From 0d1c3ef7c260865088d3c36eb86eb57d3bd7fad3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Sun, 13 Nov 2022 10:12:52 +0100
Subject: [PATCH 1/2] Deprecate setting operating system limits from named.conf

It was possible to set operating system limits (RLIMIT_DATA,
RLIMIT_STACK, RLIMIT_CORE and RLIMIT_NOFILE) from named.conf.  It's
better to leave these untouched as setting these is responsibility of
the operating system and/or supervisor.

Deprecate the configuration options and remove them in future BIND 9
release.

(cherry picked from commit 379929e052673055e459792cfc294385a42b58da)
---
 bin/tests/system/checkconf/good.conf |  3 ---
 doc/arm/reference.rst                | 16 ++++++++--------
 doc/man/named.conf.5in               |  8 ++++----
 doc/misc/options                     |  8 ++++----
 lib/isccfg/namedconf.c               |  8 ++++----
 5 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 154bf7564d..93939ff3c8 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -45,12 +45,9 @@ options {
 	blackhole {
 		10.0.0.0/8;
 	};
-	coresize 1073741824;
-	datasize 104857600;
 	directory ".";
 	dscp 41;
 	dump-file "named_dumpdb";
-	files 1000;
 	heartbeat-interval 30;
 	hostname none;
 	interface-interval 30;
diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 20a7e24a0c..4aa2b03d25 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -3637,19 +3637,19 @@ gigabyte. ``unlimited`` requests unlimited use, or the maximum available
 amount. ``default`` uses the limit that was in force when the server was
 started. See the description of :term:`size`.
 
-The following options set operating system resource limits for the name
-server process. Some operating systems do not support some or any of the
-limits; on such systems, a warning is issued if an unsupported
-limit is used.
+The following options are deprecated in favor of setting the operating system
+resource limits from the operating system and/or process supervisor, should not
+be used, and will be rendered non-operational in a future release.
+
 
 .. namedconf:statement:: coresize
-   :tags: server
+   :tags: deprecated
    :short: Sets the maximum size of a core dump.
 
    This sets the maximum size of a core dump. The default is ``default``.
 
 .. namedconf:statement:: datasize
-   :tags: server
+   :tags: deprecated
    :short: Sets the maximum amount of data memory that can be used by the server.
 
    This sets the maximum amount of data memory the server may use. The default is
@@ -3664,14 +3664,14 @@ limit is used.
    instead.
 
 .. namedconf:statement:: files
-   :tags: server
+   :tags: deprecated
    :short: Sets the maximum number of files the server may have open concurrently.
 
    This sets the maximum number of files the server may have open concurrently.
    The default is ``unlimited``.
 
 .. namedconf:statement:: stacksize
-   :tags: server
+   :tags: deprecated
    :short: Sets the maximum amount of stack memory that can be used by the server.
 
