rem: dev: Remove "bindkeys-file" option

The `bindkeys-file` option was only used for testing purposes, and has now been replaced with a `-T bindkeys=<filename>` option for `named`.

Merge branch 'each-remove-bindkeys-file' into 'main'

See merge request isc-projects/bind9!11081

bin/named/include/named/globals.h

@@ -89,9 +89,9 @@ EXTERN unsigned int named_g_debuglevel INIT(0);
  */
 EXTERN cfg_obj_t *named_g_defaultconfig	       INIT(NULL);
 EXTERN const cfg_obj_t *named_g_defaultoptions INIT(NULL);
-EXTERN const char *named_g_conffile	   INIT(NAMED_SYSCONFDIR "/named.conf");
-EXTERN const char *named_g_defaultbindkeys INIT(NULL);
-EXTERN const char *named_g_keyfile	   INIT(NAMED_SYSCONFDIR "/rndc.key");
+EXTERN const char *named_g_conffile	INIT(NAMED_SYSCONFDIR "/named.conf");
+EXTERN const char *named_g_bindkeysfile INIT(NULL);
+EXTERN const char *named_g_keyfile	INIT(NAMED_SYSCONFDIR "/rndc.key");
 
 EXTERN bool named_g_conffileset INIT(false);
 

bin/named/include/named/server.h

@@ -55,7 +55,6 @@ struct named_server {
 	char *statsfile;    /*%< Statistics file name */
 	char *dumpfile;	    /*%< Dump file name */
 	char *secrootsfile; /*%< Secroots file name */
-	char *bindkeysfile; /*%< bind.keys file name */
 	char *recfile;	    /*%< Recursive file name */
 	bool  version_set;  /*%< User has set version */
 	char *version;	    /*%< User-specified version */

bin/named/main.c

@@ -649,7 +649,7 @@ parse_fuzz_arg(void) {
 
 static void
 parse_T_opt(char *option) {
-	const char *p;
+	const char *p = NULL;
 	char *last = NULL;
 	/*
 	 * force the server to behave (or misbehave) in
@@ -692,6 +692,8 @@ parse_T_opt(char *option) {
 		if (maxudp <= 0) {
 			named_main_earlyfatal("bad maxudp");
 		}
+	} else if (!strncmp(option, "bindkeys=", 9)) {
+		named_g_bindkeysfile = option + 9;
 	} else if (!strncmp(option, "mkeytimers=", 11)) {
 		p = strtok_r(option + 11, "/", &last);
 		if (p == NULL) {

bin/named/server.c

@@ -1138,8 +1138,9 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
 		const cfg_obj_t *builtin_keys = NULL;
 
 		/*
-		 * If bind.keys exists and is populated, it overrides
-		 * the trust-anchors clause hard-coded in
+		 * If "-T bindkeys=<filename>" was used and
+		 * the file has a root key in it, that will
+		 * replace the trust-anchors clause hard-coded in
 		 * named_g_defaultconfig.
 		 */
 		if (bindkeys != NULL) {
@@ -1147,7 +1148,7 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
 				      NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
 				      "obtaining root key for view %s "
 				      "from '%s'",
-				      view->name, named_g_server->bindkeysfile);
+				      view->name, named_g_bindkeysfile);
 
 			(void)cfg_map_get(bindkeys, "trust-anchors",
 					  &builtin_keys);
@@ -8114,9 +8115,8 @@ configure_kasplist(const cfg_obj_t *config, dns_kasplist_t *kasplist,
 
 static isc_result_t
 apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
-		    named_server_t *server, bool first_time) {
-	cfg_obj_t *bindkeys = NULL;
-	cfg_parser_t *bindkeys_parser = NULL;
+		    cfg_obj_t *bindkeys, named_server_t *server,
+		    bool first_time) {
 	const cfg_obj_t *maps[3];
 	const cfg_obj_t *obj = NULL;
 	const cfg_obj_t *options = NULL;
@@ -8251,48 +8251,6 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 	named_g_http_streams_per_conn = cfg_obj_asuint32(obj);
 #endif
 
-	/*
-	 * If "dnssec-validation auto" is turned on, the root key
-	 * will be used as a default trust anchor. The root key
-	 * is built in, but if bindkeys-file is set, then it will
-	 * be overridden with the key in that file.
-	 */
-	obj = NULL;
-	(void)named_config_get(maps, "bindkeys-file", &obj);
-	if (obj != NULL) {
-		setstring(server, &server->bindkeysfile, cfg_obj_asstring(obj));
-		INSIST(server->bindkeysfile != NULL);
-		if (access(server->bindkeysfile, R_OK) != 0) {
-			isc_log_write(NAMED_LOGCATEGORY_GENERAL,
-				      NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
-				      "unable to open '%s'; using built-in "
-				      "keys instead",
-				      server->bindkeysfile);
-		} else {
-			result = cfg_parser_create(isc_g_mctx,
-						   &bindkeys_parser);
-			if (result != ISC_R_SUCCESS) {
-				goto cleanup_bindkeys_parser;
-			}
-
-			result = cfg_parse_file(bindkeys_parser,
-						server->bindkeysfile,
-						&cfg_type_bindkeys, &bindkeys);
-			if (result != ISC_R_SUCCESS) {
-				isc_log_write(NAMED_LOGCATEGORY_GENERAL,
-					      NAMED_LOGMODULE_SERVER,
-					      ISC_LOG_INFO,
-					      "unable to parse '%s' "
-					      "error '%s'; using "
-					      "built-in keys instead",
-					      server->bindkeysfile,
-					      isc_result_totext(result));
-			}
-		}
-	} else {
-		setstring(server, &server->bindkeysfile, NULL);
-	}
-
 #if defined(HAVE_GEOIP2)
 	/*
 	 * Release any previously opened GeoIP2 databases.
@@ -8338,7 +8296,7 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 				      max, named_g_cpus);
 			result = ISC_R_RANGE;
 
-			goto cleanup_bindkeys_parser;
+			goto cleanup_tls;
 		}
 		softquota = max - margin;
 	} else {
@@ -8363,7 +8321,7 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 				    aclctx, isc_g_mctx,
 				    &server->sctx->blackholeacl);
 	if (result != ISC_R_SUCCESS) {
-		goto cleanup_bindkeys_parser;
+		goto cleanup_tls;
 	}
 
 	if (server->sctx->blackholeacl != NULL) {
@@ -9287,14 +9245,7 @@ cleanup_portsets:
 	isc_portset_destroy(isc_g_mctx, &v6portset);
 	isc_portset_destroy(isc_g_mctx, &v4portset);
 
-cleanup_bindkeys_parser:
-	if (bindkeys_parser != NULL) {
-		if (bindkeys != NULL) {
-			cfg_obj_destroy(bindkeys_parser, &bindkeys);
-		}
-		cfg_parser_destroy(&bindkeys_parser);
-	}
-
+cleanup_tls:
 	/*
 	 * Detach the TLS client context (whether the one created at the
 	 * begining of this function, or the previous running one)
@@ -9347,7 +9298,7 @@ static isc_result_t
 load_configuration(named_server_t *server, bool first_time) {
 	isc_result_t result;
 	cfg_parser_t *parser = NULL;
-	cfg_obj_t *config = NULL;
+	cfg_obj_t *config = NULL, *bindkeys = NULL;
 
 	isc_log_write(NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER,
 		      ISC_LOG_DEBUG(1), "load_configuration");
@@ -9362,10 +9313,44 @@ load_configuration(named_server_t *server, bool first_time) {
 		goto cleanup;
 	}
 
-	result = apply_configuration(parser, config, server, first_time);
+	if (named_g_bindkeysfile != NULL) {
+		/*
+		 * If "dnssec-validation auto" is turned on, the root key
+		 * will be used as a default trust anchor. The root key
+		 * is built in, but if -Tbindkeys=<filename> is used,
+		 * the key is overridden with the key in that file.
+		 */
+		if (access(named_g_bindkeysfile, R_OK) != 0) {
+			isc_log_write(NAMED_LOGCATEGORY_GENERAL,
+				      NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
+				      "unable to open '%s'; using built-in "
+				      "keys instead",
+				      named_g_bindkeysfile);
+		} else {
+			cfg_parser_reset(parser);
+			result = cfg_parse_file(parser, named_g_bindkeysfile,
+						&cfg_type_bindkeys, &bindkeys);
+			if (result != ISC_R_SUCCESS) {
+				isc_log_write(NAMED_LOGCATEGORY_GENERAL,
+					      NAMED_LOGMODULE_SERVER,
+					      ISC_LOG_INFO,
+					      "unable to parse '%s' "
+					      "error '%s'; using "
+					      "built-in keys instead",
+					      named_g_bindkeysfile,
+					      isc_result_totext(result));
+			}
+		}
+	}
+
+	result = apply_configuration(parser, config, bindkeys, server,
+				     first_time);
 
 cleanup:
-	if (config) {
+	if (bindkeys != NULL) {
+		cfg_obj_destroy(parser, &bindkeys);
+	}
+	if (config != NULL) {
 		cfg_obj_destroy(parser, &config);
 	}
 	cfg_parser_destroy(&parser);
@@ -9986,10 +9971,6 @@ named_server_destroy(named_server_t **serverp) {
 	isc_mem_free(server->mctx, server->secrootsfile);
 	isc_mem_free(server->mctx, server->recfile);
 
-	if (server->bindkeysfile != NULL) {
-		isc_mem_free(server->mctx, server->bindkeysfile);
-	}
-
 	if (server->version != NULL) {
 		isc_mem_free(server->mctx, server->version);
 	}

bin/tests/system/dnssec/ns4/named.args

@@ -0,0 +1 @@
+-m record -c named.conf -d 99 -D dnssec-ns4 -g -T maxcachesize=2097152 -T bindkeys=managed.conf

bin/tests/system/dnssec/ns4/named.conf.j2

@@ -35,15 +35,8 @@ options {
 
 	{% if managed_key %}
 		dnssec-validation auto;
-		bindkeys-file "managed.conf";
 	{% else %}
-		# Note: We only reference the bind.keys file here to
-		# confirm that it is *not* being used.	It contains the
-		# real root key, and we're using a local toy root zone for
-		# the tests, so it wouldn't work.  But dnssec-validation
-		# is set to "yes" not "auto", so that won't matter.
 		dnssec-validation yes;
-		bindkeys-file "../../../../../bind.keys";
 	{% endif %}
 
 	disable-algorithms "digest-alg-unsupported.example." { ECDSAP384SHA384; };

bin/tests/system/journal/ns1/named.conf.in

@@ -21,7 +21,6 @@ options {
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	dnssec-validation auto;
-	bindkeys-file "../../../../../bind.keys";
 	minimal-responses no;
 	recursion no;
 	notify yes;

bin/tests/system/journal/ns2/named.conf.in

@@ -21,7 +21,6 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	dnssec-validation auto;
-	bindkeys-file "../../../../../bind.keys";
 	minimal-responses no;
 	recursion no;
 	notify yes;

bin/tests/system/mkeys/ns2/named.args

@@ -1 +1 @@
--m record -c named.conf -d 99 -D mkeys-ns2 -g -T maxcachesize=2097152 -T mkeytimers=5/10/20 -T tat=1
+-m record -c named.conf -d 99 -D mkeys-ns2 -g -T maxcachesize=2097152 -T mkeytimers=5/10/20 -T tat=1 -T bindkeys=managed.conf

bin/tests/system/mkeys/ns2/named.conf.in

@@ -24,7 +24,6 @@ options {
 	recursion yes;
 	notify no;
 	dnssec-validation auto;
-	bindkeys-file "managed.conf";
 	servfail-ttl 0;
 };
 

bin/tests/system/mkeys/ns3/named.args

@@ -1 +1 @@
--m record -c named.conf -d 99 -D mkeys-ns3 -g -T maxcachesize=2097152 -T mkeytimers=5/10/20
+-m record -c named.conf -d 99 -D mkeys-ns3 -g -T maxcachesize=2097152 -T mkeytimers=5/10/20 -T bindkeys=managed.conf

bin/tests/system/mkeys/ns3/named.conf.in

@@ -24,7 +24,6 @@ options {
 	recursion yes;
 	notify no;
 	dnssec-validation auto;
-	bindkeys-file "managed.conf";
 	trust-anchor-telemetry no;
 };
 

bin/tests/system/mkeys/ns4/named.args

@@ -0,0 +1 @@
+-m record -c named.conf -d 99 -D mkeys-ns4 -g -T maxcachesize=2097152 -T bindkeys=managed.conf

bin/tests/system/mkeys/ns4/named.conf.in

@@ -24,7 +24,6 @@ options {
 	recursion yes;
 	notify no;
 	dnssec-validation auto;
-	bindkeys-file "managed.conf";
 	managed-keys-directory "nope";
 };
 

bin/tests/system/mkeys/ns5/named.conf.in

@@ -24,7 +24,6 @@ options {
 	recursion yes;
 	notify no;
 	dnssec-validation auto;
-	bindkeys-file "managed.conf";
 	servfail-ttl 0;
 };
 

