diff --git a/CHANGES b/CHANGES index 543eeafa23..011eedc8f7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +6296. [func] The "resolver-nonbackoff-tries" and + "resolver-retry-interval" options are deprecated; + a warning will be logged if they are used. [GL #4405] + 6294. [bug] BIND might sometimes crash after startup or re-configuration when one 'tls' entry is used multiple times to connect to remote servers due to initialisation diff --git a/bin/tests/system/checkconf/deprecated.conf b/bin/tests/system/checkconf/deprecated.conf index bd6e0c2f1c..d66dfa88d0 100644 --- a/bin/tests/system/checkconf/deprecated.conf +++ b/bin/tests/system/checkconf/deprecated.conf @@ -31,6 +31,9 @@ options { tkey-dhkey "server" 12345; root-delegation-only exclude { "them"; }; + + resolver-nonbackoff-tries 3; + resolver-retry-interval 800; }; trusted-keys { diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 9fd5248257..dc7854b291 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -192,6 +192,8 @@ grep "option 'root-delegation-only' is deprecated" /dev/null grep "'type delegation-only' is deprecated" /dev/null || ret=1 grep "option 'dialup' is deprecated" /dev/null || ret=1 grep "option 'heartbeat-interval' is deprecated" /dev/null || ret=1 +grep "option 'resolver-nonbackoff-tries' is deprecated" /dev/null || ret=1 +grep "option 'resolver-retry-interval' is deprecated" /dev/null || ret=1 grep "option 'dnssec-must-be-secure' is deprecated" /dev/null || ret=1 grep "token 'port' is deprecated" /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index a40046e701..e1b8228fa9 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -4370,18 +4370,22 @@ Tuning has no effect, the value of :any:`max-cache-ttl` will be ``0`` in such case. .. namedconf:statement:: resolver-nonbackoff-tries - :tags: server + :tags: deprecated. :short: Specifies the number of retries before exponential backoff. - This specifies how many retries occur before exponential backoff kicks in. The - default is ``3``. + This specifies how many retries occur before exponential backoff kicks in. + The default is ``3``. + + This option is deprecated and will be removed in a future release. .. namedconf:statement:: resolver-retry-interval - :tags: server, query + :tags: deprecated :short: Sets the base retry interval (in milliseconds). This sets the base retry interval in milliseconds. The default is ``800``. + This option is deprecated and will be removed in a future release. + .. namedconf:statement:: sig-validity-interval :tags: dnssec :short: Specifies the maximum number of days that RRSIGs generated by :iscman:`named` are valid. diff --git a/doc/misc/options b/doc/misc/options index e19261f112..a91670154c 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -252,9 +252,9 @@ options { request-nsid ; require-server-cookie ; reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; + resolver-nonbackoff-tries ; // deprecated resolver-query-timeout ; - resolver-retry-interval ; + resolver-retry-interval ; // deprecated response-padding { ; ... } block-size ; response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; reuseport ; @@ -532,9 +532,9 @@ view [ ] { request-ixfr ; request-nsid ; require-server-cookie ; - resolver-nonbackoff-tries ; + resolver-nonbackoff-tries ; // deprecated resolver-query-timeout ; - resolver-retry-interval ; + resolver-retry-interval ; // deprecated response-padding { ; ... } block-size ; response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; root-delegation-only [ exclude { ; ... } ]; // deprecated diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 615f5187bc..05cc5e90fe 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -28,6 +28,9 @@ Removed Features - The support for AES algorithm for DNS cookies has been deprecated. :gl:`#4421` +- The ``resolver-nonbackoff-tries`` and ``resolver-retry-interval`` options + are now deprecated. A warning will be logged if they are used. :gl:`#4405` + Feature Changes ~~~~~~~~~~~~~~~ diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 4e4c098073..5a8ccb2c34 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -2137,9 +2137,11 @@ static cfg_clausedef_t view_clauses[] = { { "request-nsid", &cfg_type_boolean, 0 }, { "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "require-server-cookie", &cfg_type_boolean, 0 }, - { "resolver-nonbackoff-tries", &cfg_type_uint32, 0 }, + { "resolver-nonbackoff-tries", &cfg_type_uint32, + CFG_CLAUSEFLAG_DEPRECATED }, { "resolver-query-timeout", &cfg_type_uint32, 0 }, - { "resolver-retry-interval", &cfg_type_uint32, 0 }, + { "resolver-retry-interval", &cfg_type_uint32, + CFG_CLAUSEFLAG_DEPRECATED }, { "response-padding", &cfg_type_resppadding, 0 }, { "response-policy", &cfg_type_rpz, 0 }, { "rfc2308-type1", NULL, CFG_CLAUSEFLAG_ANCIENT },