    This sets the maximum amount of stack memory the server may use. The default is
diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in
index f82b88dec9..208823f4e8 100644
--- a/doc/man/named.conf.5in
+++ b/doc/man/named.conf.5in
@@ -151,8 +151,8 @@ options {
 	clients\-per\-query <integer>;
 	cookie\-algorithm ( aes | siphash24 );
 	cookie\-secret <string>; // may occur multiple times
-	coresize ( default | unlimited | <sizeval> );
-	datasize ( default | unlimited | <sizeval> );
+	coresize ( default | unlimited | <sizeval> ); // deprecated
+	datasize ( default | unlimited | <sizeval> ); // deprecated
 	deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
 	deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
 	dialup ( notify | notify\-passive | passive | refresh | <boolean> );
@@ -195,7 +195,7 @@ options {
 	fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
 	fetches\-per\-server <integer> [ ( drop | fail ) ];
 	fetches\-per\-zone <integer> [ ( drop | fail ) ];
-	files ( default | unlimited | <sizeval> );
+	files ( default | unlimited | <sizeval> ); // deprecated
 	flush\-zones\-on\-shutdown <boolean>;
 	forward ( first | only );
 	forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@@ -332,7 +332,7 @@ options {
 	sig\-signing\-type <integer>;
 	sig\-validity\-interval <integer> [ <integer> ];
 	sortlist { <address_match_element>; ... };
-	stacksize ( default | unlimited | <sizeval> );
+	stacksize ( default | unlimited | <sizeval> ); // deprecated
 	stale\-answer\-client\-timeout ( disabled | off | <integer> );
 	stale\-answer\-enable <boolean>;
 	stale\-answer\-ttl <duration>;
diff --git a/doc/misc/options b/doc/misc/options
index f5ed9c1c4d..1ea831a86d 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -94,8 +94,8 @@ options {
 	clients-per-query <integer>;
 	cookie-algorithm ( aes | siphash24 );
 	cookie-secret <string>; // may occur multiple times
-	coresize ( default | unlimited | <sizeval> );
-	datasize ( default | unlimited | <sizeval> );
+	coresize ( default | unlimited | <sizeval> ); // deprecated
+	datasize ( default | unlimited | <sizeval> ); // deprecated
 	deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
 	deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
 	dialup ( notify | notify-passive | passive | refresh | <boolean> );
@@ -138,7 +138,7 @@ options {
 	fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
 	fetches-per-server <integer> [ ( drop | fail ) ];
 	fetches-per-zone <integer> [ ( drop | fail ) ];
-	files ( default | unlimited | <sizeval> );
+	files ( default | unlimited | <sizeval> ); // deprecated
 	flush-zones-on-shutdown <boolean>;
 	forward ( first | only );
 	forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@@ -275,7 +275,7 @@ options {
 	sig-signing-type <integer>;
 	sig-validity-interval <integer> [ <integer> ];
 	sortlist { <address_match_element>; ... };
-	stacksize ( default | unlimited | <sizeval> );
+	stacksize ( default | unlimited | <sizeval> ); // deprecated
 	stale-answer-client-timeout ( disabled | off | <integer> );
 	stale-answer-enable <boolean>;
 	stale-answer-ttl <duration>;
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 77d607f64e..d13a62109f 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1218,8 +1218,8 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "blackhole", &cfg_type_bracketed_aml, 0 },
 	{ "cookie-algorithm", &cfg_type_cookiealg, 0 },
 	{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
-	{ "coresize", &cfg_type_size, 0 },
-	{ "datasize", &cfg_type_size, 0 },
+	{ "coresize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "datasize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
 	{ "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
 #ifdef HAVE_DNSTAP
@@ -1236,7 +1236,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "dscp", &cfg_type_uint32, 0 },
 	{ "dump-file", &cfg_type_qstring, 0 },
 	{ "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "files", &cfg_type_size, 0 },
+	{ "files", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
 	{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
 #ifdef HAVE_DNSTAP
 	{ "fstrm-set-buffer-hint", &cfg_type_uint32, 0 },
@@ -1317,7 +1317,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "session-keyfile", &cfg_type_qstringornone, 0 },
 	{ "session-keyname", &cfg_type_astring, 0 },
 	{ "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "stacksize", &cfg_type_size, 0 },
+	{ "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
 	{ "startup-notify-rate", &cfg_type_uint32, 0 },
 	{ "statistics-file", &cfg_type_qstring, 0 },
 	{ "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },

From 8145183c730705ac0daca06ab176517591c7c405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Sun, 13 Nov 2022 10:20:00 +0100
Subject: [PATCH 2/2] Add CHANGES and release note [GL #3676]

(cherry picked from commit 65156afb8c09564562a582689e37bf1b096ae2e6)
---
 CHANGES                     | 4 ++++
 doc/notes/notes-current.rst | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGES b/CHANGES
index 401a46cb2e..a14977d5b8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,10 @@
 6020.	[bug]		Ensure 'named-checkconf -z' respects the check-wildcard
 			option when loading a zone.  [GL #1905]
 
+6019.	[func]		Deprecate `coresize`, `datasize`, `files`, and
+			`stacksize` named.conf options. [GL #3676]
+
+
 6017.	[bug]		The view's zone table was not locked when it should
 			have been leading to race conditions when external
 			extensions that manipulate the zone table where in
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 9dfbd0b908..beb1e1a256 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -32,6 +32,11 @@ Feature Changes
 
 - None.
 
+- Deprecate setting the operating system limit (``coresize``, ``datasize``,
+  ``files`` and ``stacksize``) from ``named.conf``.  These options should be set
+  from the operating system (``ulimit``) or from the process supervisor
+  (e.g. ``systemd``). :gl:`#3676`
+
 Bug Fixes
 ~~~~~~~~~