From ff1957e95b0db4b8c7b5c0f08602e5c3d4cc14fe Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 11:26:08 +0100 Subject: [PATCH 01/12] Obsolete CLAUSEFLAG NOTIMP and NYI The clause flags 'not implented' and 'not implemented yet' are the same as 'obsoleted' when it comes to behavior. These options will now be treated similar as obsoleted (the idea being that if an option is implemented it should be functional). The new options for DoT are new options and rather than flagging them obsolete, they should have been flagged as experimental, signalling that these options are subject to change in the future. --- lib/isccfg/include/isccfg/grammar.h | 6 ++---- lib/isccfg/namedconf.c | 10 +++++----- lib/isccfg/parser.c | 16 +--------------- 3 files changed, 8 insertions(+), 24 deletions(-) diff --git a/lib/isccfg/include/isccfg/grammar.h b/lib/isccfg/include/isccfg/grammar.h index b17406eb32..7c234ab8c5 100644 --- a/lib/isccfg/include/isccfg/grammar.h +++ b/lib/isccfg/include/isccfg/grammar.h @@ -34,10 +34,8 @@ #define CFG_CLAUSEFLAG_MULTI 0x00000001 /*% Clause is obsolete (logs a warning, but is not a fatal error) */ #define CFG_CLAUSEFLAG_OBSOLETE 0x00000002 -/*% Clause is not implemented, and may never be */ -#define CFG_CLAUSEFLAG_NOTIMP 0x00000004 -/*% Clause is not implemented yet */ -#define CFG_CLAUSEFLAG_NYI 0x00000008 +/* obsolete: #define CFG_CLAUSEFLAG_NOTIMP 0x00000004 */ +/* obsolete: #define CFG_CLAUSEFLAG_NYI 0x00000008 */ /*% Default value has changed since earlier release */ #define CFG_CLAUSEFLAG_NEWDEFAULT 0x00000010 /*% diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index ceb9a02229..b17b978c5c 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -2088,7 +2088,8 @@ static cfg_clausedef_t view_clauses[] = { { "stale-answer-ttl", &cfg_type_duration, 0 }, { "stale-cache-enable", &cfg_type_boolean, 0 }, { "stale-refresh-time", &cfg_type_duration, 0 }, - { "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, + { "suppress-initial-notify", &cfg_type_boolean, + CFG_CLAUSEFLAG_OBSOLETE }, { "synth-from-dnssec", &cfg_type_boolean, 0 }, { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT }, { "transfer-format", &cfg_type_transferformat, 0 }, @@ -3830,7 +3831,6 @@ cfg_print_zonegrammar(const unsigned int zonetype, unsigned int flags, if (((pctx.flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; @@ -3863,9 +3863,9 @@ static cfg_type_t cfg_type_sslprotos = { static cfg_clausedef_t tls_clauses[] = { { "key-file", &cfg_type_qstring, 0 }, { "cert-file", &cfg_type_qstring, 0 }, - { "dh-param", &cfg_type_qstring, CFG_CLAUSEFLAG_NOTIMP }, - { "protocols", &cfg_type_sslprotos, CFG_CLAUSEFLAG_NOTIMP }, - { "ciphers", &cfg_type_astring, CFG_CLAUSEFLAG_NOTIMP }, + { "dh-param", &cfg_type_qstring, CFG_CLAUSEFLAG_EXPERIMENTAL }, + { "protocols", &cfg_type_sslprotos, CFG_CLAUSEFLAG_EXPERIMENTAL }, + { "ciphers", &cfg_type_astring, CFG_CLAUSEFLAG_EXPERIMENTAL }, { NULL, NULL, 0 } }; diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 565b976b76..9d13d0186e 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -2462,16 +2462,6 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { "should be removed ", clause->name); } - if ((clause->flags & CFG_CLAUSEFLAG_NOTIMP) != 0) { - cfg_parser_warning(pctx, 0, - "option '%s' is not implemented", - clause->name); - } - if ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) { - cfg_parser_warning(pctx, 0, - "option '%s' is not implemented", - clause->name); - } if ((clause->flags & CFG_CLAUSEFLAG_NOOP) != 0) { cfg_parser_warning(pctx, 0, "option '%s' was not " @@ -2723,9 +2713,7 @@ cfg_print_mapbody(cfg_printer_t *pctx, const cfg_obj_t *obj) { static struct flagtext { unsigned int flag; const char *text; -} flagtexts[] = { { CFG_CLAUSEFLAG_NOTIMP, "not implemented" }, - { CFG_CLAUSEFLAG_NYI, "not yet implemented" }, - { CFG_CLAUSEFLAG_OBSOLETE, "obsolete" }, +} flagtexts[] = { { CFG_CLAUSEFLAG_OBSOLETE, "obsolete" }, { CFG_CLAUSEFLAG_NEWDEFAULT, "default changed" }, { CFG_CLAUSEFLAG_TESTONLY, "test only" }, { CFG_CLAUSEFLAG_NOTCONFIGURED, "not configured" }, @@ -2766,7 +2754,6 @@ cfg_doc_mapbody(cfg_printer_t *pctx, const cfg_type_t *type) { if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; @@ -2821,7 +2808,6 @@ cfg_doc_map(cfg_printer_t *pctx, const cfg_type_t *type) { if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; From dda3a68efcb7172d887daf6a2011262f96f8ce6f Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 11:34:15 +0100 Subject: [PATCH 02/12] Obsolete CLAUSEFLAG NOOP The clause flag 'not operational' is promoted to 'not configured'. --- lib/isccfg/include/isccfg/grammar.h | 4 +--- lib/isccfg/namedconf.c | 2 +- lib/isccfg/parser.c | 8 -------- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/lib/isccfg/include/isccfg/grammar.h b/lib/isccfg/include/isccfg/grammar.h index 7c234ab8c5..43947712da 100644 --- a/lib/isccfg/include/isccfg/grammar.h +++ b/lib/isccfg/include/isccfg/grammar.h @@ -50,9 +50,7 @@ #define CFG_CLAUSEFLAG_NOTCONFIGURED 0x00000080 /*% A option for a experimental feature. */ #define CFG_CLAUSEFLAG_EXPERIMENTAL 0x00000100 -/*% A configuration option that is ineffective due to - * compile time options, but is harmless. */ -#define CFG_CLAUSEFLAG_NOOP 0x00000200 +/* obsolete: #define CFG_CLAUSEFLAG_NOOP 0x00000200 */ /*% Clause will be obsolete in a future release (logs a warning) */ #define CFG_CLAUSEFLAG_DEPRECATED 0x00000400 /*% Clause has been obsolete so long that it's now a fatal error */ diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index b17b978c5c..007ede844e 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -2030,7 +2030,7 @@ static cfg_clausedef_t view_clauses[] = { #ifdef HAVE_LMDB { "lmdb-mapsize", &cfg_type_sizeval, 0 }, #else /* ifdef HAVE_LMDB */ - { "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOOP }, + { "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* ifdef HAVE_LMDB */ { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 9d13d0186e..5d9790c32d 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -2462,13 +2462,6 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { "should be removed ", clause->name); } - if ((clause->flags & CFG_CLAUSEFLAG_NOOP) != 0) { - cfg_parser_warning(pctx, 0, - "option '%s' was not " - "enabled at compile time " - "(ignored)", - clause->name); - } if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) { cfg_parser_error(pctx, 0, @@ -2719,7 +2712,6 @@ static struct flagtext { { CFG_CLAUSEFLAG_NOTCONFIGURED, "not configured" }, { CFG_CLAUSEFLAG_MULTI, "may occur multiple times" }, { CFG_CLAUSEFLAG_EXPERIMENTAL, "experimental" }, - { CFG_CLAUSEFLAG_NOOP, "non-operational" }, { CFG_CLAUSEFLAG_DEPRECATED, "deprecated" }, { CFG_CLAUSEFLAG_ANCIENT, "ancient" }, { 0, NULL } }; From d5f70b223748eeca1edab3841fcd9a4a3cfb2819 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 11:37:46 +0100 Subject: [PATCH 03/12] Obsolete CLAUSEFLAG NEWDEFAULT The 'new default' option was introduced in 2002 to signal that a default option had changed its default value, in this specific case the value for 'auth-nxdomain'. However, this default has been unchanged for 18 years now, and logging that the default has changed does not have significant value nowadays. This is also a good example that the clause flag 'new default' is broken: it is easy to get out of date. It is also easy to forget, because we have changed the default value for 'max-stale-ttl' and haven't been flagging it with 'new default' Also, if the operator cares for a specific value it should set it explicitly. Using the default is telling the software: use whatever you think is best, and this may change over time. Default value changes should be mentioned in the release note, but do not require further special treatment. --- lib/isccfg/include/isccfg/grammar.h | 3 +-- lib/isccfg/namedconf.c | 2 +- lib/isccfg/parser.c | 7 ------- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/lib/isccfg/include/isccfg/grammar.h b/lib/isccfg/include/isccfg/grammar.h index 43947712da..45513d0e46 100644 --- a/lib/isccfg/include/isccfg/grammar.h +++ b/lib/isccfg/include/isccfg/grammar.h @@ -36,8 +36,7 @@ #define CFG_CLAUSEFLAG_OBSOLETE 0x00000002 /* obsolete: #define CFG_CLAUSEFLAG_NOTIMP 0x00000004 */ /* obsolete: #define CFG_CLAUSEFLAG_NYI 0x00000008 */ -/*% Default value has changed since earlier release */ -#define CFG_CLAUSEFLAG_NEWDEFAULT 0x00000010 +/* obsolete: #define CFG_CLAUSEFLAG_NEWDEFAULT 0x00000010 */ /*% * Clause needs to be interpreted during parsing * by calling a callback function, like the diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 007ede844e..b3153d16e7 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1973,7 +1973,7 @@ static cfg_clausedef_t view_clauses[] = { { "allow-v6-synthesis", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_OBSOLETE }, { "attach-cache", &cfg_type_astring, 0 }, - { "auth-nxdomain", &cfg_type_boolean, CFG_CLAUSEFLAG_NEWDEFAULT }, + { "auth-nxdomain", &cfg_type_boolean, 0 }, { "cache-file", &cfg_type_qstring, 0 }, { "catalog-zones", &cfg_type_catz, 0 }, { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI }, diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 5d9790c32d..f4d9ba815a 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -2471,12 +2471,6 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { CHECK(ISC_R_FAILURE); } - /* - * Don't log options with CFG_CLAUSEFLAG_NEWDEFAULT - * set here - we need to log the *lack* of such an option, - * not its presence. - */ - /* See if the clause already has a value; if not create one. */ result = isc_symtab_lookup(obj->value.map.symtab, clause->name, 0, &symval); @@ -2707,7 +2701,6 @@ static struct flagtext { unsigned int flag; const char *text; } flagtexts[] = { { CFG_CLAUSEFLAG_OBSOLETE, "obsolete" }, - { CFG_CLAUSEFLAG_NEWDEFAULT, "default changed" }, { CFG_CLAUSEFLAG_TESTONLY, "test only" }, { CFG_CLAUSEFLAG_NOTCONFIGURED, "not configured" }, { CFG_CLAUSEFLAG_MULTI, "may occur multiple times" }, From 6e2597b55a794e99cc5f794eb24333b9067afe0f Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 11:47:57 +0100 Subject: [PATCH 04/12] Log experimental options Log a warning for the 'experimental' clause flag similar to the 'deprecated' flag. --- lib/isccfg/parser.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index f4d9ba815a..9fd049553f 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -2448,6 +2448,13 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { clause->name); CHECK(ISC_R_FAILURE); } + if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) { + cfg_parser_error(pctx, 0, + "option '%s' was not " + "enabled at compile time", + clause->name); + CHECK(ISC_R_FAILURE); + } /* Issue warnings if appropriate */ if ((pctx->flags & CFG_PCTX_NODEPRECATED) == 0 && @@ -2462,13 +2469,11 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { "should be removed ", clause->name); } - - if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) { - cfg_parser_error(pctx, 0, - "option '%s' was not " - "enabled at compile time", - clause->name); - CHECK(ISC_R_FAILURE); + if ((clause->flags & CFG_CLAUSEFLAG_EXPERIMENTAL) != 0) { + cfg_parser_warning(pctx, 0, + "option '%s' is experimental and " + "subject to change in the future", + clause->name); } /* See if the clause already has a value; if not create one. */ From a889ed38eff3ea9add384be5a074d2d737918c2c Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 11:55:42 +0100 Subject: [PATCH 05/12] Remove the option 'cleaning-interval' Obsoleted in 9.15, we can remove the option in 9.17. --- doc/arm/reference.rst | 3 --- lib/dns/cache.c | 2 +- lib/isccfg/namedconf.c | 2 +- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 7c22ea289d..652c71903a 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -3062,9 +3062,6 @@ system. Periodic Task Intervals ^^^^^^^^^^^^^^^^^^^^^^^ -``cleaning-interval`` - This option is obsolete. - ``heartbeat-interval`` The server performs zone maintenance tasks for all zones marked as ``dialup`` whenever this interval expires. The default is 60 diff --git a/lib/dns/cache.c b/lib/dns/cache.c index 931340fe53..633fc5d122 100644 --- a/lib/dns/cache.c +++ b/lib/dns/cache.c @@ -76,7 +76,7 @@ typedef struct cache_cleaner cache_cleaner_t; typedef enum { - cleaner_s_idle, /*%< Waiting for cleaning-interval to expire. */ + cleaner_s_idle, /*%< Waiting for cleaning interval to expire. */ cleaner_s_busy, /*%< Currently cleaning. */ cleaner_s_done /*%< Freed enough memory after being overmem. */ } cleaner_state_t; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index b3153d16e7..6f591e79b4 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1977,7 +1977,7 @@ static cfg_clausedef_t view_clauses[] = { { "cache-file", &cfg_type_qstring, 0 }, { "catalog-zones", &cfg_type_catz, 0 }, { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI }, - { "cleaning-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, + { "cleaning-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, { "clients-per-query", &cfg_type_uint32, 0 }, { "deny-answer-addresses", &cfg_type_denyaddresses, 0 }, { "deny-answer-aliases", &cfg_type_denyaliases, 0 }, From df435fc7da1467fa0c88c602c4a9c35d3cb8a465 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 12:01:58 +0100 Subject: [PATCH 06/12] Remove the option 'dnssec-lookaside' Obsoleted in 9.15, we can remove the option in 9.17. --- bin/tests/system/checkconf/tests.sh | 24 ----------- bin/tests/system/checkconf/warn-dlv-auto.conf | 14 ------ .../checkconf/warn-dlv-dlv.example.com.conf | 14 ------ .../checkconf/warn-dlv-dlv.isc.org.conf | 14 ------ lib/isccfg/namedconf.c | 43 +------------------ 5 files changed, 1 insertion(+), 108 deletions(-) delete mode 100644 bin/tests/system/checkconf/warn-dlv-auto.conf delete mode 100644 bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf delete mode 100644 bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index fea98a6ee2..2f613d8877 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -403,30 +403,6 @@ diff good.zonelist checkconf.out$n > diff.out$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - n=`expr $n + 1` echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" ret=0 diff --git a/bin/tests/system/checkconf/warn-dlv-auto.conf b/bin/tests/system/checkconf/warn-dlv-auto.conf deleted file mode 100644 index 3ba734204f..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-auto.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside auto; -}; diff --git a/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf b/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf deleted file mode 100644 index fd242bceb7..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside . trust-anchor dlv.example.com; -}; diff --git a/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf b/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf deleted file mode 100644 index 49b11bc56c..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside . trust-anchor dlv.isc.org; -}; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 6f591e79b4..e37cc25ed3 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1857,46 +1857,6 @@ static cfg_clausedef_t *rrl_clausesets[] = { rrl_clauses, NULL }; static cfg_type_t cfg_type_rrl = { "rate-limit", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, rrl_clausesets }; -/*% - * dnssec-lookaside - */ - -static void -print_lookaside(cfg_printer_t *pctx, const cfg_obj_t *obj) { - const cfg_obj_t *domain = obj->value.tuple[0]; - - if (domain->value.string.length == 4 && - strncmp(domain->value.string.base, "auto", 4) == 0) - { - cfg_print_cstr(pctx, "auto"); - } else { - cfg_print_tuple(pctx, obj); - } -} - -static void -doc_lookaside(cfg_printer_t *pctx, const cfg_type_t *type) { - UNUSED(type); - cfg_print_cstr(pctx, "( trust-anchor | auto | no )"); -} - -static keyword_type_t trustanchor_kw = { "trust-anchor", &cfg_type_astring }; - -static cfg_type_t cfg_type_optional_trustanchor = { - "optional_trustanchor", parse_optional_keyvalue, print_keyvalue, - doc_keyvalue, &cfg_rep_string, &trustanchor_kw -}; - -static cfg_tuplefielddef_t lookaside_fields[] = { - { "domain", &cfg_type_astring, 0 }, - { "trust-anchor", &cfg_type_optional_trustanchor, 0 }, - { NULL, NULL, 0 } -}; - -static cfg_type_t cfg_type_lookaside = { "lookaside", cfg_parse_tuple, - print_lookaside, doc_lookaside, - &cfg_rep_tuple, lookaside_fields }; - static isc_result_t parse_optional_uint32(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { @@ -1999,8 +1959,7 @@ static cfg_clausedef_t view_clauses[] = { #endif /* ifdef USE_DNSRPS */ { "dnssec-accept-expired", &cfg_type_boolean, 0 }, { "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "dnssec-lookaside", &cfg_type_lookaside, - CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE }, + { "dnssec-lookaside", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT }, { "dnssec-must-be-secure", &cfg_type_mustbesecure, CFG_CLAUSEFLAG_MULTI }, { "dnssec-validation", &cfg_type_boolorauto, 0 }, From 87744f218d3cc76d2e73c9d6a9c7cd01407f327f Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 15:08:32 +0100 Subject: [PATCH 07/12] Remove a lot of obsoleted options These options were ancient or made obsolete a long time ago, it is safe to remove them. Also stop printing ancient options, they should be treated the same as unknown options. Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr, acache-cleaning-interval, acache-enable, additional-from-auth, additional-from-cache, allow-v6-synthesis, dnssec-enable, max-acache-size, nosit-udp-size, queryport-pool-ports, queryport-pool-updateinterval, request-sit, use-queryport-pool, and support-ixfr. --- bin/named/config.c | 2 - bin/tests/named.conf | 8 -- .../system/checkconf/bad-geoip-use-ecs.conf | 14 --- bin/tests/system/checkconf/dnssec.1 | 15 ++- bin/tests/system/checkconf/dnssec.2 | 13 ++- bin/tests/system/checkconf/dnssec.3 | 32 ------ bin/tests/system/checkconf/tests.sh | 20 +--- .../system/checkconf/warn-geoip-use-ecs.conf | 14 --- bin/tests/system/keepalive/ns2/named.conf.in | 1 - bin/tests/system/padding/ns2/named.conf.in | 1 - bin/tests/system/rrl/tests.sh | 3 +- doc/arm/reference.rst | 75 +++---------- lib/bind9/check.c | 11 -- lib/isccfg/namedconf.c | 104 ++++++++---------- lib/isccfg/parser.c | 8 +- lib/ns/query.c | 2 +- 16 files changed, 94 insertions(+), 229 deletions(-) delete mode 100644 bin/tests/system/checkconf/bad-geoip-use-ecs.conf delete mode 100644 bin/tests/system/checkconf/dnssec.3 delete mode 100644 bin/tests/system/checkconf/warn-geoip-use-ecs.conf diff --git a/bin/named/config.c b/bin/named/config.c index ccea2dbf4d..77c0abaaa5 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -131,7 +131,6 @@ options {\n\ # treat-cr-as-space ;\n\ trust-anchor-telemetry yes;\n\ # use-id-pool ;\n\ -# use-ixfr ;\n\ \n\ /* view */\n\ allow-new-zones no;\n\ @@ -141,7 +140,6 @@ options {\n\ allow-recursion { localnets; localhost; };\n\ allow-recursion-on { any; };\n\ allow-update-forwarding {none;};\n\ -# allow-v6-synthesis ;\n\ auth-nxdomain false;\n\ check-dup-records warn;\n\ check-mx warn;\n\ diff --git a/bin/tests/named.conf b/bin/tests/named.conf index 928dd9e96a..6a5f6543ff 100644 --- a/bin/tests/named.conf +++ b/bin/tests/named.conf @@ -26,9 +26,6 @@ // watch out for ";" -- it's important! options { - additional-from-auth true; - additional-from-cache false; - version "my version string"; random-device "/dev/random"; directory "/tmp"; @@ -265,8 +262,6 @@ view "test-view" in { sig-validity-interval 45; max-cache-size 100000; allow-query { 10.0.0.30;}; - additional-from-cache false; - additional-from-auth no; match-clients { 10.0.0.1 ; }; check-names master warn; check-names slave ignore; @@ -418,9 +413,6 @@ server 1.2.3.4 { keys { "sample_key" }; // for TSIG; supported by the parser // but not yet implemented in the // rest of the server -# Now called 'request-ixfr' -# support-ixfr yes; // for IXFR supported by server - // if yes, the listed server talks IXFR }; logging { diff --git a/bin/tests/system/checkconf/bad-geoip-use-ecs.conf b/bin/tests/system/checkconf/bad-geoip-use-ecs.conf deleted file mode 100644 index 37ecfdee6b..0000000000 --- a/bin/tests/system/checkconf/bad-geoip-use-ecs.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - geoip-use-ecs yes; -}; diff --git a/bin/tests/system/checkconf/dnssec.1 b/bin/tests/system/checkconf/dnssec.1 index 82f4414973..edef76fde7 100644 --- a/bin/tests/system/checkconf/dnssec.1 +++ b/bin/tests/system/checkconf/dnssec.1 @@ -9,6 +9,17 @@ * information regarding copyright ownership. */ -options { - dnssec-enable no; +view view1 { + match-clients { any; }; + dnssec-validation yes; +}; + +view view2 { + match-clients { none; }; + dnssec-validation auto; +}; + +view view3 { + match-clients { none; }; + auto-dnssec maintain; }; diff --git a/bin/tests/system/checkconf/dnssec.2 b/bin/tests/system/checkconf/dnssec.2 index edef76fde7..56c4a52fe6 100644 --- a/bin/tests/system/checkconf/dnssec.2 +++ b/bin/tests/system/checkconf/dnssec.2 @@ -11,15 +11,22 @@ view view1 { match-clients { any; }; - dnssec-validation yes; }; view view2 { match-clients { none; }; - dnssec-validation auto; }; view view3 { match-clients { none; }; - auto-dnssec maintain; + dnssec-validation auto; +}; + +view view4 { + match-clients { none; }; +}; + +view view5 { + match-clients { none; }; + auto-dnssec off; }; diff --git a/bin/tests/system/checkconf/dnssec.3 b/bin/tests/system/checkconf/dnssec.3 deleted file mode 100644 index 56c4a52fe6..0000000000 --- a/bin/tests/system/checkconf/dnssec.3 +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -view view1 { - match-clients { any; }; -}; - -view view2 { - match-clients { none; }; -}; - -view view3 { - match-clients { none; }; - dnssec-validation auto; -}; - -view view4 { - match-clients { none; }; -}; - -view view5 { - match-clients { none; }; - auto-dnssec off; -}; diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 2f613d8877..d2350d4e5b 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -113,14 +113,11 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking named-checkconf dnssec warnings ($n)" ret=0 -# dnssec.1: dnssec-enable is obsolete -$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1 -grep "'dnssec-enable' is obsolete and should be removed" < checkconf.out$n.1 > /dev/null || ret=1 -# dnssec.2: auto-dnssec warning -$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1 +# dnssec.1: auto-dnssec warning +$CHECKCONF dnssec.1 > checkconf.out$n.2 2>&1 grep 'auto-dnssec may only be ' < checkconf.out$n.2 > /dev/null || ret=1 -# dnssec.3: should have no warnings -$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1 +# dnssec.2: should have no warnings +$CHECKCONF dnssec.2 > checkconf.out$n.3 2>&1 grep '.*' < checkconf.out$n.3 > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -460,15 +457,6 @@ grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -n=`expr $n + 1` -echo_i "check that 'geoip-use-ecs no' generates a warning ($n)" -ret=0 -$CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1 -[ -s checkconf.out$n ] || ret=1 -grep "'geoip-use-ecs' is obsolete" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - n=`expr $n + 1` echo_i "checking named-checkconf kasp errors ($n)" ret=0 diff --git a/bin/tests/system/checkconf/warn-geoip-use-ecs.conf b/bin/tests/system/checkconf/warn-geoip-use-ecs.conf deleted file mode 100644 index 9e2c76499d..0000000000 --- a/bin/tests/system/checkconf/warn-geoip-use-ecs.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - geoip-use-ecs no; -}; diff --git a/bin/tests/system/keepalive/ns2/named.conf.in b/bin/tests/system/keepalive/ns2/named.conf.in index c24fbdcabd..b753284875 100644 --- a/bin/tests/system/keepalive/ns2/named.conf.in +++ b/bin/tests/system/keepalive/ns2/named.conf.in @@ -27,7 +27,6 @@ options { listen-on { 10.53.0.2; }; listen-on-v6 { none; }; recursion yes; - acache-enable yes; send-cookie yes; tcp-advertised-timeout 150; }; diff --git a/bin/tests/system/padding/ns2/named.conf.in b/bin/tests/system/padding/ns2/named.conf.in index 89fa953651..fba1fcaf73 100644 --- a/bin/tests/system/padding/ns2/named.conf.in +++ b/bin/tests/system/padding/ns2/named.conf.in @@ -27,7 +27,6 @@ options { listen-on { 10.53.0.2; }; listen-on-v6 { none; }; recursion yes; - acache-enable yes; send-cookie yes; response-padding { !10.53.0.8; any; } block-size 64; }; diff --git a/bin/tests/system/rrl/tests.sh b/bin/tests/system/rrl/tests.sh index 764ccb8e69..846f692989 100644 --- a/bin/tests/system/rrl/tests.sh +++ b/bin/tests/system/rrl/tests.sh @@ -163,8 +163,7 @@ ckstats () { ######### sec_start -# Tests of referrals to "." must be done before the hints are loaded -# or with "additional-from-cache no" +# Tests of referrals to "." must be done before the hints are loaded. burst 5 a1.tld3 +norec # basic rate limiting burst 3 a1.tld2 diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 652c71903a..96416d320e 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -1658,16 +1658,6 @@ Boolean Options flush any pending zone writes. The default is ``flush-zones-on-shutdown no``. -``geoip-use-ecs`` - This option was part of an experimental implementation of the EDNS - CLIENT-SUBNET for authoritative servers, but is now obsolete. - -``ipv4only-enable`` - Create the IPV4ONLY.ARPA zone as described in RFC 8880. By - default the zone is only created if a DNS64 prefix is configured. - Control the SOA contact and server values with ``ipv4only-contact`` - and ``ipv4only-server`` respectively. - ``root-key-sentinel`` If ``yes``, respond to root key sentinel probes as described in draft-ietf-dnsop-kskroll-sentinel-08. The default is ``yes``. @@ -1781,9 +1771,6 @@ Boolean Options option in its response, then its contents are logged in the ``nsid`` category at level ``info``. The default is ``no``. -``request-sit`` - This experimental option is obsolete. - ``require-server-cookie`` If ``yes``, require a valid server cookie before sending a full response to a UDP request from a cookie-aware client. BADCOOKIE is sent if there is a @@ -1868,9 +1855,6 @@ Boolean Options option may further limit the response size as the default for ``max-udp-size`` is 1232. -``sit-secret`` - This experimental option is obsolete. - ``cookie-algorithm`` This sets the algorithm to be used when generating the server cookie; the options are "aes", "sha1", or "sha256". The default is "aes" if supported by @@ -1924,12 +1908,6 @@ Boolean Options The default is ``yes``. -``use-ixfr`` - *This option is obsolete*. To disable IXFR to a - particular server or servers, see the information on the - ``provide-ixfr`` option in :ref:`server_statement_definition_and_usage`. - See also :ref:`incremental_zone_transfers`. - ``provide-ixfr`` See the description of ``provide-ixfr`` in :ref:`server_statement_definition_and_usage`. @@ -2003,9 +1981,6 @@ Boolean Options The default setting is ``auto-dnssec off``. -``dnssec-enable`` - This option is obsolete and has no effect. - .. _dnssec-validation-option: ``dnssec-validation`` @@ -2369,12 +2344,6 @@ for details on how to specify IP address lists. and inherited by zones, this can lead to some zones unintentionally forwarding updates. -``allow-v6-synthesis`` - This option was introduced for the smooth transition from AAAA to A6 - and from "nibble labels" to binary labels. However, since both A6 and - binary labels were then deprecated, this option was also deprecated. - It is now ignored with some warning messages. - .. _allow-transfer-access: ``allow-transfer`` @@ -2534,6 +2503,14 @@ system default range; otherwise, it uses its own defaults: use-v4-udp-ports { range 1024 65535; }; use-v6-udp-ports { range 1024 65535; }; +The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports`` +options are: + +:: + + avoid-v4-udp-ports {}; + avoid-v6-udp-ports {}; + .. note:: Make sure the ranges are sufficiently large for security. A desirable size depends on several parameters, but we generally recommend it contain at least 16384 ports (14 bits of entropy). Note also that the @@ -2553,38 +2530,14 @@ system default range; otherwise, it uses its own defaults: set of ports that can be safely used in the expected operational environment. -The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports`` -options are: +.. note:: The address specified in the ``query-source`` option is used for both + UDP and TCP queries, but the port applies only to UDP queries. TCP + queries always use a random unprivileged port. -:: +.. note:: Solaris 2.5.1 and earlier does not support setting the source address + for TCP sockets. - avoid-v4-udp-ports {}; - avoid-v6-udp-ports {}; - -.. note:: BIND 9.5.0 introduced the ``use-queryport-pool`` option to support - a pool of such random ports, but this option is now obsolete because - reusing the same ports in the pool may not be sufficiently secure. For - the same reason, it is generally strongly discouraged to specify a - particular port for the ``query-source`` or ``query-source-v6`` options; - it implicitly disables the use of randomized port numbers. - -``use-queryport-pool`` - This option is obsolete. - -``queryport-pool-ports`` - This option is obsolete. - -``queryport-pool-updateinterval`` - This option is obsolete. - - .. note:: The address specified in the ``query-source`` option is used for both - UDP and TCP queries, but the port applies only to UDP queries. TCP - queries always use a random unprivileged port. - - .. note:: Solaris 2.5.1 and earlier does not support setting the source address - for TCP sockets. - - .. note:: See also ``transfer-source`` and ``notify-source``. +.. note:: See also ``transfer-source`` and ``notify-source``. .. _zone_transfers: diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 1473b5385b..e789aaadd1 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -1557,17 +1557,6 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, } } - obj = NULL; - (void)cfg_map_get(options, "geoip-use-ecs", &obj); - if (obj != NULL && cfg_obj_asboolean(obj)) { - cfg_obj_log(obj, logctx, ISC_LOG_ERROR, - "'geoip-use-ecs yes': " - "ECS can no longer be used in geoip ACLs"); - if (result == ISC_R_SUCCESS) { - result = ISC_R_FAILURE; - } - } - obj = NULL; (void)cfg_map_get(options, "max-ixfr-ratio", &obj); if (obj != NULL && cfg_obj_ispercentage(obj)) { diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index e37cc25ed3..f85c698e61 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -235,20 +235,6 @@ static cfg_type_t cfg_type_portiplist = { "portiplist", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, portiplist_fields }; -/* - * Obsolete format for the "pubkey" statement. - */ -static cfg_tuplefielddef_t pubkey_fields[] = { - { "flags", &cfg_type_uint32, 0 }, - { "protocol", &cfg_type_uint32, 0 }, - { "algorithm", &cfg_type_uint32, 0 }, - { "key", &cfg_type_qstring, 0 }, - { NULL, NULL, 0 } -}; -static cfg_type_t cfg_type_pubkey = { "pubkey", cfg_parse_tuple, - cfg_print_tuple, cfg_doc_tuple, - &cfg_rep_tuple, pubkey_fields }; - /*% * A list of RR types, used in grant statements. * Note that the old parser allows quotes around the RR type names. @@ -1102,8 +1088,7 @@ static cfg_clausedef_t namedconf_clauses[] = { { "controls", &cfg_type_controls, CFG_CLAUSEFLAG_MULTI }, { "dnssec-policy", &cfg_type_dnssecpolicy, CFG_CLAUSEFLAG_MULTI }, { "logging", &cfg_type_logging, 0 }, - { "lwres", &cfg_type_bracketed_text, - CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE }, + { "lwres", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT }, { "masters", &cfg_type_primaries, CFG_CLAUSEFLAG_MULTI }, { "options", &cfg_type_options, 0 }, { "primaries", &cfg_type_primaries, CFG_CLAUSEFLAG_MULTI }, @@ -1165,7 +1150,7 @@ static cfg_clausedef_t options_clauses[] = { { "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI }, { "coresize", &cfg_type_size, 0 }, { "datasize", &cfg_type_size, 0 }, - { "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK }, #ifdef HAVE_DNSTAP { "dnstap-output", &cfg_type_dnstapoutput, 0 }, @@ -1180,7 +1165,7 @@ static cfg_clausedef_t options_clauses[] = { #endif /* ifdef HAVE_DNSTAP */ { "dscp", &cfg_type_uint32, 0 }, { "dump-file", &cfg_type_qstring, 0 }, - { "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "files", &cfg_type_size, 0 }, { "flush-zones-on-shutdown", &cfg_type_boolean, 0 }, #ifdef HAVE_DNSTAP @@ -1213,11 +1198,11 @@ static cfg_clausedef_t options_clauses[] = { { "geoip-directory", &cfg_type_qstringornone, CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* HAVE_GEOIP2 */ - { "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "geoip-use-ecs", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "has-old-clients", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "heartbeat-interval", &cfg_type_uint32, 0 }, - { "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, - { "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "host-statistics", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "host-statistics-max", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "hostname", &cfg_type_qstringornone, 0 }, { "interface-interval", &cfg_type_duration, 0 }, { "keep-response-order", &cfg_type_bracketed_aml, 0 }, @@ -1229,8 +1214,8 @@ static cfg_clausedef_t options_clauses[] = { { "max-rsa-exponent-size", &cfg_type_uint32, 0 }, { "memstatistics", &cfg_type_boolean, 0 }, { "memstatistics-file", &cfg_type_qstring, 0 }, - { "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, - { "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT }, + { "multiple-cnames", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "named-xfer", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "notify-rate", &cfg_type_uint32, 0 }, { "pid-file", &cfg_type_qstringornone, 0 }, { "port", &cfg_type_uint32, 0 }, @@ -1241,17 +1226,17 @@ static cfg_clausedef_t options_clauses[] = { { "recursive-clients", &cfg_type_uint32, 0 }, { "reserved-sockets", &cfg_type_uint32, 0 }, { "secroots-file", &cfg_type_qstring, 0 }, - { "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "serial-queries", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "serial-query-rate", &cfg_type_uint32, 0 }, { "server-id", &cfg_type_serverid, 0 }, { "session-keyalg", &cfg_type_astring, 0 }, { "session-keyfile", &cfg_type_qstringornone, 0 }, { "session-keyname", &cfg_type_astring, 0 }, - { "sit-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_OBSOLETE }, + { "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "stacksize", &cfg_type_size, 0 }, { "startup-notify-rate", &cfg_type_uint32, 0 }, { "statistics-file", &cfg_type_qstring, 0 }, - { "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "tcp-advertised-timeout", &cfg_type_uint32, 0 }, { "tcp-clients", &cfg_type_uint32, 0 }, { "tcp-idle-timeout", &cfg_type_uint32, 0 }, @@ -1266,9 +1251,9 @@ static cfg_clausedef_t options_clauses[] = { { "transfers-in", &cfg_type_uint32, 0 }, { "transfers-out", &cfg_type_uint32, 0 }, { "transfers-per-ns", &cfg_type_uint32, 0 }, - { "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, - { "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, - { "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "treat-cr-as-space", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "use-id-pool", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "use-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "version", &cfg_type_qstringornone, 0 }, @@ -1920,24 +1905,22 @@ static cfg_type_t cfg_type_dns64 = { "dns64", cfg_parse_netprefix_map, */ static cfg_clausedef_t view_clauses[] = { - { "acache-cleaning-interval", &cfg_type_uint32, - CFG_CLAUSEFLAG_OBSOLETE }, - { "acache-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "additional-from-auth", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "additional-from-cache", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "acache-cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "acache-enable", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "additional-from-auth", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "additional-from-cache", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "allow-new-zones", &cfg_type_boolean, 0 }, { "allow-query-cache", &cfg_type_bracketed_aml, 0 }, { "allow-query-cache-on", &cfg_type_bracketed_aml, 0 }, { "allow-recursion", &cfg_type_bracketed_aml, 0 }, { "allow-recursion-on", &cfg_type_bracketed_aml, 0 }, - { "allow-v6-synthesis", &cfg_type_bracketed_aml, - CFG_CLAUSEFLAG_OBSOLETE }, + { "allow-v6-synthesis", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "attach-cache", &cfg_type_astring, 0 }, { "auth-nxdomain", &cfg_type_boolean, 0 }, { "cache-file", &cfg_type_qstring, 0 }, { "catalog-zones", &cfg_type_catz, 0 }, { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI }, - { "cleaning-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "clients-per-query", &cfg_type_uint32, 0 }, { "deny-answer-addresses", &cfg_type_denyaddresses, 0 }, { "deny-answer-aliases", &cfg_type_denyaliases, 0 }, @@ -1958,8 +1941,9 @@ static cfg_clausedef_t view_clauses[] = { CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* ifdef USE_DNSRPS */ { "dnssec-accept-expired", &cfg_type_boolean, 0 }, - { "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "dnssec-lookaside", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT }, + { "dnssec-enable", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "dnssec-lookaside", NULL, + CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT }, { "dnssec-must-be-secure", &cfg_type_mustbesecure, CFG_CLAUSEFLAG_MULTI }, { "dnssec-validation", &cfg_type_boolorauto, 0 }, @@ -1973,7 +1957,7 @@ static cfg_clausedef_t view_clauses[] = { { "empty-contact", &cfg_type_astring, 0 }, { "empty-server", &cfg_type_astring, 0 }, { "empty-zones-enable", &cfg_type_boolean, 0 }, - { "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "fetch-glue", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "fetch-quota-params", &cfg_type_fetchquota, 0 }, { "fetches-per-server", &cfg_type_fetchesper, 0 }, { "fetches-per-zone", &cfg_type_fetchesper, 0 }, @@ -1991,7 +1975,7 @@ static cfg_clausedef_t view_clauses[] = { #else /* ifdef HAVE_LMDB */ { "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* ifdef HAVE_LMDB */ - { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, + { "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, { "max-cache-ttl", &cfg_type_duration, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, @@ -2003,13 +1987,13 @@ static cfg_clausedef_t view_clauses[] = { { "message-compression", &cfg_type_boolean, 0 }, { "min-cache-ttl", &cfg_type_duration, 0 }, { "min-ncache-ttl", &cfg_type_duration, 0 }, - { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, + { "min-roots", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "minimal-any", &cfg_type_boolean, 0 }, { "minimal-responses", &cfg_type_minimal, 0 }, { "new-zones-directory", &cfg_type_qstring, 0 }, { "no-case-compress", &cfg_type_bracketed_aml, 0 }, { "nocookie-udp-size", &cfg_type_uint32, 0 }, - { "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, + { "nosit-udp-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "nta-lifetime", &cfg_type_duration, 0 }, { "nta-recheck", &cfg_type_duration, 0 }, { "nxdomain-redirect", &cfg_type_astring, 0 }, @@ -2023,20 +2007,19 @@ static cfg_clausedef_t view_clauses[] = { */ { "query-source", &cfg_type_querysource4, 0 }, { "query-source-v6", &cfg_type_querysource6, 0 }, - { "queryport-pool-ports", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, - { "queryport-pool-updateinterval", &cfg_type_uint32, - CFG_CLAUSEFLAG_OBSOLETE }, + { "queryport-pool-ports", NULL, CFG_CLAUSEFLAG_ANCIENT }, + { "queryport-pool-updateinterval", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "rate-limit", &cfg_type_rrl, 0 }, { "recursion", &cfg_type_boolean, 0 }, { "request-nsid", &cfg_type_boolean, 0 }, - { "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "require-server-cookie", &cfg_type_boolean, 0 }, { "resolver-nonbackoff-tries", &cfg_type_uint32, 0 }, { "resolver-query-timeout", &cfg_type_uint32, 0 }, { "resolver-retry-interval", &cfg_type_uint32, 0 }, { "response-padding", &cfg_type_resppadding, 0 }, { "response-policy", &cfg_type_rpz, 0 }, - { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "rfc2308-type1", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "root-delegation-only", &cfg_type_optional_exclude, 0 }, { "root-key-sentinel", &cfg_type_boolean, 0 }, { "rrset-order", &cfg_type_rrsetorder, 0 }, @@ -2050,11 +2033,11 @@ static cfg_clausedef_t view_clauses[] = { { "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "synth-from-dnssec", &cfg_type_boolean, 0 }, - { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT }, + { "topology", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "transfer-format", &cfg_type_transferformat, 0 }, { "trust-anchor-telemetry", &cfg_type_boolean, CFG_CLAUSEFLAG_EXPERIMENTAL }, - { "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "use-queryport-pool", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "validate-except", &cfg_type_namelist, 0 }, { "v6-bias", &cfg_type_uint32, 0 }, { "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 }, @@ -2165,14 +2148,14 @@ static cfg_clausedef_t zone_clauses[] = { CFG_ZONE_MASTER | CFG_ZONE_SLAVE }, { "key-directory", &cfg_type_qstring, CFG_ZONE_MASTER | CFG_ZONE_SLAVE }, - { "maintain-ixfr-base", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "maintain-ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "masterfile-format", &cfg_type_masterformat, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_REDIRECT }, { "masterfile-style", &cfg_type_masterstyle, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_REDIRECT }, - { "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, + { "max-ixfr-log-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "max-ixfr-ratio", &cfg_type_ixfrratio, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR }, { "max-journal-size", &cfg_type_size, @@ -2272,10 +2255,10 @@ static cfg_clausedef_t zone_only_clauses[] = { CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_HINT | CFG_ZONE_REDIRECT }, { "in-view", &cfg_type_astring, CFG_ZONE_INVIEW }, - { "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT }, + { "ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "ixfr-from-differences", &cfg_type_boolean, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR }, - { "ixfr-tmp-file", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT }, + { "ixfr-tmp-file", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "journal", &cfg_type_qstring, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR }, { "masters", &cfg_type_namesockaddrkeylist, @@ -2284,7 +2267,7 @@ static cfg_clausedef_t zone_only_clauses[] = { { "primaries", &cfg_type_namesockaddrkeylist, CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB | CFG_ZONE_REDIRECT }, - { "pubkey", &cfg_type_pubkey, CFG_CLAUSEFLAG_ANCIENT }, + { "pubkey", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "server-addresses", &cfg_type_bracketed_netaddrlist, CFG_ZONE_STATICSTUB }, { "server-names", &cfg_type_namelist, CFG_ZONE_STATICSTUB }, @@ -2420,9 +2403,9 @@ static cfg_clausedef_t server_clauses[] = { { "request-expire", &cfg_type_boolean, 0 }, { "request-ixfr", &cfg_type_boolean, 0 }, { "request-nsid", &cfg_type_boolean, 0 }, - { "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "send-cookie", &cfg_type_boolean, 0 }, - { "support-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "support-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "tcp-keepalive", &cfg_type_boolean, 0 }, { "tcp-only", &cfg_type_boolean, 0 }, { "transfer-format", &cfg_type_transferformat, 0 }, @@ -3789,11 +3772,14 @@ cfg_print_zonegrammar(const unsigned int zonetype, unsigned int flags, for (clause = clauses; clause->name != NULL; clause++) { if (((pctx.flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; } + if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) { + continue; + } + if ((clause->flags & zonetype) == 0 || strcasecmp(clause->name, "type") == 0) { continue; diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 9fd049553f..435531f17f 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -2743,11 +2743,13 @@ cfg_doc_mapbody(cfg_printer_t *pctx, const cfg_type_t *type) { for (clause = *clauseset; clause->name != NULL; clause++) { if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; } + if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) { + continue; + } cfg_print_cstr(pctx, clause->name); cfg_print_cstr(pctx, " "); cfg_doc_obj(pctx, clause->type); @@ -2797,11 +2799,13 @@ cfg_doc_map(cfg_printer_t *pctx, const cfg_type_t *type) { for (clause = *clauseset; clause->name != NULL; clause++) { if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) && (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) || - ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) || ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0))) { continue; } + if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) { + continue; + } cfg_print_indent(pctx); cfg_print_cstr(pctx, clause->name); if (clause->type->print != cfg_print_void) { diff --git a/lib/ns/query.c b/lib/ns/query.c index bbaf1c91b1..ae0a7bef4b 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -6691,7 +6691,7 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) { /* * Handle referral to ".", including when recursion * is off or not requested and the hints have not - * been loaded or we have "additional-from-cache no". + * been loaded. */ constname = dns_rootname; resp_result = DNS_R_DELEGATION; From c6c3e2d074724db31b41263f01aa9cd96a8069ad Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 15:10:54 +0100 Subject: [PATCH 08/12] Update doc files Run make doc after all the code changes related to #1086. --- CHANGES | 2 + bin/named/named.conf.rst | 7 ++- doc/man/named.conf.5in | 7 ++- doc/misc/options | 90 +++--------------------------------- doc/misc/options.active | 10 ++-- doc/misc/options.grammar.rst | 2 +- 6 files changed, 25 insertions(+), 93 deletions(-) diff --git a/CHANGES b/CHANGES index 5873831054..aac6b48b55 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +5563. [cleanup] Clean up the number of clause flags [GL #1086]. + 5562. [placeholder] 5561. [bug] KASP incorrectly set signature validity to the value diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index bf4ba2d059..9fbe08b0ba 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -165,7 +165,7 @@ OPTIONS * ) ] [ dscp integer ]; answer-cookie boolean; attach-cache string; - auth-nxdomain boolean; // default changed + auth-nxdomain boolean; auto-dnssec ( allow | maintain | off ); automatic-interface-scan boolean; avoid-v4-udp-ports { portrange; ... }; @@ -519,7 +519,10 @@ TLS tls string { cert-file quoted_string; + ciphers string; // experimental + dh-param quoted_string; // experimental key-file quoted_string; + protocols sslprotos; // experimental }; TRUST-ANCHORS @@ -568,7 +571,7 @@ VIEW alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach-cache string; - auth-nxdomain boolean; // default changed + auth-nxdomain boolean; auto-dnssec ( allow | maintain | off ); cache-file quoted_string; catalog-zones { zone string [ default-masters [ port integer ] diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 6927fc9b62..9798295f4a 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -228,7 +228,7 @@ options { * ) ] [ dscp integer ]; answer\-cookie boolean; attach\-cache string; - auth\-nxdomain boolean; // default changed + auth\-nxdomain boolean; auto\-dnssec ( allow | maintain | off ); automatic\-interface\-scan boolean; avoid\-v4\-udp\-ports { portrange; ... }; @@ -602,7 +602,10 @@ statistics\-channels { .ft C tls string { cert\-file quoted_string; + ciphers string; // experimental + dh\-param quoted_string; // experimental key\-file quoted_string; + protocols sslprotos; // experimental }; .ft P .fi @@ -663,7 +666,7 @@ view string [ class ] { alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach\-cache string; - auth\-nxdomain boolean; // default changed + auth\-nxdomain boolean; auto\-dnssec ( allow | maintain | off ); cache\-file quoted_string; catalog\-zones { zone string [ default\-masters [ port integer ] diff --git a/doc/misc/options b/doc/misc/options index eac0be785a..6d7bcc798f 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -63,8 +63,6 @@ logging { }; // may occur multiple times }; -lwres { }; // obsolete, may occur multiple times - managed-keys { ( static-key | initial-key | static-ds | initial-ds ) @@ -76,10 +74,6 @@ masters [ port ] [ dscp ] ) [ key ]; ... }; // may occur multiple times options { - acache-cleaning-interval ; // obsolete - acache-enable ; // obsolete - additional-from-auth ; // obsolete - additional-from-cache ; // obsolete allow-new-zones ; allow-notify { ; ... }; allow-query { ; ... }; @@ -91,7 +85,6 @@ options { allow-transfer { ; ... }; allow-update { ; ... }; allow-update-forwarding { ; ... }; - allow-v6-synthesis { ; ... }; // obsolete also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; @@ -101,7 +94,7 @@ options { * ) ] [ dscp ]; answer-cookie ; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); automatic-interface-scan ; avoid-v4-udp-ports { ; ... }; @@ -125,13 +118,11 @@ options { check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard ; - cleaning-interval ; // obsolete clients-per-query ; cookie-algorithm ( aes | siphash24 ); cookie-secret ; // may occur multiple times coresize ( default | unlimited | ); datasize ( default | unlimited | ); - deallocate-on-exit ; // ancient deny-answer-addresses { ; ... } [ except-from { ; ... } ]; deny-answer-aliases { ; ... } [ except-from { ; ... @@ -158,11 +149,7 @@ options { dnsrps-options { }; dnssec-accept-expired ; dnssec-dnskey-kskonly ; - dnssec-enable ; // obsolete dnssec-loadkeys-interval ; - dnssec-lookaside ( - trust-anchor | - auto | no ); // obsolete, may occur multiple times dnssec-must-be-secure ; // may occur multiple times dnssec-policy ; dnssec-secure-to-insecure ; @@ -185,8 +172,6 @@ options { empty-contact ; empty-server ; empty-zones-enable ; - fake-iquery ; // ancient - fetch-glue ; // ancient fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; @@ -206,12 +191,8 @@ options { fstrm-set-output-queue-size ; fstrm-set-reopen-interval ; geoip-directory ( | none ); - geoip-use-ecs ; // obsolete glue-cache ; // deprecated - has-old-clients ; // ancient heartbeat-interval ; - host-statistics ; // ancient - host-statistics-max ; // ancient hostname ( | none ); inline-signing ; interface-interval ; @@ -231,16 +212,13 @@ options { ; ... }; // may occur multiple times lmdb-mapsize ; lock-file ( | none ); - maintain-ixfr-base ; // ancient managed-keys-directory ; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); match-mapped-addresses ; - max-acache-size ( unlimited | ); // obsolete max-cache-size ( default | unlimited | | ); max-cache-ttl ; max-clients-per-query ; - max-ixfr-log-size ( default | unlimited | ); // ancient max-ixfr-ratio ( unlimited | ); max-journal-size ( default | unlimited | ); max-ncache-ttl ; @@ -264,16 +242,12 @@ options { min-ncache-ttl ; min-refresh-time ; min-retry-time ; - min-roots ; // ancient minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); multi-master ; - multiple-cnames ; // ancient - named-xfer ; // ancient new-zones-directory ; no-case-compress { ; ... }; nocookie-udp-size ; - nosit-udp-size ; // obsolete notify ( explicit | master-only | primary-only | ); notify-delay ; notify-rate ; @@ -299,8 +273,6 @@ options { | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; querylog ; - queryport-pool-ports ; // obsolete - queryport-pool-updateinterval ; // obsolete random-device ( | none ); rate-limit { all-per-second ; @@ -325,7 +297,6 @@ options { request-expire ; request-ixfr ; request-nsid ; - request-sit ; // obsolete require-server-cookie ; reserved-sockets ; resolver-nonbackoff-tries ; @@ -346,14 +317,12 @@ options { [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - rfc2308-type1 ; // ancient root-delegation-only [ exclude { ; ... } ]; root-key-sentinel ; rrset-order { [ class ] [ type ] [ name ] ; ... }; secroots-file ; send-cookie ; - serial-queries ; // ancient serial-query-rate ; serial-update-method ( date | increment | unixtime ); server-id ( | none | hostname ); @@ -365,7 +334,6 @@ options { sig-signing-signatures ; sig-signing-type ; sig-validity-interval [ ]; - sit-secret ; // obsolete sortlist { ; ... }; stacksize ( default | unlimited | ); stale-answer-enable ; @@ -374,8 +342,7 @@ options { stale-refresh-time ; startup-notify-rate ; statistics-file ; - statistics-interval ; // ancient - suppress-initial-notify ; // not yet implemented + suppress-initial-notify ; // obsolete synth-from-dnssec ; tcp-advertised-timeout ; tcp-clients ; @@ -388,7 +355,6 @@ options { tkey-gssapi-credential ; tkey-gssapi-keytab ; tls-port ; - topology { ; ... }; // ancient transfer-format ( many-answers | one-answer ); transfer-message-size ; transfer-source ( | * ) [ port ( | * ) ] [ @@ -398,14 +364,10 @@ options { transfers-in ; transfers-out ; transfers-per-ns ; - treat-cr-as-space ; // ancient trust-anchor-telemetry ; // experimental try-tcp-refresh ; update-check-ksk ; use-alt-transfer-source ; - use-id-pool ; // ancient - use-ixfr ; // obsolete - use-queryport-pool ; // obsolete use-v4-udp-ports { ; ... }; use-v6-udp-ports { ; ... }; v6-bias ; @@ -446,9 +408,7 @@ server { request-expire ; request-ixfr ; request-nsid ; - request-sit ; // obsolete send-cookie ; - support-ixfr ; // obsolete tcp-keepalive ; tcp-only ; transfer-format ( many-answers | one-answer ); @@ -468,10 +428,10 @@ statistics-channels { tls { cert-file ; - ciphers ; // not implemented - dh-param ; // not implemented + ciphers ; // experimental + dh-param ; // experimental key-file ; - protocols ; // not implemented + protocols ; // experimental }; // may occur multiple times trust-anchors { ( static-key | @@ -484,10 +444,6 @@ trusted-keys { ; ... }; // may occur multiple times, deprecated view [ ] { - acache-cleaning-interval ; // obsolete - acache-enable ; // obsolete - additional-from-auth ; // obsolete - additional-from-cache ; // obsolete allow-new-zones ; allow-notify { ; ... }; allow-query { ; ... }; @@ -499,7 +455,6 @@ view [ ] { allow-transfer { ; ... }; allow-update { ; ... }; allow-update-forwarding { ; ... }; - allow-v6-synthesis { ; ... }; // obsolete also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; @@ -508,7 +463,7 @@ view [ ] { alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); cache-file ; catalog-zones { zone [ default-masters [ port ] @@ -527,7 +482,6 @@ view [ ] { check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard ; - cleaning-interval ; // obsolete clients-per-query ; deny-answer-addresses { ; ... } [ except-from { ; ... } ]; @@ -558,11 +512,7 @@ view [ ] { dnsrps-options { }; dnssec-accept-expired ; dnssec-dnskey-kskonly ; - dnssec-enable ; // obsolete dnssec-loadkeys-interval ; - dnssec-lookaside ( - trust-anchor | - auto | no ); // obsolete, may occur multiple times dnssec-must-be-secure ; // may occur multiple times dnssec-policy ; dnssec-secure-to-insecure ; @@ -580,7 +530,6 @@ view [ ] { empty-contact ; empty-server ; empty-zones-enable ; - fetch-glue ; // ancient fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; @@ -604,7 +553,6 @@ view [ ] { key-directory ; lame-ttl ; lmdb-mapsize ; - maintain-ixfr-base ; // ancient managed-keys { ( static-key | initial-key | static-ds | initial-ds @@ -616,11 +564,9 @@ view [ ] { match-clients { ; ... }; match-destinations { ; ... }; match-recursive-only ; - max-acache-size ( unlimited | ); // obsolete max-cache-size ( default | unlimited | | ); max-cache-ttl ; max-clients-per-query ; - max-ixfr-log-size ( default | unlimited | ); // ancient max-ixfr-ratio ( unlimited | ); max-journal-size ( default | unlimited | ); max-ncache-ttl ; @@ -641,14 +587,12 @@ view [ ] { min-ncache-ttl ; min-refresh-time ; min-retry-time ; - min-roots ; // ancient minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); multi-master ; new-zones-directory ; no-case-compress { ; ... }; nocookie-udp-size ; - nosit-udp-size ; // obsolete notify ( explicit | master-only | primary-only | ); notify-delay ; notify-source ( | * ) [ port ( | * ) ] [ @@ -672,8 +616,6 @@ view [ ] { query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - queryport-pool-ports ; // obsolete - queryport-pool-updateinterval ; // obsolete rate-limit { all-per-second ; errors-per-second ; @@ -695,7 +637,6 @@ view [ ] { request-expire ; request-ixfr ; request-nsid ; - request-sit ; // obsolete require-server-cookie ; resolver-nonbackoff-tries ; resolver-query-timeout ; @@ -715,7 +656,6 @@ view [ ] { [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - rfc2308-type1 ; // ancient root-delegation-only [ exclude { ; ... } ]; root-key-sentinel ; rrset-order { [ class ] [ type ] [ name @@ -746,9 +686,7 @@ view [ ] { request-expire ; request-ixfr ; request-nsid ; - request-sit ; // obsolete send-cookie ; - support-ixfr ; // obsolete tcp-keepalive ; tcp-only ; transfer-format ( many-answers | one-answer ); @@ -768,9 +706,8 @@ view [ ] { stale-answer-ttl ; stale-cache-enable ; stale-refresh-time ; - suppress-initial-notify ; // not yet implemented + suppress-initial-notify ; // obsolete synth-from-dnssec ; - topology { ; ... }; // ancient transfer-format ( many-answers | one-answer ); transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; @@ -788,7 +725,6 @@ view [ ] { try-tcp-refresh ; update-check-ksk ; use-alt-transfer-source ; - use-queryport-pool ; // obsolete v6-bias ; validate-except { ; ... }; zero-no-soa-ttl ; @@ -836,20 +772,15 @@ view [ ] { dscp ]; ... }; in-view ; inline-signing ; - ixfr-base ; // ancient ixfr-from-differences ; - ixfr-tmp-file ; // ancient journal ; key-directory ; - maintain-ixfr-base ; // ancient masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; - max-ixfr-log-size ( default | unlimited | - ); // ancient max-ixfr-ratio ( unlimited | ); max-journal-size ( default | unlimited | ); max-records ; @@ -875,8 +806,6 @@ view [ ] { | [ port ] | [ port ] ) [ key ]; ... }; - pubkey - ; // ancient request-expire ; request-ixfr ; serial-update-method ( date | increment | unixtime ); @@ -947,18 +876,14 @@ zone [ ] { | ) [ port ] [ dscp ]; ... }; in-view ; inline-signing ; - ixfr-base ; // ancient ixfr-from-differences ; - ixfr-tmp-file ; // ancient journal ; key-directory ; - maintain-ixfr-base ; // ancient masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; - max-ixfr-log-size ( default | unlimited | ); // ancient max-ixfr-ratio ( unlimited | ); max-journal-size ( default | unlimited | ); max-records ; @@ -983,7 +908,6 @@ zone [ ] { primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; - pubkey ; // ancient request-expire ; request-ixfr ; serial-update-method ( date | increment | unixtime ); diff --git a/doc/misc/options.active b/doc/misc/options.active index b418af3c39..6d158267bf 100644 --- a/doc/misc/options.active +++ b/doc/misc/options.active @@ -93,7 +93,7 @@ options { * ) ] [ dscp ]; answer-cookie ; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); automatic-interface-scan ; avoid-v4-udp-ports { ; ... }; @@ -422,10 +422,10 @@ statistics-channels { tls { cert-file ; - ciphers ; // not implemented - dh-param ; // not implemented + ciphers ; // experimental + dh-param ; // experimental key-file ; - protocols ; // not implemented + protocols ; // experimental }; // may occur multiple times trust-anchors { ( static-key | @@ -457,7 +457,7 @@ view [ ] { alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); cache-file ; catalog-zones { zone [ default-masters [ port ] diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst index 9dba4f965a..867256d25a 100644 --- a/doc/misc/options.grammar.rst +++ b/doc/misc/options.grammar.rst @@ -21,7 +21,7 @@ * ) ] [ dscp ]; answer-cookie ; attach-cache ; - auth-nxdomain ; // default changed + auth-nxdomain ; auto-dnssec ( allow | maintain | off ); automatic-interface-scan ; avoid-v4-udp-ports { ; ... }; From 9d96350f4f23be4a76419357f6fe2c168716dd51 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 15:19:21 +0100 Subject: [PATCH 09/12] Add notes for [#1086] Mention the configuration cleanup. --- CHANGES | 5 ++++- doc/notes/notes-current.rst | 12 +++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index aac6b48b55..7652c6860b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,7 @@ -5563. [cleanup] Clean up the number of clause flags [GL #1086]. +5563. [cleanup] Changed several obsolete configuration options to + ancient, making them into fatal errors. Also cleaned + up the number of clause flags in the configuration + parser. [GL #1086] 5562. [placeholder] diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index eec08c3a79..95a441124d 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -29,7 +29,17 @@ New Features Removed Features ~~~~~~~~~~~~~~~~ -- None. +- A number of non-working configuration options that had been marked + as obsolete in previous releases have now been removed completely. + Using any of the following options is now considered a configuration + failure: + ``acache-cleaning-interval``, ``acache-enable``, ``additional-from-auth``, + ``additional-from-cache``, ``allow-v6-synthesis``, ``cleaning-interval``, + ``dnssec-enable``, ``dnssec-lookaside``, ``filter-aaaa``, + ``filter-aaaa-on-v4``, ``filter-aaaa-on-v6``, ``geoip-use-ecs``, ``lwres``, + ``max-acache-size``, ``nosit-udp-size``, ``queryport-pool-ports``, + ``queryport-pool-updateinterval``, ``request-sit``, ``sit-secret``, + ``support-ixfr``, ``use-queryport-pool``, ``use-ixfr``. [GL #1086] Feature Changes ~~~~~~~~~~~~~~~ From dc6de216af566f2d293cfc5b791b20de4b465c3a Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 15:51:48 +0100 Subject: [PATCH 10/12] Update copyrights for [#1086] --- util/copyrights | 1 - 1 file changed, 1 deletion(-) diff --git a/util/copyrights b/util/copyrights index 5d22313d46..2e025daa6c 100644 --- a/util/copyrights +++ b/util/copyrights @@ -269,7 +269,6 @@ ./bin/tests/system/checkconf/clean.sh SH 2011,2012,2013,2014,2016,2018,2019,2020,2021 ./bin/tests/system/checkconf/dnssec.1 X 2011,2016,2018,2019,2020,2021 ./bin/tests/system/checkconf/dnssec.2 X 2011,2016,2018,2019,2020,2021 -./bin/tests/system/checkconf/dnssec.3 X 2011,2016,2017,2018,2019,2020,2021 ./bin/tests/system/checkconf/good.zonelist X 2016,2017,2018,2019,2020,2021 ./bin/tests/system/checkconf/tests.sh SH 2005,2007,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021 ./bin/tests/system/checknames/clean.sh SH 2004,2007,2012,2014,2015,2016,2018,2019,2020,2021 From 437d271483064deec2f4160c0ebcaea1e8c218be Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Wed, 9 Dec 2020 14:14:43 +0100 Subject: [PATCH 11/12] Special case tests for lmdb When compiling BIND 9 without lmdb, this is promoted from 'not operational' to 'not configured', resulting in a failure (and no longer a warning) if ldmb-related configuration options are set. Special case certain system tests to avoid test failures on systems that do not have lmdb. --- ...-largest.conf => lmdb-mapsize-largest.conf} | 0 ...mallest.conf => lmdb-mapsize-smallest.conf} | 0 bin/tests/system/checkconf/tests.sh | 18 ++++++++++++++++++ 3 files changed, 18 insertions(+) rename bin/tests/system/checkconf/{good-lmdb-mapsize-largest.conf => lmdb-mapsize-largest.conf} (100%) rename bin/tests/system/checkconf/{good-lmdb-mapsize-smallest.conf => lmdb-mapsize-smallest.conf} (100%) diff --git a/bin/tests/system/checkconf/good-lmdb-mapsize-largest.conf b/bin/tests/system/checkconf/lmdb-mapsize-largest.conf similarity index 100% rename from bin/tests/system/checkconf/good-lmdb-mapsize-largest.conf rename to bin/tests/system/checkconf/lmdb-mapsize-largest.conf diff --git a/bin/tests/system/checkconf/good-lmdb-mapsize-smallest.conf b/bin/tests/system/checkconf/lmdb-mapsize-smallest.conf similarity index 100% rename from bin/tests/system/checkconf/good-lmdb-mapsize-smallest.conf rename to bin/tests/system/checkconf/lmdb-mapsize-smallest.conf diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index d2350d4e5b..47bf31b5d3 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -78,6 +78,24 @@ do status=`expr $status + $ret` done +for lmdb in lmdb-*.conf +do + n=`expr $n + 1` + ret=0 + + $FEATURETEST --with-lmdb + if [ $? -eq 0 ]; then + echo_i "checking that named-checkconf detects no error in $lmdb ($n)" + $CHECKCONF $lmdb > checkconf.out$n 2>&1 + if [ $? != 0 ]; then echo_i "failed"; ret=1; fi + else + echo_i "checking that named-checkconf detects error in $lmdb ($n)" + $CHECKCONF $lmdb > checkconf.out$n 2>&1 + if [ $? == 0 ]; then echo_i "failed"; ret=1; fi + fi + status=`expr $status + $ret` +done + n=`expr $n + 1` echo_i "checking that ancient options report a fatal error ($n)" ret=0 From f411f510f7acb59610d8b2572d2e25c75b646a25 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Mon, 14 Dec 2020 10:36:17 +0100 Subject: [PATCH 12/12] Remove the option 'filter-aaaa' options The 'filter-aaaa', 'filter-aaaa-on-v4', and 'filter-aaaa-on-v6' options are replaced by the filter-aaaa plugin. This plugin was introduced in 9.13.5 and so it is safe to remove the named.conf options. --- doc/misc/options | 6 ------ lib/isccfg/namedconf.c | 6 +++--- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/doc/misc/options b/doc/misc/options index 6d7bcc798f..33874c2d0c 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -176,9 +176,6 @@ options { fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; files ( default | unlimited | ); - filter-aaaa { ; ... }; // obsolete - filter-aaaa-on-v4 ; // obsolete - filter-aaaa-on-v6 ; // obsolete flush-zones-on-shutdown ; forward ( first | only ); forwarders [ port ] [ dscp ] { ( @@ -533,9 +530,6 @@ view [ ] { fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; - filter-aaaa { ; ... }; // obsolete - filter-aaaa-on-v4 ; // obsolete - filter-aaaa-on-v6 ; // obsolete forward ( first | only ); forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index f85c698e61..b7ed28d24e 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1961,9 +1961,9 @@ static cfg_clausedef_t view_clauses[] = { { "fetch-quota-params", &cfg_type_fetchquota, 0 }, { "fetches-per-server", &cfg_type_fetchesper, 0 }, { "fetches-per-zone", &cfg_type_fetchesper, 0 }, - { "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_OBSOLETE }, - { "filter-aaaa-on-v4", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "filter-aaaa-on-v6", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT }, + { "filter-aaaa-on-v4", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "filter-aaaa-on-v6", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, { "glue-cache", &cfg_type_boolean, CFG_CLAUSEFLAG_DEPRECATED }, { "ipv4only-enable", &cfg_type_boolean, 0 }, { "ipv4only-contact", &cfg_type_astring, 0 },