Merge branch '2536-inline-signing-documentation-doesn-t-match-reality' into 'main'

Resolve "inline-signing documentation doesn't match reality" Closes #2536 See merge request isc-projects/bind9!4751
2026-05-28 04:34:54 -04:00 · 2021-05-05 00:17:40 +00:00 · 2021-05-05 00:17:40 +00:00 · 0f53872542
commit 0f53872542
parent 74d9a917eb a548a450b3
11 changed files with 65 additions and 12 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+5633.	[doc]		Inline-signing was incorrectly described as being
+			inherited from the options / view levels and was
+			incorrectly accepted at those levels without effect.
+			This has been corrected. [GL #2536]
+
 5632.	[func]		Add built-in dnssec-policy "insecure". This is used to
 			transition a zone from a signed state to a unsigned
 			state. [GL #2645]
--- a/bin/named/config.c
+++ b/bin/named/config.c
@ -225,7 +225,7 @@ options {\n\
 	dnssec-update-mode maintain;\n\
 #	forward <none>\n\
 #	forwarders <none>\n\
-	inline-signing no;\n\
+#	inline-signing no;\n\
 	ixfr-from-differences false;\n\
 #	maintain-ixfr-base <obsolete>;\n\
 #	max-ixfr-log-size <obsolete>\n\
--- a/bin/named/named.conf.rst
+++ b/bin/named/named.conf.rst
@ -276,7 +276,6 @@ OPTIONS
  	hostname ( quoted_string | none );
  	http-port integer;
  	https-port integer;
-  	inline-signing boolean;
  	interface-interval duration;
  	ipv4only-contact string;
  	ipv4only-enable boolean;
@ -666,7 +665,6 @@ VIEW
  	forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
  	    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
  	glue-cache boolean;// deprecated
-  	inline-signing boolean;
  	ipv4only-contact string;
  	ipv4only-enable boolean;
  	ipv4only-server string;
--- a/bin/tests/system/checkconf/bad-inline-options.conf
+++ b/bin/tests/system/checkconf/bad-inline-options.conf
@ -0,0 +1,22 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * inline-signing not allowed at options level.
+ */
+options {
+	inline-signing yes;
+};
+
+zone "." {
+	type primary;
+	file "root.db";
+};
--- a/bin/tests/system/checkconf/bad-inline-view.conf
+++ b/bin/tests/system/checkconf/bad-inline-view.conf
@ -0,0 +1,29 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * inline-signing not allowed at view level.
+ */
+view "a" {
+	inline-signing yes;
+
+	zone "." {
+		type primary;
+		file "root.db.signed";
+	};
+};
+
+view "b" {
+	zone "." {
+		type primary;
+		file "root.db";
+	};
+};
--- a/doc/man/named.conf.5in
+++ b/doc/man/named.conf.5in
@ -343,7 +343,6 @@ options {
      hostname ( quoted_string | none );
      http\-port integer;
      https\-port integer;
-      inline\-signing boolean;
      interface\-interval duration;
      ipv4only\-contact string;
      ipv4only\-enable boolean;
@ -765,7 +764,6 @@ view string [ class ] {
      forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
          | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
      glue\-cache boolean;// deprecated
-      inline\-signing boolean;
      ipv4only\-contact string;
      ipv4only\-enable boolean;
      ipv4only\-server string;
--- a/doc/misc/options
+++ b/doc/misc/options
@ -200,7 +200,6 @@ options {
        hostname ( <quoted_string> | none );
        http-port <integer>;
        https-port <integer>;
-        inline-signing <boolean>;
        interface-interval <duration>;
        ipv4only-contact <string>;
        ipv4only-enable <boolean>;
@ -550,7 +549,6 @@ view <string> [ <class> ] {
        forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
            | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
        glue-cache <boolean>; // deprecated
-        inline-signing <boolean>;
        ipv4only-contact <string>;
        ipv4only-enable <boolean>;
        ipv4only-server <string>;
--- a/doc/misc/options.active
+++ b/doc/misc/options.active
@ -199,7 +199,6 @@ options {
        hostname ( <quoted_string> | none );
        http-port <integer>;
        https-port <integer>;
-        inline-signing <boolean>;
        interface-interval <duration>;
        ipv4only-contact <string>;
        ipv4only-enable <boolean>;
@ -547,7 +546,6 @@ view <string> [ <class> ] {
        forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
            | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
        glue-cache <boolean>; // deprecated
-        inline-signing <boolean>;
        ipv4only-contact <string>;
        ipv4only-enable <boolean>;
        ipv4only-server <string>;
--- a/doc/misc/options.grammar.rst
+++ b/doc/misc/options.grammar.rst
@ -121,7 +121,6 @@
  	hostname ( <quoted_string> | none );
  	http-port <integer>;
  	https-port <integer>;
-  	inline-signing <boolean>;
  	interface-interval <duration>;
  	ipv4only-contact <string>;
  	ipv4only-enable <boolean>;
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -54,6 +54,12 @@ Feature Changes
  ``dnssec-policy`` to ``insecure`` will cause CDS and CDNSKEY DELETE records
  to be published. :gl:`#2645`

+- ``inline-signing`` was incorrectly described as being inherited from the
+  ``options`` or ``view`` levels and was incorrectly accepted at those levels
+  without effect.  This has been corrected, ``named.conf`` files with
+  ``inline-signing`` at those levels will no longer load with this fix applied.
+  :gl:`#2536`
+
 Bug Fixes
 ~~~~~~~~~

--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@ -2194,8 +2194,6 @@ static cfg_clausedef_t zone_clauses[] = {
 	{ "forwarders", &cfg_type_portiplist,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_STUB |
 		  CFG_ZONE_STATICSTUB | CFG_ZONE_FORWARD },
-	{ "inline-signing", &cfg_type_boolean,
-	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
 	{ "key-directory", &cfg_type_qstring,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
 	{ "maintain-ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT },
@ -2305,6 +2303,8 @@ static cfg_clausedef_t zone_only_clauses[] = {
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
 		  CFG_ZONE_HINT | CFG_ZONE_REDIRECT },
 	{ "in-view", &cfg_type_astring, CFG_ZONE_INVIEW },
+	{ "inline-signing", &cfg_type_boolean,
+	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
 	{ "ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "ixfr-from-differences", &cfg_type_boolean,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },