Merge branch '3676-deprecate-operating-system-resource-limits-v9_18' into 'v9_18'

Deprecate setting operating system limits from named.conf

See merge request isc-projects/bind9!7103

CHANGES

@@ -7,6 +7,10 @@
 6020.	[bug]		Ensure 'named-checkconf -z' respects the check-wildcard
 			option when loading a zone.  [GL #1905]
 
+6019.	[func]		Deprecate `coresize`, `datasize`, `files`, and
+			`stacksize` named.conf options. [GL #3676]
+
+
 6017.	[bug]		The view's zone table was not locked when it should
 			have been leading to race conditions when external
 			extensions that manipulate the zone table where in

bin/tests/system/checkconf/good.conf

@@ -45,12 +45,9 @@ options {
 	blackhole {
 		10.0.0.0/8;
 	};
-	coresize 1073741824;
-	datasize 104857600;
 	directory ".";
 	dscp 41;
 	dump-file "named_dumpdb";
-	files 1000;
 	heartbeat-interval 30;
 	hostname none;
 	interface-interval 30;

doc/arm/reference.rst

@@ -3637,19 +3637,19 @@ gigabyte. ``unlimited`` requests unlimited use, or the maximum available
 amount. ``default`` uses the limit that was in force when the server was
 started. See the description of :term:`size`.
 
-The following options set operating system resource limits for the name
-server process. Some operating systems do not support some or any of the
-limits; on such systems, a warning is issued if an unsupported
-limit is used.
+The following options are deprecated in favor of setting the operating system
+resource limits from the operating system and/or process supervisor, should not
+be used, and will be rendered non-operational in a future release.
+
 
 .. namedconf:statement:: coresize
-   :tags: server
+   :tags: deprecated
    :short: Sets the maximum size of a core dump.
 
    This sets the maximum size of a core dump. The default is ``default``.
 
 .. namedconf:statement:: datasize
-   :tags: server
+   :tags: deprecated
    :short: Sets the maximum amount of data memory that can be used by the server.
 
    This sets the maximum amount of data memory the server may use. The default is
@@ -3664,14 +3664,14 @@ limit is used.
    instead.
 
 .. namedconf:statement:: files
-   :tags: server
+   :tags: deprecated
    :short: Sets the maximum number of files the server may have open concurrently.
 
    This sets the maximum number of files the server may have open concurrently.
    The default is ``unlimited``.
 
 .. namedconf:statement:: stacksize
-   :tags: server
+   :tags: deprecated
    :short: Sets the maximum amount of stack memory that can be used by the server.
 
    This sets the maximum amount of stack memory the server may use. The default is

doc/man/named.conf.5in

@@ -151,8 +151,8 @@ options {
 	clients\-per\-query <integer>;
 	cookie\-algorithm ( aes | siphash24 );
 	cookie\-secret <string>; // may occur multiple times
-	coresize ( default | unlimited | <sizeval> );
-	datasize ( default | unlimited | <sizeval> );
+	coresize ( default | unlimited | <sizeval> ); // deprecated
+	datasize ( default | unlimited | <sizeval> ); // deprecated
 	deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
 	deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
 	dialup ( notify | notify\-passive | passive | refresh | <boolean> );
@@ -195,7 +195,7 @@ options {
 	fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
 	fetches\-per\-server <integer> [ ( drop | fail ) ];
 	fetches\-per\-zone <integer> [ ( drop | fail ) ];
-	files ( default | unlimited | <sizeval> );
+	files ( default | unlimited | <sizeval> ); // deprecated
 	flush\-zones\-on\-shutdown <boolean>;
 	forward ( first | only );
 	forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@@ -332,7 +332,7 @@ options {
 	sig\-signing\-type <integer>;
 	sig\-validity\-interval <integer> [ <integer> ];
 	sortlist { <address_match_element>; ... };
-	stacksize ( default | unlimited | <sizeval> );
+	stacksize ( default | unlimited | <sizeval> ); // deprecated
 	stale\-answer\-client\-timeout ( disabled | off | <integer> );
 	stale\-answer\-enable <boolean>;
 	stale\-answer\-ttl <duration>;

doc/misc/options

@@ -94,8 +94,8 @@ options {
 	clients-per-query <integer>;
 	cookie-algorithm ( aes | siphash24 );
 	cookie-secret <string>; // may occur multiple times
-	coresize ( default | unlimited | <sizeval> );
-	datasize ( default | unlimited | <sizeval> );
+	coresize ( default | unlimited | <sizeval> ); // deprecated
+	datasize ( default | unlimited | <sizeval> ); // deprecated
 	deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
 	deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
 	dialup ( notify | notify-passive | passive | refresh | <boolean> );
@@ -138,7 +138,7 @@ options {
 	fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
 	fetches-per-server <integer> [ ( drop | fail ) ];
 	fetches-per-zone <integer> [ ( drop | fail ) ];
-	files ( default | unlimited | <sizeval> );
+	files ( default | unlimited | <sizeval> ); // deprecated
 	flush-zones-on-shutdown <boolean>;
 	forward ( first | only );
 	forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@@ -275,7 +275,7 @@ options {
 	sig-signing-type <integer>;
 	sig-validity-interval <integer> [ <integer> ];
 	sortlist { <address_match_element>; ... };
-	stacksize ( default | unlimited | <sizeval> );
+	stacksize ( default | unlimited | <sizeval> ); // deprecated
 	stale-answer-client-timeout ( disabled | off | <integer> );
 	stale-answer-enable <boolean>;
 	stale-answer-ttl <duration>;

doc/notes/notes-current.rst

@@ -32,6 +32,11 @@ Feature Changes
 
 - None.
 
+- Deprecate setting the operating system limit (``coresize``, ``datasize``,
+  ``files`` and ``stacksize``) from ``named.conf``.  These options should be set
+  from the operating system (``ulimit``) or from the process supervisor
+  (e.g. ``systemd``). :gl:`#3676`
+
 Bug Fixes
 ~~~~~~~~~
 

lib/isccfg/namedconf.c

@@ -1218,8 +1218,8 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "blackhole", &cfg_type_bracketed_aml, 0 },
 	{ "cookie-algorithm", &cfg_type_cookiealg, 0 },
 	{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
-	{ "coresize", &cfg_type_size, 0 },
-	{ "datasize", &cfg_type_size, 0 },
+	{ "coresize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "datasize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
 	{ "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
 #ifdef HAVE_DNSTAP
@@ -1236,7 +1236,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "dscp", &cfg_type_uint32, 0 },
 	{ "dump-file", &cfg_type_qstring, 0 },
 	{ "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "files", &cfg_type_size, 0 },
+	{ "files", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
 	{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
 #ifdef HAVE_DNSTAP
 	{ "fstrm-set-buffer-hint", &cfg_type_uint32, 0 },
@@ -1317,7 +1317,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "session-keyfile", &cfg_type_qstringornone, 0 },
 	{ "session-keyname", &cfg_type_astring, 0 },
 	{ "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "stacksize", &cfg_type_size, 0 },
+	{ "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
 	{ "startup-notify-rate", &cfg_type_uint32, 0 },
 	{ "statistics-file", &cfg_type_qstring, 0 },
 	{ "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },