics\-channels {
.ft C
tls string {
cert\-file quoted_string;
ciphers string; // experimental
dh\-param quoted_string; // experimental
key\-file quoted_string;
protocols sslprotos; // experimental
};
.ft P
.fi
@ -663,7 +666,7 @@ view string [ class ] {
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
attach\-cache string;
auth\-nxdomain boolean; // default changed
auth\-nxdomain boolean;
auto\-dnssec ( allow | maintain | off );
cache\-file quoted_string;
catalog\-zones { zone string [ default\-masters [ port integer ]

96
doc/misc/options
View file

@ -63,8 +63,6 @@ logging {
}; // may occur multiple times
};
lwres { <unspecified-text> }; // obsolete, may occur multiple times
managed-keys { <string> ( static-key
| initial-key | static-ds |
initial-ds ) <integer> <integer>
@ -76,10 +74,6 @@ masters <string> [ port <integer> ] [ dscp
<integer> ] ) [ key <string> ]; ... }; // may occur multiple times
options {
acache-cleaning-interval <integer>; // obsolete
acache-enable <boolean>; // obsolete
additional-from-auth <boolean>; // obsolete
additional-from-cache <boolean>; // obsolete
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
@ -91,7 +85,6 @@ options {
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
@ -101,7 +94,7 @@ options {
* ) ] [ dscp <integer> ];
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off );
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };
@ -125,13 +118,11 @@ options {
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
cleaning-interval <integer>; // obsolete
clients-per-query <integer>;
cookie-algorithm ( aes | siphash24 );
cookie-secret <string>; // may occur multiple times
coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> );
deallocate-on-exit <boolean>; // ancient
deny-answer-addresses { <address_match_element>; ... } [
except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
@ -158,11 +149,7 @@ options {
dnsrps-options { <unspecified-text> };
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>; // obsolete
dnssec-loadkeys-interval <integer>;
dnssec-lookaside ( <string>
trust-anchor <string> |
auto | no ); // obsolete, may occur multiple times
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
dnssec-policy <string>;
dnssec-secure-to-insecure <boolean>;
@ -185,15 +172,10 @@ options {
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fake-iquery <boolean>; // ancient
fetch-glue <boolean>; // ancient
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
files ( default | unlimited | <sizeval> );
filter-aaaa { <address_match_element>; ... }; // obsolete
filter-aaaa-on-v4 <boolean>; // obsolete
filter-aaaa-on-v6 <boolean>; // obsolete
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
@ -206,12 +188,8 @@ options {
fstrm-set-output-queue-size <integer>;
fstrm-set-reopen-interval <duration>;
geoip-directory ( <quoted_string> | none );
geoip-use-ecs <boolean>; // obsolete
glue-cache <boolean>; // deprecated
has-old-clients <boolean>; // ancient
heartbeat-interval <integer>;
host-statistics <boolean>; // ancient
host-statistics-max <integer>; // ancient
hostname ( <quoted_string> | none );
inline-signing <boolean>;
interface-interval <duration>;
@ -231,16 +209,13 @@ options {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>;
lock-file ( <quoted_string> | none );
maintain-ixfr-base <boolean>; // ancient
managed-keys-directory <quoted_string>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-mapped-addresses <boolean>;
max-acache-size ( unlimited | <sizeval> ); // obsolete
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <duration>;
max-clients-per-query <integer>;
max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <duration>;
@ -264,16 +239,12 @@ options {
min-ncache-ttl <duration>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // ancient
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
multiple-cnames <boolean>; // ancient
named-xfer <quoted_string>; // ancient
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
nosit-udp-size <integer>; // obsolete
notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>;
notify-rate <integer>;
@ -299,8 +270,6 @@ options {
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
querylog <boolean>;
queryport-pool-ports <integer>; // obsolete
queryport-pool-updateinterval <integer>; // obsolete
random-device ( <quoted_string> | none );
rate-limit {
all-per-second <integer>;
@ -325,7 +294,6 @@ options {
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
request-sit <boolean>; // obsolete
require-server-cookie <boolean>;
reserved-sockets <integer>;
resolver-nonbackoff-tries <integer>;
@ -346,14 +314,12 @@ options {
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
} ];
rfc2308-type1 <boolean>; // ancient
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
send-cookie <boolean>;
serial-queries <integer>; // ancient
serial-query-rate <integer>;
serial-update-method ( date | increment | unixtime );
server-id ( <quoted_string> | none | hostname );
@ -365,7 +331,6 @@ options {
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sit-secret <string>; // obsolete
sortlist { <address_match_element>; ... };
stacksize ( default | unlimited | <sizeval> );
stale-answer-enable <boolean>;
@ -374,8 +339,7 @@ options {
stale-refresh-time <duration>;
startup-notify-rate <integer>;
statistics-file <quoted_string>;
statistics-interval <integer>; // ancient
suppress-initial-notify <boolean>; // not yet implemented
suppress-initial-notify <boolean>; // obsolete
synth-from-dnssec <boolean>;
tcp-advertised-timeout <integer>;
tcp-clients <integer>;
@ -388,7 +352,6 @@ options {
tkey-gssapi-credential <quoted_string>;
tkey-gssapi-keytab <quoted_string>;
tls-port <integer>;
topology { <address_match_element>; ... }; // ancient
transfer-format ( many-answers | one-answer );
transfer-message-size <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
@ -398,14 +361,10 @@ options {
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // ancient
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // ancient
use-ixfr <boolean>; // obsolete
use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
v6-bias <integer>;
@ -446,9 +405,7 @@ server <netprefix> {
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
request-sit <boolean>; // obsolete
send-cookie <boolean>;
support-ixfr <boolean>; // obsolete
tcp-keepalive <boolean>;
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
@ -468,10 +425,10 @@ statistics-channels {
tls <string> {
cert-file <quoted_string>;
ciphers <string>; // not implemented
dh-param <quoted_string>; // not implemented
ciphers <string>; // experimental
dh-param <quoted_string>; // experimental
key-file <quoted_string>;
protocols <sslprotos>; // not implemented
protocols <sslprotos>; // experimental
}; // may occur multiple times
trust-anchors { <string> ( static-key |
@ -484,10 +441,6 @@ trusted-keys { <string> <integer>
<quoted_string>; ... }; // may occur multiple times, deprecated
view <string> [ <class> ] {
acache-cleaning-interval <integer>; // obsolete
acache-enable <boolean>; // obsolete
additional-from-auth <boolean>; // obsolete
additional-from-cache <boolean>; // obsolete
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
@ -499,7 +452,6 @@ view <string> [ <class> ] {
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
@ -508,7 +460,7 @@ view <string> [ <class> ] {
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off );
cache-file <quoted_string>;
catalog-zones { zone <string> [ default-masters [ port <integer> ]
@ -527,7 +479,6 @@ view <string> [ <class> ] {
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
cleaning-interval <integer>; // obsolete
clients-per-query <integer>;
deny-answer-addresses { <address_match_element>; ... } [
except-from { <string>; ... } ];
@ -558,11 +509,7 @@ view <string> [ <class> ] {
dnsrps-options { <unspecified-text> };
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>; // obsolete
dnssec-loadkeys-interval <integer>;
dnssec-lookaside ( <string>
trust-anchor <string> |
auto | no ); // obsolete, may occur multiple times
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
dnssec-policy <string>;
dnssec-secure-to-insecure <boolean>;
@ -580,13 +527,9 @@ view <string> [ <class> ] {
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fetch-glue <boolean>; // ancient
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
filter-aaaa { <address_match_element>; ... }; // obsolete
filter-aaaa-on-v4 <boolean>; // obsolete
filter-aaaa-on-v6 <boolean>; // obsolete
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@ -604,7 +547,6 @@ view <string> [ <class> ] {
key-directory <quoted_string>;
lame-ttl <duration>;
lmdb-mapsize <sizeval>;
maintain-ixfr-base <boolean>; // ancient
managed-keys { <string> (
static-key | initial-key
| static-ds | initial-ds
@ -616,11 +558,9 @@ view <string> [ <class> ] {
match-clients { <address_match_element>; ... };
match-destinations { <address_match_element>; ... };
match-recursive-only <boolean>;
max-acache-size ( unlimited | <sizeval> ); // obsolete
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <duration>;
max-clients-per-query <integer>;
max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <duration>;
@ -641,14 +581,12 @@ view <string> [ <class> ] {
min-ncache-ttl <duration>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // ancient
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
nosit-udp-size <integer>; // obsolete
notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
@ -672,8 +610,6 @@ view <string> [ <class> ] {
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
queryport-pool-ports <integer>; // obsolete
queryport-pool-updateinterval <integer>; // obsolete
rate-limit {
all-per-second <integer>;
errors-per-second <integer>;
@ -695,7 +631,6 @@ view <string> [ <class> ] {
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
request-sit <boolean>; // obsolete
require-server-cookie <boolean>;
resolver-nonbackoff-tries <integer>;
resolver-query-timeout <integer>;
@ -715,7 +650,6 @@ view <string> [ <class> ] {
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
} ];
rfc2308-type1 <boolean>; // ancient
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
@ -746,9 +680,7 @@ view <string> [ <class> ] {
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
request-sit <boolean>; // obsolete
send-cookie <boolean>;
support-ixfr <boolean>; // obsolete
tcp-keepalive <boolean>;
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
@ -768,9 +700,8 @@ view <string> [ <class> ] {
stale-answer-ttl <duration>;
stale-cache-enable <boolean>;
stale-refresh-time <duration>;
suppress-initial-notify <boolean>; // not yet implemented
suppress-initial-notify <boolean>; // obsolete
synth-from-dnssec <boolean>;
topology { <address_match_element>; ... }; // ancient
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
@ -788,7 +719,6 @@ view <string> [ <class> ] {
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-queryport-pool <boolean>; // obsolete
v6-bias <integer>;
validate-except { <string>; ... };
zero-no-soa-ttl <boolean>;
@ -836,20 +766,15 @@ view <string> [ <class> ] {
dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
ixfr-base <quoted_string>; // ancient
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // ancient
journal <quoted_string>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // ancient
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { (
<primaries> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ];
... };
max-ixfr-log-size ( default | unlimited |
<sizeval> ); // ancient
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
@ -875,8 +800,6 @@ view <string> [ <class> ] {
<primaries> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ];
... };
pubkey <integer> <integer> <integer>
<quoted_string>; // ancient
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );
@ -947,18 +870,14 @@ zone <string> [ <class> ] {
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
ixfr-base <quoted_string>; // ancient
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // ancient
journal <quoted_string>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // ancient
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
@ -983,7 +902,6 @@ zone <string> [ <class> ] {
primaries [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
pubkey <integer> <integer> <integer> <quoted_string>; // ancient
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );

10
doc/misc/options.active
View file

@ -93,7 +93,7 @@ options {
* ) ] [ dscp <integer> ];
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off );
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };
@ -422,10 +422,10 @@ statistics-channels {
tls <string> {
cert-file <quoted_string>;
ciphers <string>; // not implemented
dh-param <quoted_string>; // not implemented
ciphers <string>; // experimental
dh-param <quoted_string>; // experimental
key-file <quoted_string>;
protocols <sslprotos>; // not implemented
protocols <sslprotos>; // experimental
}; // may occur multiple times
trust-anchors { <string> ( static-key |
@ -457,7 +457,7 @@ view <string> [ <class> ] {
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off );
cache-file <quoted_string>;
catalog-zones { zone <string> [ default-masters [ port <integer> ]

2
doc/misc/options.grammar.rst
View file

@ -21,7 +21,7 @@
* ) ] [ dscp <integer> ];
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off );
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };

12
doc/notes/notes-current.rst
View file

@ -29,7 +29,17 @@ New Features
Removed Features
~~~~~~~~~~~~~~~~
- None.
- A number of non-working configuration options that had been marked
as obsolete in previous releases have now been removed completely.
Using any of the following options is now considered a configuration
failure:
``acache-cleaning-interval``, ``acache-enable``, ``additional-from-auth``,
``additional-from-cache``, ``allow-v6-synthesis``, ``cleaning-interval``,
``dnssec-enable``, ``dnssec-lookaside``, ``filter-aaaa``,
``filter-aaaa-on-v4``, ``filter-aaaa-on-v6``, ``geoip-use-ecs``, ``lwres``,
``max-acache-size``, ``nosit-udp-size``, ``queryport-pool-ports``,
``queryport-pool-updateinterval``, ``request-sit``, ``sit-secret``,
``support-ixfr``, ``use-queryport-pool``, ``use-ixfr``. [GL #1086]
Feature Changes
~~~~~~~~~~~~~~~

11
lib/bind9/check.c
View file

@ -1557,17 +1557,6 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
}
}
obj = NULL;
(void)cfg_map_get(options, "geoip-use-ecs", &obj);
if (obj != NULL && cfg_obj_asboolean(obj)) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'geoip-use-ecs yes': "
"ECS can no longer be used in geoip ACLs");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
obj = NULL;
(void)cfg_map_get(options, "max-ixfr-ratio", &obj);
if (obj != NULL && cfg_obj_ispercentage(obj)) {

2
lib/dns/cache.c
View file

@ -76,7 +76,7 @@
typedef struct cache_cleaner cache_cleaner_t;
typedef enum {
cleaner_s_idle, /*%< Waiting for cleaning-interval to expire. */
cleaner_s_idle, /*%< Waiting for cleaning interval to expire. */
cleaner_s_busy, /*%< Currently cleaning. */
cleaner_s_done /*%< Freed enough memory after being overmem. */
} cleaner_state_t;

13
lib/isccfg/include/isccfg/grammar.h
View file

@ -34,12 +34,9 @@
#define CFG_CLAUSEFLAG_MULTI 0x00000001
/*% Clause is obsolete (logs a warning, but is not a fatal error) */
#define CFG_CLAUSEFLAG_OBSOLETE 0x00000002
/*% Clause is not implemented, and may never be */
#define CFG_CLAUSEFLAG_NOTIMP 0x00000004
/*% Clause is not implemented yet */
#define CFG_CLAUSEFLAG_NYI 0x00000008
/*% Default value has changed since earlier release */
#define CFG_CLAUSEFLAG_NEWDEFAULT 0x00000010
/* obsolete: #define CFG_CLAUSEFLAG_NOTIMP 0x00000004 */
/* obsolete: #define CFG_CLAUSEFLAG_NYI 0x00000008 */
/* obsolete: #define CFG_CLAUSEFLAG_NEWDEFAULT 0x00000010 */
/*%
* Clause needs to be interpreted during parsing
* by calling a callback function, like the
@ -52,9 +49,7 @@
#define CFG_CLAUSEFLAG_NOTCONFIGURED 0x00000080
/*% A option for a experimental feature. */
#define CFG_CLAUSEFLAG_EXPERIMENTAL 0x00000100
/*% A configuration option that is ineffective due to
* compile time options, but is harmless. */
#define CFG_CLAUSEFLAG_NOOP 0x00000200
/* obsolete: #define CFG_CLAUSEFLAG_NOOP 0x00000200 */
/*% Clause will be obsolete in a future release (logs a warning) */
#define CFG_CLAUSEFLAG_DEPRECATED 0x00000400
/*% Clause has been obsolete so long that it's now a fatal error */

165
lib/isccfg/namedconf.c
View file

@ -235,20 +235,6 @@ static cfg_type_t cfg_type_portiplist = { "portiplist", cfg_parse_tuple,
cfg_print_tuple, cfg_doc_tuple,
&cfg_rep_tuple, portiplist_fields };
/*
* Obsolete format for the "pubkey" statement.
*/
static cfg_tuplefielddef_t pubkey_fields[] = {
{ "flags", &cfg_type_uint32, 0 },
{ "protocol", &cfg_type_uint32, 0 },
{ "algorithm", &cfg_type_uint32, 0 },
{ "key", &cfg_type_qstring, 0 },
{ NULL, NULL, 0 }
};
static cfg_type_t cfg_type_pubkey = { "pubkey", cfg_parse_tuple,
cfg_print_tuple, cfg_doc_tuple,
&cfg_rep_tuple, pubkey_fields };
/*%
* A list of RR types, used in grant statements.
* Note that the old parser allows quotes around the RR type names.
@ -1102,8 +1088,7 @@ static cfg_clausedef_t namedconf_clauses[] = {
{ "controls", &cfg_type_controls, CFG_CLAUSEFLAG_MULTI },
{ "dnssec-policy", &cfg_type_dnssecpolicy, CFG_CLAUSEFLAG_MULTI },
{ "logging", &cfg_type_logging, 0 },
{ "lwres", &cfg_type_bracketed_text,
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE },
{ "lwres", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
{ "masters", &cfg_type_primaries, CFG_CLAUSEFLAG_MULTI },
{ "options", &cfg_type_options, 0 },
{ "primaries", &cfg_type_primaries, CFG_CLAUSEFLAG_MULTI },
@ -1165,7 +1150,7 @@ static cfg_clausedef_t options_clauses[] = {
{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
{ "coresize", &cfg_type_size, 0 },
{ "datasize", &cfg_type_size, 0 },
{ "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
#ifdef HAVE_DNSTAP
{ "dnstap-output", &cfg_type_dnstapoutput, 0 },
@ -1180,7 +1165,7 @@ static cfg_clausedef_t options_clauses[] = {
#endif /* ifdef HAVE_DNSTAP */
{ "dscp", &cfg_type_uint32, 0 },
{ "dump-file", &cfg_type_qstring, 0 },
{ "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "files", &cfg_type_size, 0 },
{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
#ifdef HAVE_DNSTAP
@ -1213,11 +1198,11 @@ static cfg_clausedef_t options_clauses[] = {
{ "geoip-directory", &cfg_type_qstringornone,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_GEOIP2 */
{ "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "geoip-use-ecs", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "has-old-clients", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "heartbeat-interval", &cfg_type_uint32, 0 },
{ "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "host-statistics", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "host-statistics-max", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "hostname", &cfg_type_qstringornone, 0 },
{ "interface-interval", &cfg_type_duration, 0 },
{ "keep-response-order", &cfg_type_bracketed_aml, 0 },
@ -1229,8 +1214,8 @@ static cfg_clausedef_t options_clauses[] = {
{ "max-rsa-exponent-size", &cfg_type_uint32, 0 },
{ "memstatistics", &cfg_type_boolean, 0 },
{ "memstatistics-file", &cfg_type_qstring, 0 },
{ "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
{ "multiple-cnames", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "named-xfer", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "notify-rate", &cfg_type_uint32, 0 },
{ "pid-file", &cfg_type_qstringornone, 0 },
{ "port", &cfg_type_uint32, 0 },
@ -1241,17 +1226,17 @@ static cfg_clausedef_t options_clauses[] = {
{ "recursive-clients", &cfg_type_uint32, 0 },
{ "reserved-sockets", &cfg_type_uint32, 0 },
{ "secroots-file", &cfg_type_qstring, 0 },
{ "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "serial-queries", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "serial-query-rate", &cfg_type_uint32, 0 },
{ "server-id", &cfg_type_serverid, 0 },
{ "session-keyalg", &cfg_type_astring, 0 },
{ "session-keyfile", &cfg_type_qstringornone, 0 },
{ "session-keyname", &cfg_type_astring, 0 },
{ "sit-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_OBSOLETE },
{ "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "stacksize", &cfg_type_size, 0 },
{ "startup-notify-rate", &cfg_type_uint32, 0 },
{ "statistics-file", &cfg_type_qstring, 0 },
{ "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "tcp-advertised-timeout", &cfg_type_uint32, 0 },
{ "tcp-clients", &cfg_type_uint32, 0 },
{ "tcp-idle-timeout", &cfg_type_uint32, 0 },
@ -1266,9 +1251,9 @@ static cfg_clausedef_t options_clauses[] = {
{ "transfers-in", &cfg_type_uint32, 0 },
{ "transfers-out", &cfg_type_uint32, 0 },
{ "transfers-per-ns", &cfg_type_uint32, 0 },
{ "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "treat-cr-as-space", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "use-id-pool", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "use-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "version", &cfg_type_qstringornone, 0 },
@ -1857,46 +1842,6 @@ static cfg_clausedef_t *rrl_clausesets[] = { rrl_clauses, NULL };
static cfg_type_t cfg_type_rrl = { "rate-limit", cfg_parse_map, cfg_print_map,
cfg_doc_map, &cfg_rep_map, rrl_clausesets };
/*%
* dnssec-lookaside
*/
static void
print_lookaside(cfg_printer_t *pctx, const cfg_obj_t *obj) {
const cfg_obj_t *domain = obj->value.tuple[0];
if (domain->value.string.length == 4 &&
strncmp(domain->value.string.base, "auto", 4) == 0)
{
cfg_print_cstr(pctx, "auto");
} else {
cfg_print_tuple(pctx, obj);
}
}
static void
doc_lookaside(cfg_printer_t *pctx, const cfg_type_t *type) {
UNUSED(type);
cfg_print_cstr(pctx, "( <string> trust-anchor <string> | auto | no )");
}
static keyword_type_t trustanchor_kw = { "trust-anchor", &cfg_type_astring };
static cfg_type_t cfg_type_optional_trustanchor = {
"optional_trustanchor", parse_optional_keyvalue, print_keyvalue,
doc_keyvalue, &cfg_rep_string, &trustanchor_kw
};
static cfg_tuplefielddef_t lookaside_fields[] = {
{ "domain", &cfg_type_astring, 0 },
{ "trust-anchor", &cfg_type_optional_trustanchor, 0 },
{ NULL, NULL, 0 }
};
static cfg_type_t cfg_type_lookaside = { "lookaside", cfg_parse_tuple,
print_lookaside, doc_lookaside,
&cfg_rep_tuple, lookaside_fields };
static isc_result_t
parse_optional_uint32(cfg_parser_t *pctx, const cfg_type_t *type,
cfg_obj_t **ret) {
@ -1960,24 +1905,22 @@ static cfg_type_t cfg_type_dns64 = { "dns64", cfg_parse_netprefix_map,
*/
static cfg_clausedef_t view_clauses[] = {
{ "acache-cleaning-interval", &cfg_type_uint32,
CFG_CLAUSEFLAG_OBSOLETE },
{ "acache-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "additional-from-auth", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "additional-from-cache", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "acache-cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "acache-enable", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "additional-from-auth", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "additional-from-cache", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "allow-new-zones", &cfg_type_boolean, 0 },
{ "allow-query-cache", &cfg_type_bracketed_aml, 0 },
{ "allow-query-cache-on", &cfg_type_bracketed_aml, 0 },
{ "allow-recursion", &cfg_type_bracketed_aml, 0 },
{ "allow-recursion-on", &cfg_type_bracketed_aml, 0 },
{ "allow-v6-synthesis", &cfg_type_bracketed_aml,
CFG_CLAUSEFLAG_OBSOLETE },
{ "allow-v6-synthesis", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "attach-cache", &cfg_type_astring, 0 },
{ "auth-nxdomain", &cfg_type_boolean, CFG_CLAUSEFLAG_NEWDEFAULT },
{ "auth-nxdomain", &cfg_type_boolean, 0 },
{ "cache-file", &cfg_type_qstring, 0 },
{ "catalog-zones", &cfg_type_catz, 0 },
{ "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI },
{ "cleaning-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
{ "cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "clients-per-query", &cfg_type_uint32, 0 },
{ "deny-answer-addresses", &cfg_type_denyaddresses, 0 },
{ "deny-answer-aliases", &cfg_type_denyaliases, 0 },
@ -1998,9 +1941,9 @@ static cfg_clausedef_t view_clauses[] = {
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* ifdef USE_DNSRPS */
{ "dnssec-accept-expired", &cfg_type_boolean, 0 },
{ "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "dnssec-lookaside", &cfg_type_lookaside,
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE },
{ "dnssec-enable", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "dnssec-lookaside", NULL,
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
{ "dnssec-must-be-secure", &cfg_type_mustbesecure,
CFG_CLAUSEFLAG_MULTI },
{ "dnssec-validation", &cfg_type_boolorauto, 0 },
@ -2014,13 +1957,13 @@ static cfg_clausedef_t view_clauses[] = {
{ "empty-contact", &cfg_type_astring, 0 },
{ "empty-server", &cfg_type_astring, 0 },
{ "empty-zones-enable", &cfg_type_boolean, 0 },
{ "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "fetch-glue", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "fetch-quota-params", &cfg_type_fetchquota, 0 },
{ "fetches-per-server", &cfg_type_fetchesper, 0 },
{ "fetches-per-zone", &cfg_type_fetchesper, 0 },
{ "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_OBSOLETE },
{ "filter-aaaa-on-v4", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "filter-aaaa-on-v6", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT },
{ "filter-aaaa-on-v4", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "filter-aaaa-on-v6", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "glue-cache", &cfg_type_boolean, CFG_CLAUSEFLAG_DEPRECATED },
{ "ipv4only-enable", &cfg_type_boolean, 0 },
{ "ipv4only-contact", &cfg_type_astring, 0 },
@ -2030,9 +1973,9 @@ static cfg_clausedef_t view_clauses[] = {
#ifdef HAVE_LMDB
{ "lmdb-mapsize", &cfg_type_sizeval, 0 },
#else /* ifdef HAVE_LMDB */
{ "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOOP },
{ "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* ifdef HAVE_LMDB */
{ "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE },
{ "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
{ "max-cache-ttl", &cfg_type_duration, 0 },
{ "max-clients-per-query", &cfg_type_uint32, 0 },
@ -2044,13 +1987,13 @@ static cfg_clausedef_t view_clauses[] = {
{ "message-compression", &cfg_type_boolean, 0 },
{ "min-cache-ttl", &cfg_type_duration, 0 },
{ "min-ncache-ttl", &cfg_type_duration, 0 },
{ "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "min-roots", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "minimal-any", &cfg_type_boolean, 0 },
{ "minimal-responses", &cfg_type_minimal, 0 },
{ "new-zones-directory", &cfg_type_qstring, 0 },
{ "no-case-compress", &cfg_type_bracketed_aml, 0 },
{ "nocookie-udp-size", &cfg_type_uint32, 0 },
{ "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
{ "nosit-udp-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "nta-lifetime", &cfg_type_duration, 0 },
{ "nta-recheck", &cfg_type_duration, 0 },
{ "nxdomain-redirect", &cfg_type_astring, 0 },
@ -2064,20 +2007,19 @@ static cfg_clausedef_t view_clauses[] = {
*/
{ "query-source", &cfg_type_querysource4, 0 },
{ "query-source-v6", &cfg_type_querysource6, 0 },
{ "queryport-pool-ports", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
{ "queryport-pool-updateinterval", &cfg_type_uint32,
CFG_CLAUSEFLAG_OBSOLETE },
{ "queryport-pool-ports", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "queryport-pool-updateinterval", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "rate-limit", &cfg_type_rrl, 0 },
{ "recursion", &cfg_type_boolean, 0 },
{ "request-nsid", &cfg_type_boolean, 0 },
{ "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "require-server-cookie", &cfg_type_boolean, 0 },
{ "resolver-nonbackoff-tries", &cfg_type_uint32, 0 },
{ "resolver-query-timeout", &cfg_type_uint32, 0 },
{ "resolver-retry-interval", &cfg_type_uint32, 0 },
{ "response-padding", &cfg_type_resppadding, 0 },
{ "response-policy", &cfg_type_rpz, 0 },
{ "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "rfc2308-type1", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "root-delegation-only", &cfg_type_optional_exclude, 0 },
{ "root-key-sentinel", &cfg_type_boolean, 0 },
{ "rrset-order", &cfg_type_rrsetorder, 0 },
@ -2088,13 +2030,14 @@ static cfg_clausedef_t view_clauses[] = {
{ "stale-answer-ttl", &cfg_type_duration, 0 },
{ "stale-cache-enable", &cfg_type_boolean, 0 },
{ "stale-refresh-time", &cfg_type_duration, 0 },
{ "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },
{ "suppress-initial-notify", &cfg_type_boolean,
CFG_CLAUSEFLAG_OBSOLETE },
{ "synth-from-dnssec", &cfg_type_boolean, 0 },
{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT },
{ "topology", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "transfer-format", &cfg_type_transferformat, 0 },
{ "trust-anchor-telemetry", &cfg_type_boolean,
CFG_CLAUSEFLAG_EXPERIMENTAL },
{ "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "use-queryport-pool", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "validate-except", &cfg_type_namelist, 0 },
{ "v6-bias", &cfg_type_uint32, 0 },
{ "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 },
@ -2205,14 +2148,14 @@ static cfg_clausedef_t zone_clauses[] = {
CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
{ "key-directory", &cfg_type_qstring,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
{ "maintain-ixfr-base", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "maintain-ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "masterfile-format", &cfg_type_masterformat,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
CFG_ZONE_REDIRECT },
{ "masterfile-style", &cfg_type_masterstyle,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
CFG_ZONE_REDIRECT },
{ "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
{ "max-ixfr-log-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "max-ixfr-ratio", &cfg_type_ixfrratio,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
{ "max-journal-size", &cfg_type_size,
@ -2312,10 +2255,10 @@ static cfg_clausedef_t zone_only_clauses[] = {
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
CFG_ZONE_HINT | CFG_ZONE_REDIRECT },
{ "in-view", &cfg_type_astring, CFG_ZONE_INVIEW },
{ "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
{ "ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "ixfr-from-differences", &cfg_type_boolean,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
{ "ixfr-tmp-file", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
{ "ixfr-tmp-file", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "journal", &cfg_type_qstring,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
{ "masters", &cfg_type_namesockaddrkeylist,
@ -2324,7 +2267,7 @@ static cfg_clausedef_t zone_only_clauses[] = {
{ "primaries", &cfg_type_namesockaddrkeylist,
CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
CFG_ZONE_REDIRECT },
{ "pubkey", &cfg_type_pubkey, CFG_CLAUSEFLAG_ANCIENT },
{ "pubkey", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "server-addresses", &cfg_type_bracketed_netaddrlist,
CFG_ZONE_STATICSTUB },
{ "server-names", &cfg_type_namelist, CFG_ZONE_STATICSTUB },
@ -2460,9 +2403,9 @@ static cfg_clausedef_t server_clauses[] = {
{ "request-expire", &cfg_type_boolean, 0 },
{ "request-ixfr", &cfg_type_boolean, 0 },
{ "request-nsid", &cfg_type_boolean, 0 },
{ "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "send-cookie", &cfg_type_boolean, 0 },
{ "support-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "support-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "tcp-keepalive", &cfg_type_boolean, 0 },
{ "tcp-only", &cfg_type_boolean, 0 },
{ "transfer-format", &cfg_type_transferformat, 0 },
@ -3829,12 +3772,14 @@ cfg_print_zonegrammar(const unsigned int zonetype, unsigned int flags,
for (clause = clauses; clause->name != NULL; clause++) {
if (((pctx.flags & CFG_PRINTER_ACTIVEONLY) != 0) &&
(((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0)))
{
continue;
}
if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) {
continue;
}
if ((clause->flags & zonetype) == 0 ||
strcasecmp(clause->name, "type") == 0) {
continue;
@ -3863,9 +3808,9 @@ static cfg_type_t cfg_type_sslprotos = {
static cfg_clausedef_t tls_clauses[] = {
{ "key-file", &cfg_type_qstring, 0 },
{ "cert-file", &cfg_type_qstring, 0 },
{ "dh-param", &cfg_type_qstring, CFG_CLAUSEFLAG_NOTIMP },
{ "protocols", &cfg_type_sslprotos, CFG_CLAUSEFLAG_NOTIMP },
{ "ciphers", &cfg_type_astring, CFG_CLAUSEFLAG_NOTIMP },
{ "dh-param", &cfg_type_qstring, CFG_CLAUSEFLAG_EXPERIMENTAL },
{ "protocols", &cfg_type_sslprotos, CFG_CLAUSEFLAG_EXPERIMENTAL },
{ "ciphers", &cfg_type_astring, CFG_CLAUSEFLAG_EXPERIMENTAL },
{ NULL, NULL, 0 }
};

54
lib/isccfg/parser.c
View file

@ -2448,6 +2448,13 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
clause->name);
CHECK(ISC_R_FAILURE);
}
if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) {
cfg_parser_error(pctx, 0,
"option '%s' was not "
"enabled at compile time",
clause->name);
CHECK(ISC_R_FAILURE);
}
/* Issue warnings if appropriate */
if ((pctx->flags & CFG_PCTX_NODEPRECATED) == 0 &&
@ -2462,37 +2469,12 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
"should be removed ",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NOTIMP) != 0) {
if ((clause->flags & CFG_CLAUSEFLAG_EXPERIMENTAL) != 0) {
cfg_parser_warning(pctx, 0,
"option '%s' is not implemented",
"option '%s' is experimental and "
"subject to change in the future",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) {
cfg_parser_warning(pctx, 0,
"option '%s' is not implemented",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NOOP) != 0) {
cfg_parser_warning(pctx, 0,
"option '%s' was not "
"enabled at compile time "
"(ignored)",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) {
cfg_parser_error(pctx, 0,
"option '%s' was not "
"enabled at compile time",
clause->name);
CHECK(ISC_R_FAILURE);
}
/*
* Don't log options with CFG_CLAUSEFLAG_NEWDEFAULT
* set here - we need to log the *lack* of such an option,
* not its presence.
*/
/* See if the clause already has a value; if not create one. */
result = isc_symtab_lookup(obj->value.map.symtab, clause->name,
@ -2723,15 +2705,11 @@ cfg_print_mapbody(cfg_printer_t *pctx, const cfg_obj_t *obj) {
static struct flagtext {
unsigned int flag;
const char *text;
} flagtexts[] = { { CFG_CLAUSEFLAG_NOTIMP, "not implemented" },
{ CFG_CLAUSEFLAG_NYI, "not yet implemented" },
{ CFG_CLAUSEFLAG_OBSOLETE, "obsolete" },
{ CFG_CLAUSEFLAG_NEWDEFAULT, "default changed" },
} flagtexts[] = { { CFG_CLAUSEFLAG_OBSOLETE, "obsolete" },
{ CFG_CLAUSEFLAG_TESTONLY, "test only" },
{ CFG_CLAUSEFLAG_NOTCONFIGURED, "not configured" },
{ CFG_CLAUSEFLAG_MULTI, "may occur multiple times" },
{ CFG_CLAUSEFLAG_EXPERIMENTAL, "experimental" },
{ CFG_CLAUSEFLAG_NOOP, "non-operational" },
{ CFG_CLAUSEFLAG_DEPRECATED, "deprecated" },
{ CFG_CLAUSEFLAG_ANCIENT, "ancient" },
{ 0, NULL } };
@ -2765,12 +2743,13 @@ cfg_doc_mapbody(cfg_printer_t *pctx, const cfg_type_t *type) {
for (clause = *clauseset; clause->name != NULL; clause++) {
if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) &&
(((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0)))
{
continue;
}
if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) {
continue;
}
cfg_print_cstr(pctx, clause->name);
cfg_print_cstr(pctx, " ");
cfg_doc_obj(pctx, clause->type);
@ -2820,12 +2799,13 @@ cfg_doc_map(cfg_printer_t *pctx, const cfg_type_t *type) {
for (clause = *clauseset; clause->name != NULL; clause++) {
if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) &&
(((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) ||
((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0)))
{
continue;
}
if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) {
continue;
}
cfg_print_indent(pctx);
cfg_print_cstr(pctx, clause->name);
if (clause->type->print != cfg_print_void) {

2
lib/ns/query.c
View file

@ -6691,7 +6691,7 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) {
/*
* Handle referral to ".", including when recursion
* is off or not requested and the hints have not
* been loaded or we have "additional-from-cache no".
* been loaded.
*/
constname = dns_rootname;
resp_result = DNS_R_DELEGATION;

1
util/copyrights
View file

@ -269,7 +269,6 @@
./bin/tests/system/checkconf/clean.sh SH 2011,2012,2013,2014,2016,2018,2019,2020,2021
./bin/tests/system/checkconf/dnssec.1 X 2011,2016,2018,2019,2020,2021
./bin/tests/system/checkconf/dnssec.2 X 2011,2016,2018,2019,2020,2021
./bin/tests/system/checkconf/dnssec.3 X 2011,2016,2017,2018,2019,2020,2021
./bin/tests/system/checkconf/good.zonelist X 2016,2017,2018,2019,2020,2021
./bin/tests/system/checkconf/tests.sh SH 2005,2007,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021
./bin/tests/system/checknames/clean.sh SH 2004,2007,2012,2014,2015,2016,2018,2019,2020,2021