bin/tests/system/mkeys/ns5/named1.args

@@ -1 +1 @@
--m record -c named.conf -d 99 -g -T maxcachesize=2097152
+-m record -c named.conf -d 99 -g -T maxcachesize=2097152 -T mkeys=managed.conf

bin/tests/system/mkeys/ns5/named2.args

@@ -1 +1 @@
--m record -c named.conf -d 99 -g -T maxcachesize=2097152 -T mkeytimers=2/20/40
+-m record -c named.conf -d 99 -g -T maxcachesize=2097152 -T bindkeys=managed.conf -T mkeytimers=2/20/40

bin/tests/system/mkeys/ns7/named.args

@@ -0,0 +1 @@
+-m record -c named.conf -d 99 -D mkeys-ns7 -g -T maxcachesize=2097152 -T bindkeys=managed.conf

bin/tests/system/mkeys/ns7/named.conf.in

@@ -24,7 +24,6 @@ options {
 	recursion yes;
 	notify no;
 	dnssec-validation auto;
-	bindkeys-file "managed.conf";
 };
 
 key rndc_key {

bind.keys

@@ -9,27 +9,11 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-# The bind.keys file is used to override the built-in DNSSEC trust anchors
-# which are included as part of BIND 9.  The only trust anchors it contains
-# are for the DNS root zone (".").  Trust anchors for any other zones MUST
-# be configured elsewhere; if they are configured here, they will not be
-# recognized or used by named.
+# This file contains trust anchors for the DNS root zone (".") which are
+# compiled into named and delv. No other trust anchors can be configured
+# here.
 #
-# To use the built-in root key, set "dnssec-validation auto;" in the
-# named.conf options, or else leave "dnssec-validation" unset.  If
-# "dnssec-validation" is set to "yes", then the keys in this file are
-# ignored; keys will need to be explicitly configured in named.conf for
-# validation to work.  "auto" is the default setting, unless named is
-# built with "configure --disable-auto-validation", in which case the
-# default is "yes".
-#
-# This file is NOT expected to be user-configured.
-#
-# Servers being set up for the first time can use the contents of this file
-# as initializing keys; thereafter, the keys in the managed key database
-# will be trusted and maintained automatically.
-#
-# These keys are current as of November 2024.  If any key fails to
+# These keys are current as of October 2025.  If any key fails to
 # initialize correctly, it may have expired. This should not occur if
 # BIND is kept up to date.
 #

doc/arm/reference.rst

@@ -1501,14 +1501,6 @@ default is used.
    default is ``named.stats`` in the server's current directory. The
    format of the file is described in :ref:`statsfile`.
 
-.. namedconf:statement:: bindkeys-file
-   :tags: dnssec
-   :short: Specifies the pathname of a file to override the built-in trusted keys provided by :iscman:`named`.
-
-   This is the pathname of a file to override the built-in trusted keys provided
-   by :iscman:`named`. See the discussion of :any:`dnssec-validation` for
-   details. This is intended for server testing.
-
 .. namedconf:statement:: secroots-file
    :tags: dnssec
    :short: Specifies the pathname of the file where the server dumps security roots, when using :option:`rndc secroots`.

doc/misc/options

@@ -84,7 +84,6 @@ options {
 	attach-cache <string>;
 	auth-nxdomain <boolean>;
 	automatic-interface-scan <boolean>;
-	bindkeys-file <quoted_string>; // test only
 	blackhole { <address_match_element>; ... };
 	catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
 	check-dup-records ( fail | warn | ignore );

lib/isccfg/namedconf.c

@@ -1194,7 +1194,8 @@ static cfg_clausedef_t namedconf_or_view_clauses[] = {
 };
 
 /*%
- * Clauses that can occur in the bind.keys file.
+ * Clauses that can occur in a trust anchor file (previously
+ * called bind.keys).
  */
 static cfg_clausedef_t bindkeys_clauses[] = {
 	{ "managed-keys", &cfg_type_dnsseckeys,
@@ -1218,7 +1219,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "automatic-interface-scan", &cfg_type_boolean, 0 },
 	{ "avoid-v4-udp-ports", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "avoid-v6-udp-ports", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "bindkeys-file", &cfg_type_qstring, CFG_CLAUSEFLAG_TESTONLY },
+	{ "bindkeys-file", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
 	{ "blackhole", &cfg_type_bracketed_aml, 0 },
 	{ "cookie-algorithm", &cfg_type_cookiealg, 0 },
 	{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },