diff --git a/CHANGES b/CHANGES index 5873831054..7652c6860b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +5563. [cleanup] Changed several obsolete configuration options to + ancient, making them into fatal errors. Also cleaned + up the number of clause flags in the configuration + parser. [GL #1086] + 5562. [placeholder] 5561. [bug] KASP incorrectly set signature validity to the value diff --git a/bin/named/config.c b/bin/named/config.c index ccea2dbf4d..77c0abaaa5 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -131,7 +131,6 @@ options {\n\ # treat-cr-as-space ;\n\ trust-anchor-telemetry yes;\n\ # use-id-pool ;\n\ -# use-ixfr ;\n\ \n\ /* view */\n\ allow-new-zones no;\n\ @@ -141,7 +140,6 @@ options {\n\ allow-recursion { localnets; localhost; };\n\ allow-recursion-on { any; };\n\ allow-update-forwarding {none;};\n\ -# allow-v6-synthesis ;\n\ auth-nxdomain false;\n\ check-dup-records warn;\n\ check-mx warn;\n\ diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index bf4ba2d059..9fbe08b0ba 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -165,7 +165,7 @@ OPTIONS * ) ] [ dscp integer ]; answer-cookie boolean; attach-cache string; - auth-nxdomain boolean; // default changed + auth-nxdomain boolean; auto-dnssec ( allow | maintain | off ); automatic-interface-scan boolean; avoid-v4-udp-ports { portrange; ... }; @@ -519,7 +519,10 @@ TLS tls string { cert-file quoted_string; + ciphers string; // experimental + dh-param quoted_string; // experimental key-file quoted_string; + protocols sslprotos; // experimental }; TRUST-ANCHORS @@ -568,7 +571,7 @@ VIEW alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach-cache string; - auth-nxdomain boolean; // default changed + auth-nxdomain boolean; auto-dnssec ( allow | maintain | off ); cache-file quoted_string; catalog-zones { zone string [ default-masters [ port integer ] diff --git a/bin/tests/named.conf b/bin/tests/named.conf index 928dd9e96a..6a5f6543ff 100644 --- a/bin/tests/named.conf +++ b/bin/tests/named.conf @@ -26,9 +26,6 @@ // watch out for ";" -- it's important! options { - additional-from-auth true; - additional-from-cache false; - version "my version string"; random-device "/dev/random"; directory "/tmp"; @@ -265,8 +262,6 @@ view "test-view" in { sig-validity-interval 45; max-cache-size 100000; allow-query { 10.0.0.30;}; - additional-from-cache false; - additional-from-auth no; match-clients { 10.0.0.1 ; }; check-names master warn; check-names slave ignore; @@ -418,9 +413,6 @@ server 1.2.3.4 { keys { "sample_key" }; // for TSIG; supported by the parser // but not yet implemented in the // rest of the server -# Now called 'request-ixfr' -# support-ixfr yes; // for IXFR supported by server - // if yes, the listed server talks IXFR }; logging { diff --git a/bin/tests/system/checkconf/bad-geoip-use-ecs.conf b/bin/tests/system/checkconf/bad-geoip-use-ecs.conf deleted file mode 100644 index 37ecfdee6b..0000000000 --- a/bin/tests/system/checkconf/bad-geoip-use-ecs.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - geoip-use-ecs yes; -}; diff --git a/bin/tests/system/checkconf/dnssec.1 b/bin/tests/system/checkconf/dnssec.1 index 82f4414973..edef76fde7 100644 --- a/bin/tests/system/checkconf/dnssec.1 +++ b/bin/tests/system/checkconf/dnssec.1 @@ -9,6 +9,17 @@ * information regarding copyright ownership. */ -options { - dnssec-enable no; +view view1 { + match-clients { any; }; + dnssec-validation yes; +}; + +view view2 { + match-clients { none; }; + dnssec-validation auto; +}; + +view view3 { + match-clients { none; }; + auto-dnssec maintain; }; diff --git a/bin/tests/system/checkconf/dnssec.2 b/bin/tests/system/checkconf/dnssec.2 index edef76fde7..56c4a52fe6 100644 --- a/bin/tests/system/checkconf/dnssec.2 +++ b/bin/tests/system/checkconf/dnssec.2 @@ -11,15 +11,22 @@ view view1 { match-clients { any; }; - dnssec-validation yes; }; view view2 { match-clients { none; }; - dnssec-validation auto; }; view view3 { match-clients { none; }; - auto-dnssec maintain; + dnssec-validation auto; +}; + +view view4 { + match-clients { none; }; +}; + +view view5 { + match-clients { none; }; + auto-dnssec off; }; diff --git a/bin/tests/system/checkconf/dnssec.3 b/bin/tests/system/checkconf/dnssec.3 deleted file mode 100644 index 56c4a52fe6..0000000000 --- a/bin/tests/system/checkconf/dnssec.3 +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -view view1 { - match-clients { any; }; -}; - -view view2 { - match-clients { none; }; -}; - -view view3 { - match-clients { none; }; - dnssec-validation auto; -}; - -view view4 { - match-clients { none; }; -}; - -view view5 { - match-clients { none; }; - auto-dnssec off; -}; diff --git a/bin/tests/system/checkconf/good-lmdb-mapsize-largest.conf b/bin/tests/system/checkconf/lmdb-mapsize-largest.conf similarity index 100% rename from bin/tests/system/checkconf/good-lmdb-mapsize-largest.conf rename to bin/tests/system/checkconf/lmdb-mapsize-largest.conf diff --git a/bin/tests/system/checkconf/good-lmdb-mapsize-smallest.conf b/bin/tests/system/checkconf/lmdb-mapsize-smallest.conf similarity index 100% rename from bin/tests/system/checkconf/good-lmdb-mapsize-smallest.conf rename to bin/tests/system/checkconf/lmdb-mapsize-smallest.conf diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index fea98a6ee2..47bf31b5d3 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -78,6 +78,24 @@ do status=`expr $status + $ret` done +for lmdb in lmdb-*.conf +do + n=`expr $n + 1` + ret=0 + + $FEATURETEST --with-lmdb + if [ $? -eq 0 ]; then + echo_i "checking that named-checkconf detects no error in $lmdb ($n)" + $CHECKCONF $lmdb > checkconf.out$n 2>&1 + if [ $? != 0 ]; then echo_i "failed"; ret=1; fi + else + echo_i "checking that named-checkconf detects error in $lmdb ($n)" + $CHECKCONF $lmdb > checkconf.out$n 2>&1 + if [ $? == 0 ]; then echo_i "failed"; ret=1; fi + fi + status=`expr $status + $ret` +done + n=`expr $n + 1` echo_i "checking that ancient options report a fatal error ($n)" ret=0 @@ -113,14 +131,11 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking named-checkconf dnssec warnings ($n)" ret=0 -# dnssec.1: dnssec-enable is obsolete -$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1 -grep "'dnssec-enable' is obsolete and should be removed" < checkconf.out$n.1 > /dev/null || ret=1 -# dnssec.2: auto-dnssec warning -$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1 +# dnssec.1: auto-dnssec warning +$CHECKCONF dnssec.1 > checkconf.out$n.2 2>&1 grep 'auto-dnssec may only be ' < checkconf.out$n.2 > /dev/null || ret=1 -# dnssec.3: should have no warnings -$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1 +# dnssec.2: should have no warnings +$CHECKCONF dnssec.2 > checkconf.out$n.3 2>&1 grep '.*' < checkconf.out$n.3 > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -403,30 +418,6 @@ diff good.zonelist checkconf.out$n > diff.out$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - n=`expr $n + 1` echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" ret=0 @@ -484,15 +475,6 @@ grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -n=`expr $n + 1` -echo_i "check that 'geoip-use-ecs no' generates a warning ($n)" -ret=0 -$CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1 -[ -s checkconf.out$n ] || ret=1 -grep "'geoip-use-ecs' is obsolete" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - n=`expr $n + 1` echo_i "checking named-checkconf kasp errors ($n)" ret=0 diff --git a/bin/tests/system/checkconf/warn-dlv-auto.conf b/bin/tests/system/checkconf/warn-dlv-auto.conf deleted file mode 100644 index 3ba734204f..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-auto.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside auto; -}; diff --git a/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf b/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf deleted file mode 100644 index fd242bceb7..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside . trust-anchor dlv.example.com; -}; diff --git a/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf b/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf deleted file mode 100644 index 49b11bc56c..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside . trust-anchor dlv.isc.org; -}; diff --git a/bin/tests/system/checkconf/warn-geoip-use-ecs.conf b/bin/tests/system/checkconf/warn-geoip-use-ecs.conf deleted file mode 100644 index 9e2c76499d..0000000000 --- a/bin/tests/system/checkconf/warn-geoip-use-ecs.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - geoip-use-ecs no; -}; diff --git a/bin/tests/system/keepalive/ns2/named.conf.in b/bin/tests/system/keepalive/ns2/named.conf.in index c24fbdcabd..b753284875 100644 --- a/bin/tests/system/keepalive/ns2/named.conf.in +++ b/bin/tests/system/keepalive/ns2/named.conf.in @@ -27,7 +27,6 @@ options { listen-on { 10.53.0.2; }; listen-on-v6 { none; }; recursion yes; - acache-enable yes; send-cookie yes; tcp-advertised-timeout 150; }; diff --git a/bin/tests/system/padding/ns2/named.conf.in b/bin/tests/system/padding/ns2/named.conf.in index 89fa953651..fba1fcaf73 100644 --- a/bin/tests/system/padding/ns2/named.conf.in +++ b/bin/tests/system/padding/ns2/named.conf.in @@ -27,7 +27,6 @@ options { listen-on { 10.53.0.2; }; listen-on-v6 { none; }; recursion yes; - acache-enable yes; send-cookie yes; response-padding { !10.53.0.8; any; } block-size 64; }; diff --git a/bin/tests/system/rrl/tests.sh b/bin/tests/system/rrl/tests.sh index 764ccb8e69..846f692989 100644 --- a/bin/tests/system/rrl/tests.sh +++ b/bin/tests/system/rrl/tests.sh @@ -163,8 +163,7 @@ ckstats () { ######### sec_start -# Tests of referrals to "." must be done before the hints are loaded -# or with "additional-from-cache no" +# Tests of referrals to "." must be done before the hints are loaded. burst 5 a1.tld3 +norec # basic rate limiting burst 3 a1.tld2 diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 7c22ea289d..96416d320e 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -1658,16 +1658,6 @@ Boolean Options flush any pending zone writes. The default is ``flush-zones-on-shutdown no``. -``geoip-use-ecs`` - This option was part of an experimental implementation of the EDNS - CLIENT-SUBNET for authoritative servers, but is now obsolete. - -``ipv4only-enable`` - Create the IPV4ONLY.ARPA zone as described in RFC 8880. By - default the zone is only created if a DNS64 prefix is configured. - Control the SOA contact and server values with ``ipv4only-contact`` - and ``ipv4only-server`` respectively. - ``root-key-sentinel`` If ``yes``, respond to root key sentinel probes as described in draft-ietf-dnsop-kskroll-sentinel-08. The default is ``yes``. @@ -1781,9 +1771,6 @@ Boolean Options option in its response, then its contents are logged in the ``nsid`` category at level ``info``. The default is ``no``. -``request-sit`` - This experimental option is obsolete. - ``require-server-cookie`` If ``yes``, require a valid server cookie before sending a full response to a UDP request from a cookie-aware client. BADCOOKIE is sent if there is a @@ -1868,9 +1855,6 @@ Boolean Options option may further limit the response size as the default for ``max-udp-size`` is 1232. -``sit-secret`` - This experimental option is obsolete. - ``cookie-algorithm`` This sets the algorithm to be used when generating the server cookie; the options are "aes", "sha1", or "sha256". The default is "aes" if supported by @@ -1924,12 +1908,6 @@ Boolean Options The default is ``yes``. -``use-ixfr`` - *This option is obsolete*. To disable IXFR to a - particular server or servers, see the information on the - ``provide-ixfr`` option in :ref:`server_statement_definition_and_usage`. - See also :ref:`incremental_zone_transfers`. - ``provide-ixfr`` See the description of ``provide-ixfr`` in :ref:`server_statement_definition_and_usage`. @@ -2003,9 +1981,6 @@ Boolean Options The default setting is ``auto-dnssec off``. -``dnssec-enable`` - This option is obsolete and has no effect. - .. _dnssec-validation-option: ``dnssec-validation`` @@ -2369,12 +2344,6 @@ for details on how to specify IP address lists. and inherited by zones, this can lead to some zones unintentionally forwarding updates. -``allow-v6-synthesis`` - This option was introduced for the smooth transition from AAAA to A6 - and from "nibble labels" to binary labels. However, since both A6 and - binary labels were then deprecated, this option was also deprecated. - It is now ignored with some warning messages. - .. _allow-transfer-access: ``allow-transfer`` @@ -2534,6 +2503,14 @@ system default range; otherwise, it uses its own defaults: use-v4-udp-ports { range 1024 65535; }; use-v6-udp-ports { range 1024 65535; }; +The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports`` +options are: + +:: + + avoid-v4-udp-ports {}; + avoid-v6-udp-ports {}; + .. note:: Make sure the ranges are sufficiently large for security. A desirable size depends on several parameters, but we generally recommend it contain at least 16384 ports (14 bits of entropy). Note also that the @@ -2553,38 +2530,14 @@ system default range; otherwise, it uses its own defaults: set of ports that can be safely used in the expected operational environment. -The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports`` -options are: +.. note:: The address specified in the ``query-source`` option is used for both + UDP and TCP queries, but the port applies only to UDP queries. TCP + queries always use a random unprivileged port. -:: +.. note:: Solaris 2.5.1 and earlier does not support setting the source address + for TCP sockets. - avoid-v4-udp-ports {}; - avoid-v6-udp-ports {}; - -.. note:: BIND 9.5.0 introduced the ``use-queryport-pool`` option to support - a pool of such random ports, but this option is now obsolete because - reusing the same ports in the pool may not be sufficiently secure. For - the same reason, it is generally strongly discouraged to specify a - particular port for the ``query-source`` or ``query-source-v6`` options; - it implicitly disables the use of randomized port numbers. - -``use-queryport-pool`` - This option is obsolete. - -``queryport-pool-ports`` - This option is obsolete. - -``queryport-pool-updateinterval`` - This option is obsolete. - - .. note:: The address specified in the ``query-source`` option is used for both - UDP and TCP queries, but the port applies only to UDP queries. TCP - queries always use a random unprivileged port. - - .. note:: Solaris 2.5.1 and earlier does not support setting the source address - for TCP sockets. - - .. note:: See also ``transfer-source`` and ``notify-source``. +.. note:: See also ``transfer-source`` and ``notify-source``. .. _zone_transfers: @@ -3062,9 +3015,6 @@ system. Periodic Task Intervals ^^^^^^^^^^^^^^^^^^^^^^^ -``cleaning-interval`` - This option is obsolete. - ``heartbeat-interval`` The server performs zone maintenance tasks for all zones marked as ``dialup`` whenever this interval expires. The default is 60 diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 6927fc9b62..9798295f4a 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -228,7 +228,7 @@ options { * ) ] [ dscp integer ]; answer\-cookie boolean; attach\-cache string; - auth\-nxdomain boolean; // default changed + auth\-nxdomain boolean; auto\-dnssec ( allow | maintain | off ); automatic\-interface\-scan boolean; avoid\-v4\-udp\-ports { portrange; ... }; @@ -602,7 +602,10 @@ statistics\-channels { .ft C tls string { cert\-file quoted_string; + ciphers string; // experimental + dh\-param quoted_string; // experimental key\-file quoted_string; + protocols sslprotos; // experimental }; .ft P .fi @@ -663,7 +666,7 @@ view string [ class ] { alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach\-cache string; - auth\-nxdomain boolean; // default changed + auth\-nxdomain boolean; auto\-dnssec ( allow | maintain | off ); cache\-file quoted_string; catalog\-zones { zone string [ default\-masters [ port integer ] diff --git a/doc/misc/options b/doc/misc/options index eac0be785a..33874c2d0c 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -63,8 +63,6 @@ logging { }; // may occur multiple times }; -lwres { }; // obsolete, may occur multiple times - managed-keys { ( static-key | initial-key | static-ds | initial-ds ) @@ -76,10 +74,6 @@ masters [ port ] [ dscp ] ) [ key ]; ... }; // may occur multiple times options { - acache-cleaning-interval ; // obsolete - acache-enable ; // obsolete - additional-from-auth ; // obsolete - additional-from-cache ; // obsolete allow-new-zones ; allow-notify { ; ... }; allow-query { ; ... }; @@ -91,7 +85,6 @@ options { allow-transfer { ; ... }; allow-update { ; ... }; allow-update-forwarding { ; ... }; - allow-v6-synthesis { ; ... }; // obsolete also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; @@ -101,7 +94,7 @@ options { * ) ] [ dscp ]; answer-cookie ; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); automatic-interface-scan ; avoid-v4-udp-ports { ; ... }; @@ -125,13 +118,11 @@ options { check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard ; - cleaning-interval ; // obsolete clients-per-query ; cookie-algorithm ( aes | siphash24 ); cookie-secret ; // may occur multiple times coresize ( default | unlimited | ); datasize ( default | unlimited | ); - deallocate-on-exit ; // ancient deny-answer-addresses { ; ... } [ except-from { ; ... } ]; deny-answer-aliases { ; ... } [ except-from { ; ... @@ -158,11 +149,7 @@ options { dnsrps-options { }; dnssec-accept-expired ; dnssec-dnskey-kskonly ; - dnssec-enable ; // obsolete dnssec-loadkeys-interval ; - dnssec-lookaside ( - trust-anchor | - auto | no ); // obsolete, may occur multiple times dnssec-must-be-secure ; // may occur multiple times dnssec-policy ; dnssec-secure-to-insecure ; @@ -185,15 +172,10 @@ options { empty-contact ; empty-server ; empty-zones-enable ; - fake-iquery ; // ancient - fetch-glue ; // ancient fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; files ( default | unlimited | ); - filter-aaaa { ; ... }; // obsolete - filter-aaaa-on-v4 ; // obsolete - filter-aaaa-on-v6 ; // obsolete flush-zones-on-shutdown ; forward ( first | only ); forwarders [ port ] [ dscp ] { ( @@ -206,12 +188,8 @@ options { fstrm-set-output-queue-size ; fstrm-set-reopen-interval ; geoip-directory ( | none ); - geoip-use-ecs ; // obsolete glue-cache ; // deprecated - has-old-clients ; // ancient heartbeat-interval ; - host-statistics ; // ancient - host-statistics-max ; // ancient hostname ( | none ); inline-signing ; interface-interval ; @@ -231,16 +209,13 @@ options { ; ... }; // may occur multiple times lmdb-mapsize ; lock-file ( | none ); - maintain-ixfr-base ; // ancient managed-keys-directory ; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); match-mapped-addresses ; - max-acache-size ( unlimited | ); // obsolete max-cache-size ( default | unlimited | | ); max-cache-ttl ; max-clients-per-query ; - max-ixfr-log-size ( default | unlimited | ); // ancient max-ixfr-ratio ( unlimited | ); max-journal-size ( default | unlimited | ); max-ncache-ttl ; @@ -264,16 +239,12 @@ options { min-ncache-ttl ; min-refresh-time ; min-retry-time ; - min-roots ; // ancient minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); multi-master ; - multiple-cnames ; // ancient - named-xfer ; // ancient new-zones-directory ; no-case-compress { ; ... }; nocookie-udp-size ; - nosit-udp-size ; // obsolete notify ( explicit | master-only | primary-only | ); notify-delay ; notify-rate ; @@ -299,8 +270,6 @@ options { | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; querylog ; - queryport-pool-ports ; // obsolete - queryport-pool-updateinterval ; // obsolete random-device ( | none ); rate-limit { all-per-second ; @@ -325,7 +294,6 @@ options { request-expire ; request-ixfr ; request-nsid ; - request-sit ; // obsolete require-server-cookie ; reserved-sockets ; resolver-nonbackoff-tries ; @@ -346,14 +314,12 @@ options { [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - rfc2308-type1 ; // ancient root-delegation-only [ exclude { ; ... } ]; root-key-sentinel ; rrset-order { [ class ] [ type ] [ name ] ; ... }; secroots-file ; send-cookie ; - serial-queries ; // ancient serial-query-rate ; serial-update-method ( date | increment | unixtime ); server-id ( | none | hostname ); @@ -365,7 +331,6 @@ options { sig-signing-signatures ; sig-signing-type ; sig-validity-interval [ ]; - sit-secret ; // obsolete sortlist { ; ... }; stacksize ( default | unlimited | ); stale-answer-enable ; @@ -374,8 +339,7 @@ options { stale-refresh-time ; startup-notify-rate ; statistics-file ; - statistics-interval ; // ancient - suppress-initial-notify ; // not yet implemented + suppress-initial-notify ; // obsolete synth-from-dnssec ; tcp-advertised-timeout ; tcp-clients ; @@ -388,7 +352,6 @@ options { tkey-gssapi-credential ; tkey-gssapi-keytab ; tls-port ; - topology { ; ... }; // ancient transfer-format ( many-answers | one-answer ); transfer-message-size ; transfer-source ( | * ) [ port ( | * ) ] [ @@ -398,14 +361,10 @@ options { transfers-in ; transfers-out ; transfers-per-ns ; - treat-cr-as-space ; // ancient trust-anchor-telemetry ; // experimental try-tcp-refresh ; update-check-ksk ; use-alt-transfer-source ; - use-id-pool ; // ancient - use-ixfr ; // obsolete - use-queryport-pool ; // obsolete use-v4-udp-ports { ; ... }; use-v6-udp-ports { ; ... }; v6-bias ; @@ -446,9 +405,7 @@ server { request-expire ; request-ixfr ; request-nsid ; - request-sit ; // obsolete send-cookie ; - support-ixfr ; // obsolete tcp-keepalive ; tcp-only ; transfer-format ( many-answers | one-answer ); @@ -468,10 +425,10 @@ statistics-channels { tls { cert-file ; - ciphers ; // not implemented - dh-param ; // not implemented + ciphers ; // experimental + dh-param ; // experimental key-file ; - protocols ; // not implemented + protocols ; // experimental }; // may occur multiple times trust-anchors { ( static-key | @@ -484,10 +441,6 @@ trusted-keys { ; ... }; // may occur multiple times, deprecated view [ ] { - acache-cleaning-interval ; // obsolete - acache-enable ; // obsolete - additional-from-auth ; // obsolete - additional-from-cache ; // obsolete allow-new-zones ; allow-notify { ; ... }; allow-query { ; ... }; @@ -499,7 +452,6 @@ view [ ] { allow-transfer { ; ... }; allow-update { ; ... }; allow-update-forwarding { ; ... }; - allow-v6-synthesis { ; ... }; // obsolete also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; @@ -508,7 +460,7 @@ view [ ] { alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); cache-file ; catalog-zones { zone [ default-masters [ port ] @@ -527,7 +479,6 @@ view [ ] { check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard ; - cleaning-interval ; // obsolete clients-per-query ; deny-answer-addresses { ; ... } [ except-from { ; ... } ]; @@ -558,11 +509,7 @@ view [ ] { dnsrps-options { }; dnssec-accept-expired ; dnssec-dnskey-kskonly ; - dnssec-enable ; // obsolete dnssec-loadkeys-interval ; - dnssec-lookaside ( - trust-anchor | - auto | no ); // obsolete, may occur multiple times dnssec-must-be-secure ; // may occur multiple times dnssec-policy ; dnssec-secure-to-insecure ; @@ -580,13 +527,9 @@ view [ ] { empty-contact ; empty-server ; empty-zones-enable ; - fetch-glue ; // ancient fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; - filter-aaaa { ; ... }; // obsolete - filter-aaaa-on-v4 ; // obsolete - filter-aaaa-on-v6 ; // obsolete forward ( first | only ); forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; @@ -604,7 +547,6 @@ view [ ] { key-directory ; lame-ttl ; lmdb-mapsize ; - maintain-ixfr-base ; // ancient managed-keys { ( static-key | initial-key | static-ds | initial-ds @@ -616,11 +558,9 @@ view [ ] { match-clients { ; ... }; match-destinations { ; ... }; match-recursive-only ; - max-acache-size ( unlimited | ); // obsolete max-cache-size ( default | unlimited | | ); max-cache-ttl ; max-clients-per-query ; - max-ixfr-log-size ( default | unlimited | ); // ancient max-ixfr-ratio ( unlimited | ); max-journal-size ( default | unlimited | ); max-ncache-ttl ; @@ -641,14 +581,12 @@ view [ ] { min-ncache-ttl ; min-refresh-time ; min-retry-time ; - min-roots ; // ancient minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); multi-master ; new-zones-directory ; no-case-compress { ; ... }; nocookie-udp-size ; - nosit-udp-size ; // obsolete notify ( explicit | master-only | primary-only | ); notify-delay ; notify-source ( | * ) [ port ( | * ) ] [ @@ -672,8 +610,6 @@ view [ ] { query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - queryport-pool-ports ; // obsolete - queryport-pool-updateinterval ; // obsolete rate-limit { all-per-second ; errors-per-second ; @@ -695,7 +631,6 @@ view [ ] { request-expire ; request-ixfr ; request-nsid ; - request-sit ; // obsolete require-server-cookie ; resolver-nonbackoff-tries ; resolver-query-timeout ; @@ -715,7 +650,6 @@ view [ ] { [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - rfc2308-type1 ; // ancient root-delegation-only [ exclude { ; ... } ]; root-key-sentinel ; rrset-order { [ class ] [ type ] [ name @@ -746,9 +680,7 @@ view [ ] { request-expire ; request-ixfr ; request-nsid ; - request-sit ; // obsolete send-cookie ; - support-ixfr ; // obsolete tcp-keepalive ; tcp-only ; transfer-format ( many-answers | one-answer ); @@ -768,9 +700,8 @@ view [ ] { stale-answer-ttl ; stale-cache-enable ; stale-refresh-time ; - suppress-initial-notify ; // not yet implemented + suppress-initial-notify ; // obsolete synth-from-dnssec ; - topology { ; ... }; // ancient transfer-format ( many-answers | one-answer ); transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; @@ -788,7 +719,6 @@ view [ ] { try-tcp-refresh ; update-check-ksk ; use-alt-transfer-source ; - use-queryport-pool ; // obsolete v6-bias ; validate-except { ; ... }; zero-no-soa-ttl ; @@ -836,20 +766,15 @@ view [ ] { dscp ]; ... }; in-view ; inline-signing ; - ixfr-base ; // ancient ixfr-from-differences ; - ixfr-tmp-file ; // ancient journal ; key-directory ; - maintain-ixfr-base ; // ancient masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; - max-ixfr-log-size ( default | unlimited | - ); // ancient max-ixfr-ratio ( unlimited | ); max-journal-size ( default | unlimited | ); max-records ; @@ -875,8 +800,6 @@ view [ ] { | [ port ] | [ port ] ) [ key ]; ... }; - pubkey - ; // ancient request-expire ; request-ixfr ; serial-update-method ( date | increment | unixtime ); @@ -947,18 +870,14 @@ zone [ ] { | ) [ port ] [ dscp ]; ... }; in-view ; inline-signing ; - ixfr-base ; // ancient ixfr-from-differences ; - ixfr-tmp-file ; // ancient journal ; key-directory ; - maintain-ixfr-base ; // ancient masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; - max-ixfr-log-size ( default | unlimited | ); // ancient max-ixfr-ratio ( unlimited | ); max-journal-size ( default | unlimited | ); max-records ; @@ -983,7 +902,6 @@ zone [ ] { primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; - pubkey ; // ancient request-expire ; request-ixfr ; serial-update-method ( date | increment | unixtime ); diff --git a/doc/misc/options.active b/doc/misc/options.active index b418af3c39..6d158267bf 100644 --- a/doc/misc/options.active +++ b/doc/misc/options.active @@ -93,7 +93,7 @@ options { * ) ] [ dscp ]; answer-cookie ; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); automatic-interface-scan ; avoid-v4-udp-ports { ; ... }; @@ -422,10 +422,10 @@ statistics-channels { tls { cert-file ; - ciphers ; // not implemented - dh-param ; // not implemented + ciphers ; // experimental + dh-param ; // experimental key-file ; - protocols ; // not implemented + protocols ; // experimental }; // may occur multiple times trust-anchors { ( static-key | @@ -457,7 +457,7 @@ view [ ] { alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); cache-file ; catalog-zones { zone [ default-masters [ port ] diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst index 9dba4f965a..867256d25a 100644 --- a/doc/misc/options.grammar.rst +++ b/doc/misc/options.grammar.rst @@ -21,7 +21,7 @@ * ) ] [ dscp ]; answer-cookie ; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); automatic-interface-scan ; avoid-v4-udp-ports { ; ... }; diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index eec08c3a79..95a441124d 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -29,7 +29,17 @@ New Features Removed Features ~~~~~~~~~~~~~~~~ -- None. +- A number of non-working configuration options that had been marked + as obsolete in previous releases have now been removed completely. + Using any of the following options is now considered a configuration + failure: + ``acache-cleaning-interval``, ``acache-enable``, ``additional-from-auth``, + ``additional-from-cache``, ``allow-v6-synthesis``, ``cleaning-interval``, + ``dnssec-enable``, ``dnssec-lookaside``, ``filter-aaaa``, + ``filter-aaaa-on-v4``, ``filter-aaaa-on-v6``, ``geoip-use-ecs``, ``lwres``, + ``max-acache-size``, ``nosit-udp-size``, ``queryport-pool-ports``, + ``queryport-pool-updateinterval``, ``request-sit``, ``sit-secret``, + ``support-ixfr``, ``use-queryport-pool``, ``use-ixfr``. [GL #1086] Feature Changes ~~~~~~~~~~~~~~~ diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 1473b5385b..e789aaadd1 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -1557,17 +1557,6 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, } } - obj = NULL; - (void)cfg_map_get(options, "geoip-use-ecs", &obj); - if (obj != NULL && cfg_obj_asboolean(obj)) { - cfg_obj_log(obj, logctx, ISC_LOG_ERROR, - "'geoip-use-ecs yes': " - "ECS can no longer be used in geoip ACLs"); - if (result == ISC_R_SUCCESS) { - result = ISC_R_FAILURE; - } - } - obj = NULL; (void)cfg_map_get(options, "max-ixfr-ratio", &obj); if (obj != NULL && cfg_obj_ispercentage(obj)) { diff --git a/lib/dns/cache.c b/lib/dns/cache.c index 931340fe53..633fc5d122 100644 --- a/lib/dns/cache.c +++ b/lib/dns/cache.c @@ -76,7 +76,7 @@ typedef struct cache_cleaner cache_cleaner_t; typedef enum { - cleaner_s_idle, /*%< Waiting for cleaning-interval to expire. */ + cleaner_s_idle, /*%< Waiting for cleaning interval to expire. */ cleaner_s_busy, /*%< Currently cleaning. */ cleaner_s_done /*%< Freed enough memory after being overmem. */ } cleaner_state_t; diff --git a/lib/isccfg/include/isccfg/grammar.h b/lib/isccfg/include/isccfg/grammar.h index b17406eb32..45513d0e46 100644 --- a/lib/isccfg/include/isccfg/grammar.h +++ b/lib/isccfg/include/isccfg/grammar.h @@ -34,12 +34,9 @@ #define CFG_CLAUSEFLAG_MULTI 0x00000001 /*% Clause is obsolete (logs a warning, but is not a fatal error) */ #define CFG_CLAUSEFLAG_OBSOLETE 0x00000002 -/*% Clause is not implemented, and may never be */ -#define CFG_CLAUSEFLAG_NOTIMP 0x00000004 -/*% Clause is not implemented yet */ -#define CFG_CLAUSEFLAG_NYI 0x00000008 -/*% Default value has changed since earlier release */ -#define CFG_CLAUSEFLAG_NEWDEFAULT 0x00000010 +/* obsolete: #define CFG_CLAUSEFLAG_NOTIMP 0x00000004 */ +/* obsolete: #define CFG_CLAUSEFLAG_NYI 0x00000008 */ +/* obsolete: #define CFG_CLAUSEFLAG_NEWDEFAULT 0x00000010 */ /*% * Clause needs to be interpreted during parsing * by calling a callback function, like the @@ -52,9 +49,7 @@ #define CFG_CLAUSEFLAG_NOTCONFIGURED 0x00000080 /*% A option for a experimental feature. */ #define CFG_CLAUSEFLAG_EXPERIMENTAL 0x00000100 -/*% A configuration option that is ineffective due to - * compile time options, but is harmless. */ -#define CFG_CLAUSEFLAG_NOOP 0x00000200 +/* obsolete: #define CFG_CLAUSEFLAG_NOOP 0x00000200 */ /*% Clause will be obsolete in a future release (logs a warning) */ #define CFG_CLAUSEFLAG_DEPRECATED 0x00000400 /*% Clause has been obsolete so long that it's now a fatal error */ diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index ceb9a02229..b7ed28d24e 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -235,20 +235,6 @@ static cfg_type_t cfg_type_portiplist = { "portiplist", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, portiplist_fields }; -/* - * Obsolete format for the "pubkey" statement. - */ -static cfg_tuplefielddef_t pubkey_fields[] = { - { "flags", &cfg_type_uint32, 0 }, - { "protocol", &cfg_type_uint32, 0 }, - { "algorithm", &cfg_type_uint32, 0 }, - { "key", &cfg_type_qstring, 0 }, - { NULL, NULL, 0 } -}; -static cfg_type_t cfg_type_pubkey = { "pubkey", cfg_parse_tuple, - cfg_print_tuple, cfg_doc_tuple, - &cfg_rep_tuple, pubkey_fields }; - /*% * A list of RR types, used in grant statements. * Note that the old parser allows quotes around the RR type names. @@ -1102,8 +1088,7 @@ static cfg_clausedef_t namedconf_clauses[] = { { "controls", &cfg_type_controls, CFG_CLAUSEFLAG_MULTI }, { "dnssec-policy", &cfg_type_dnssecpolicy, CFG_CLAUSEFLAG_MULTI }, { "logging", &cfg_type_logging, 0 }, - { "lwres", &cfg_type_bracketed_text, - CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE }, + { "lwres", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT }, { "masters", &cfg_type_primaries, CFG_CLAUSEFLAG_MULTI }, { "options", &cfg_type_options, 0 }, { "primaries", &cfg_type_primaries, CFG_CLAUSEFLAG_MULTI }, @@ -1165,7 +1150,7 @@ static cfg_clausedef_t options_clauses[] = { { "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI }, { "coresize", &cfg_type_size, 0 }, { "datasize", &cfg_type_size, 0 }, - { "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK }, #ifdef HAVE_DNSTAP { "dnstap-output", &cfg_type_dnstapoutput, 0 }, @@ -1180,7 +1165,7 @@ static cfg_clausedef_t options_clauses[] = { #endif /* ifdef HAVE_DNSTAP */ { "dscp", &cfg_type_uint32, 0 }, { "dump-file", &cfg_type_qstring, 0 }, - { "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "files", &cfg_type_size, 0 }, { "flush-zones-on-shutdown", &cfg_type_boolean, 0 }, #ifdef HAVE_DNSTAP @@ -1213,11 +1198,11 @@ static cfg_clausedef_t options_clauses[] = { { "geoip-directory", &cfg_type_qstringornone, CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* HAVE_GEOIP2 */ - { "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "geoip-use-ecs", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "has-old-clients", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "heartbeat-interval", &cfg_type_uint32, 0 }, - { "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, - { "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "host-statistics", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "host-statistics-max", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "hostname", &cfg_type_qstringornone, 0 }, { "interface-interval", &cfg_type_duration, 0 }, { "keep-response-order", &cfg_type_bracketed_aml, 0 }, @@ -1229,8 +1214,8 @@ static cfg_clausedef_t options_clauses[] = { { "max-rsa-exponent-size", &cfg_type_uint32, 0 }, { "memstatistics", &cfg_type_boolean, 0 }, { "memstatistics-file", &cfg_type_qstring, 0 }, - { "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, - { "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT }, + { "multiple-cnames", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "named-xfer", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "notify-rate", &cfg_type_uint32, 0 }, { "pid-file", &cfg_type_qstringornone, 0 }, { "port", &cfg_type_uint32, 0 }, @@ -1241,17 +1226,17 @@ static cfg_clausedef_t options_clauses[] = { { "recursive-clients", &cfg_type_uint32, 0 }, { "reserved-sockets", &cfg_type_uint32, 0 }, { "secroots-file", &cfg_type_qstring, 0 }, - { "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "serial-queries", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "serial-query-rate", &cfg_type_uint32, 0 }, { "server-id", &cfg_type_serverid, 0 }, { "session-keyalg", &cfg_type_astring, 0 }, { "session-keyfile", &cfg_type_qstringornone, 0 }, { "session-keyname", &cfg_type_astring, 0 }, - { "sit-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_OBSOLETE }, + { "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "stacksize", &cfg_type_size, 0 }, { "startup-notify-rate", &cfg_type_uint32, 0 }, { "statistics-file", &cfg_type_qstring, 0 }, - { "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "tcp-advertised-timeout", &cfg_type_uint32, 0 }, { "tcp-clients", &cfg_type_uint32, 0 }, { "tcp-idle-timeout", &cfg_type_uint32, 0 }, @@ -1266,9 +1251,9 @@ static cfg_clausedef_t options_clauses[] = { { "transfers-in", &cfg_type_uint32, 0 }, { "transfers-out", &cfg_type_uint32, 0 }, { "transfers-per-ns", &cfg_type_uint32, 0 }, - { "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, - { "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, - { "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "treat-cr-as-space", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "use-id-pool", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "use-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "version", &cfg_type_qstringornone, 0 }, @@ -1857,46 +1842,6 @@ static cfg_clausedef_t *rrl_clausesets[] = { rrl_clauses, NULL }; static cfg_type_t cfg_type_rrl = { "rate-limit", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, rrl_clausesets }; -/*% - * dnssec-lookaside - */ - -static void -print_lookaside(cfg_printer_t *pctx, const cfg_obj_t *obj) { - const cfg_obj_t *domain = obj->value.tuple[0]; - - if (domain->value.string.length == 4 && - strncmp(domain->value.string.base, "auto", 4) == 0) - { - cfg_print_cstr(pctx, "auto"); - } else { - cfg_print_tuple(pctx, obj); - } -} - -static void -doc_lookaside(cfg_printer_t *pctx, const cfg_type_t *type) { - UNUSED(type); - cfg_print_cstr(pctx, "( trust-anchor | auto | no )"); -} - -static keyword_type_t trustanchor_kw = { "trust-anchor", &cfg_type_astring }; - -static cfg_type_t cfg_type_optional_trustanchor = { - "optional_trustanchor", parse_optional_keyvalue, print_keyvalue, - doc_keyvalue, &cfg_rep_string, &trustanchor_kw -}; - -static cfg_tuplefielddef_t lookaside_fields[] = { - { "domain", &cfg_type_astring, 0 }, - { "trust-anchor", &cfg_type_optional_trustanchor, 0 }, - { NULL, NULL, 0 } -}; - -static cfg_type_t cfg_type_lookaside = { "lookaside", cfg_parse_tuple, - print_lookaside, doc_lookaside, - &cfg_rep_tuple, lookaside_fields }; - static isc_result_t parse_optional_uint32(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { @@ -1960,24 +1905,22 @@ static cfg_type_t cfg_type_dns64 = { "dns64", cfg_parse_netprefix_map, */ static cfg_clausedef_t view_clauses[] = { - { "acache-cleaning-interval", &cfg_type_uint32, - CFG_CLAUSEFLAG_OBSOLETE }, - { "acache-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "additional-from-auth", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "additional-from-cache", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "acache-cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "acache-enable", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "additional-from-auth", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "additional-from-cache", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "allow-new-zones", &cfg_type_boolean, 0 }, { "allow-query-cache", &cfg_type_bracketed_aml, 0 }, { "allow-query-cache-on", &cfg_type_bracketed_aml, 0 }, { "allow-recursion", &cfg_type_bracketed_aml, 0 }, { "allow-recursion-on", &cfg_type_bracketed_aml, 0 }, - { "allow-v6-synthesis", &cfg_type_bracketed_aml, - CFG_CLAUSEFLAG_OBSOLETE }, + { "allow-v6-synthesis", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "attach-cache", &cfg_type_astring, 0 }, - { "auth-nxdomain", &cfg_type_boolean, CFG_CLAUSEFLAG_NEWDEFAULT }, + { "auth-nxdomain", &cfg_type_boolean, 0 }, { "cache-file", &cfg_type_qstring, 0 }, { "catalog-zones", &cfg_type_catz, 0 }, { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI }, - { "cleaning-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, + { "cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "clients-per-query", &cfg_type_uint32, 0 }, { "deny-answer-addresses", &cfg_type_denyaddresses, 0 }, { "deny-answer-aliases", &cfg_type_denyaliases, 0 }, @@ -1998,9 +1941,9 @@ static cfg_clausedef_t view_clauses[] = { CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* ifdef USE_DNSRPS */ { "dnssec-accept-expired", &cfg_type_boolean, 0 }, - { "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "dnssec-lookaside", &cfg_type_lookaside, - CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE }, + { "dnssec-enable", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "dnssec-lookaside", NULL, + CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT }, { "dnssec-must-be-secure", &cfg_type_mustbesecure, CFG_CLAUSEFLAG_MULTI }, { "dnssec-validation", &cfg_type_boolorauto, 0 }, @@ -2014,13 +1957,13 @@ static cfg_clausedef_t view_clauses[] = { { "empty-contact", &cfg_type_astring, 0 }, { "empty-server", &cfg_type_astring, 0 }, { "empty-zones-enable", &cfg_type_boolean, 0 }, - { "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "fetch-glue", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "fetch-quota-params", &cfg_type_fetchquota, 0 }, { "fetches-per-server", &cfg_type_fetchesper, 0 }, { "fetches-per-zone", &cfg_type_fetchesper, 0 }, - { "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_OBSOLETE }, - { "filter-aaaa-on-v4", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "filter-aaaa-on-v6", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT }, + { "filter-aaaa-on-v4", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "filter-aaaa-on-v6", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, { "glue-cache", &cfg_type_boolean, CFG_CLAUSEFLAG_DEPRECATED }, { "ipv4only-enable", &cfg_type_boolean, 0 }, { "ipv4only-contact", &cfg_type_astring, 0 }, @@ -2030,9 +1973,9 @@ static cfg_clausedef_t view_clauses[] = { #ifdef HAVE_LMDB { "lmdb-mapsize", &cfg_type_sizeval, 0 }, #else /* ifdef HAVE_LMDB */ - { "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOOP }, + { "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* ifdef HAVE_LMDB */ - { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, + { "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, { "max-cache-ttl", &cfg_type_duration, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, @@ -2044,13 +1987,13 @@ static cfg_clausedef_t view_clauses[] = { { "message-compression", &cfg_type_boolean, 0 }, { "min-cache-ttl", &cfg_type_duration, 0 }, { "min-ncache-ttl", &cfg_type_duration, 0 }, - { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "min-roots", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "minimal-any", &cfg_type_boolean, 0 }, { "minimal-responses", &cfg_type_minimal, 0 }, { "new-zones-directory", &cfg_type_qstring, 0 }, { "no-case-compress", &cfg_type_bracketed_aml, 0 }, { "nocookie-udp-size", &cfg_type_uint32, 0 }, - { "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, + { "nosit-udp-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "nta-lifetime", &cfg_type_duration, 0 }, { "nta-recheck", &cfg_type_duration, 0 }, { "nxdomain-redirect", &cfg_type_astring, 0 }, @@ -2064,20 +2007,19 @@ static cfg_clausedef_t view_clauses[] = { */ { "query-source", &cfg_type_querysource4, 0 }, { "query-source-v6", &cfg_type_querysource6, 0 }, - { "queryport-pool-ports", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, - { "queryport-pool-updateinterval", &cfg_type_uint32, - CFG_CLAUSEFLAG_OBSOLETE }, + { "queryport-pool-ports", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "queryport-pool-updateinterval", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "rate-limit", &cfg_type_rrl, 0 }, { "recursion", &cfg_type_boolean, 0 }, { "request-nsid", &cfg_type_boolean, 0 }, - { "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "require-server-cookie", &cfg_type_boolean, 0 }, { "resolver-nonbackoff-tries", &cfg_type_uint32, 0 }, { "resolver-query-timeout", &cfg_type_uint32, 0 }, { "resolver-retry-interval", &cfg_type_uint32, 0 }, { "response-padding", &cfg_type_resppadding, 0 }, { "response-policy", &cfg_type_rpz, 0 }, - { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "rfc2308-type1", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "root-delegation-only", &cfg_type_optional_exclude, 0 }, { "root-key-sentinel", &cfg_type_boolean, 0 }, { "rrset-order", &cfg_type_rrsetorder, 0 }, @@ -2088,13 +2030,14 @@ static cfg_clausedef_t view_clauses[] = { { "stale-answer-ttl", &cfg_type_duration, 0 }, { "stale-cache-enable", &cfg_type_boolean, 0 }, { "stale-refresh-time", &cfg_type_duration, 0 }, - { "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, + { "suppress-initial-notify", &cfg_type_boolean, + CFG_CLAUSEFLAG_OBSOLETE }, { "synth-from-dnssec", &cfg_type_boolean, 0 }, - { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT }, + { "topology", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "transfer-format", &cfg_type_transferformat, 0 }, { "trust-anchor-telemetry", &cfg_type_boolean, CFG_CLAUSEFLAG_EXPERIMENTAL }, - { "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "use-queryport-pool", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "validate-except", &cfg_type_namelist, 0 }, { "v6-bias", &cfg_type_uint32, 0 }, { "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 }, @@ -2205,14 +2148,14 @@ static cfg_clausedef_t zone_clauses[] = { CFG_ZONE_MASTER | CFG_ZONE_SLAVE }, { "key-directory", &cfg_type_qstring, CFG_ZONE_MASTER | CFG_ZONE_SLAVE }, - { "maintain-ixfr-base", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "maintain-ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "masterfile-format", &cfg_type_masterformat, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_REDIRECT }, { "masterfile-style", &cfg_type_masterstyle, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_REDIRECT }, - { "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, + { "max-ixfr-log-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "max-ixfr-ratio", &cfg_type_ixfrratio, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR }, { "max-journal-size", &cfg_type_size, @@ -2312,10 +2255,10 @@ static cfg_clausedef_t zone_only_clauses[] = { CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_HINT | CFG_ZONE_REDIRECT }, { "in-view", &cfg_type_astring, CFG_ZONE_INVIEW }, - { "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT }, + { "ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "ixfr-from-differences", &cfg_type_boolean, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR }, - { "ixfr-tmp-file", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT }, + { "ixfr-tmp-file", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "journal", &cfg_type_qstring, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR }, { "masters", &cfg_type_namesockaddrkeylist, @@ -2324,7 +2267,7 @@ static cfg_clausedef_t zone_only_clauses[] = { { "primaries", &cfg_type_namesockaddrkeylist, CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_REDIRECT }, - { "pubkey", &cfg_type_pubkey, CFG_CLAUSEFLAG_ANCIENT }, + { "pubkey", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "server-addresses", &cfg_type_bracketed_netaddrlist, CFG_ZONE_STATICSTUB }, { "server-names", &cfg_type_namelist, CFG_ZONE_STATICSTUB }, @@ -2460,9 +2403,9 @@ static cfg_clausedef_t server_clauses[] = { { "request-expire", &cfg_type_boolean, 0 }, { "request-ixfr", &cfg_type_boolean, 0 }, { "request-nsid", &cfg_type_boolean, 0 }, - { "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "send-cookie", &cfg_type_boolean, 0 }, - { "support-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "support-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "tcp-keepalive", &cfg_type_boolean, 0 }, { "tcp-only", &cfg_type_boolean, 0 }, { "transfer-format", &cfg_type_transferformat, 0 }, @@ -3829,12 +3772,14 @@ cfg_print_zonegrammar(const unsigned int zonetype, unsigned int flags, for (clause = clauses; clause->name != NULL; clause++) { if (((pctx.flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; } + if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) { + continue; + } + if ((clause->flags & zonetype) == 0 || strcasecmp(clause->name, "type") == 0) { continue; @@ -3863,9 +3808,9 @@ static cfg_type_t cfg_type_sslprotos = { static cfg_clausedef_t tls_clauses[] = { { "key-file", &cfg_type_qstring, 0 }, { "cert-file", &cfg_type_qstring, 0 }, - { "dh-param", &cfg_type_qstring, CFG_CLAUSEFLAG_NOTIMP }, - { "protocols", &cfg_type_sslprotos, CFG_CLAUSEFLAG_NOTIMP }, - { "ciphers", &cfg_type_astring, CFG_CLAUSEFLAG_NOTIMP }, + { "dh-param", &cfg_type_qstring, CFG_CLAUSEFLAG_EXPERIMENTAL }, + { "protocols", &cfg_type_sslprotos, CFG_CLAUSEFLAG_EXPERIMENTAL }, + { "ciphers", &cfg_type_astring, CFG_CLAUSEFLAG_EXPERIMENTAL }, { NULL, NULL, 0 } }; diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 565b976b76..435531f17f 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -2448,6 +2448,13 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { clause->name); CHECK(ISC_R_FAILURE); } + if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) { + cfg_parser_error(pctx, 0, + "option '%s' was not " + "enabled at compile time", + clause->name); + CHECK(ISC_R_FAILURE); + } /* Issue warnings if appropriate */ if ((pctx->flags & CFG_PCTX_NODEPRECATED) == 0 && @@ -2462,37 +2469,12 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { "should be removed ", clause->name); } - if ((clause->flags & CFG_CLAUSEFLAG_NOTIMP) != 0) { + if ((clause->flags & CFG_CLAUSEFLAG_EXPERIMENTAL) != 0) { cfg_parser_warning(pctx, 0, - "option '%s' is not implemented", + "option '%s' is experimental and " + "subject to change in the future", clause->name); } - if ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) { - cfg_parser_warning(pctx, 0, - "option '%s' is not implemented", - clause->name); - } - if ((clause->flags & CFG_CLAUSEFLAG_NOOP) != 0) { - cfg_parser_warning(pctx, 0, - "option '%s' was not " - "enabled at compile time " - "(ignored)", - clause->name); - } - - if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) { - cfg_parser_error(pctx, 0, - "option '%s' was not " - "enabled at compile time", - clause->name); - CHECK(ISC_R_FAILURE); - } - - /* - * Don't log options with CFG_CLAUSEFLAG_NEWDEFAULT - * set here - we need to log the *lack* of such an option, - * not its presence. - */ /* See if the clause already has a value; if not create one. */ result = isc_symtab_lookup(obj->value.map.symtab, clause->name, @@ -2723,15 +2705,11 @@ cfg_print_mapbody(cfg_printer_t *pctx, const cfg_obj_t *obj) { static struct flagtext { unsigned int flag; const char *text; -} flagtexts[] = { { CFG_CLAUSEFLAG_NOTIMP, "not implemented" }, - { CFG_CLAUSEFLAG_NYI, "not yet implemented" }, - { CFG_CLAUSEFLAG_OBSOLETE, "obsolete" }, - { CFG_CLAUSEFLAG_NEWDEFAULT, "default changed" }, +} flagtexts[] = { { CFG_CLAUSEFLAG_OBSOLETE, "obsolete" }, { CFG_CLAUSEFLAG_TESTONLY, "test only" }, { CFG_CLAUSEFLAG_NOTCONFIGURED, "not configured" }, { CFG_CLAUSEFLAG_MULTI, "may occur multiple times" }, { CFG_CLAUSEFLAG_EXPERIMENTAL, "experimental" }, - { CFG_CLAUSEFLAG_NOOP, "non-operational" }, { CFG_CLAUSEFLAG_DEPRECATED, "deprecated" }, { CFG_CLAUSEFLAG_ANCIENT, "ancient" }, { 0, NULL } }; @@ -2765,12 +2743,13 @@ cfg_doc_mapbody(cfg_printer_t *pctx, const cfg_type_t *type) { for (clause = *clauseset; clause->name != NULL; clause++) { if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; } + if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) { + continue; + } cfg_print_cstr(pctx, clause->name); cfg_print_cstr(pctx, " "); cfg_doc_obj(pctx, clause->type); @@ -2820,12 +2799,13 @@ cfg_doc_map(cfg_printer_t *pctx, const cfg_type_t *type) { for (clause = *clauseset; clause->name != NULL; clause++) { if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; } + if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) { + continue; + } cfg_print_indent(pctx); cfg_print_cstr(pctx, clause->name); if (clause->type->print != cfg_print_void) { diff --git a/lib/ns/query.c b/lib/ns/query.c index bbaf1c91b1..ae0a7bef4b 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -6691,7 +6691,7 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) { /* * Handle referral to ".", including when recursion * is off or not requested and the hints have not - * been loaded or we have "additional-from-cache no". + * been loaded. */ constname = dns_rootname; resp_result = DNS_R_DELEGATION; diff --git a/util/copyrights b/util/copyrights index 5d22313d46..2e025daa6c 100644 --- a/util/copyrights +++ b/util/copyrights @@ -269,7 +269,6 @@ ./bin/tests/system/checkconf/clean.sh SH 2011,2012,2013,2014,2016,2018,2019,2020,2021 ./bin/tests/system/checkconf/dnssec.1 X 2011,2016,2018,2019,2020,2021 ./bin/tests/system/checkconf/dnssec.2 X 2011,2016,2018,2019,2020,2021 -./bin/tests/system/checkconf/dnssec.3 X 2011,2016,2017,2018,2019,2020,2021 ./bin/tests/system/checkconf/good.zonelist X 2016,2017,2018,2019,2020,2021 ./bin/tests/system/checkconf/tests.sh SH 2005,2007,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021 ./bin/tests/system/checknames/clean.sh SH 2004,2007,2012,2014,2015,2016,2018,2019,2020,2021