Merge branch '4446-deprecate-fixed-rrset-order' into 'main'

Deprecate fixed value for the rrset-order option

Closes #4446

See merge request isc-projects/bind9!8808

CHANGES

@@ -1,3 +1,6 @@
+6369.	[func]		The 'fixed' value for the 'rrset-order' option has
+			been marked and documented as deprecated. [GL #4446]
+
 6368.	[func]		The 'sortlist' option has been marked and documented
 			as deprecated. [GL #4593]
 

bin/tests/system/checkconf/deprecated.conf

@@ -30,6 +30,10 @@ options {
 	dnssec-must-be-secure mustbesecure.example yes;
 
 	sortlist { };
+
+	rrset-order {
+		name "fixed.example" order fixed;
+	};
 };
 
 trusted-keys {

bin/tests/system/checkconf/tests.sh

@@ -165,6 +165,12 @@ warnings=$(grep "'notify' is disabled" <checkconf.out$n | wc -l)
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+if grep "^#define DNS_RDATASET_FIXED" "$TOP_BUILDDIR/config.h" >/dev/null 2>&1; then
+  test_fixed=true
+else
+  test_fixed=false
+fi
+
 n=$((n + 1))
 echo_i "checking named-checkconf deprecate warnings ($n)"
 ret=0
@@ -181,11 +187,16 @@ grep "option 'heartbeat-interval' is deprecated" <checkconf.out$n.1 >/dev/null |
 grep "option 'dnssec-must-be-secure' is deprecated" <checkconf.out$n.1 >/dev/null || ret=1
 grep "option 'sortlist' is deprecated" <checkconf.out$n.1 >/dev/null || ret=1
 grep "token 'port' is deprecated" <checkconf.out$n.1 >/dev/null || ret=1
+if $test_fixed; then
+  grep "rrset-order: order 'fixed' is deprecated" <checkconf.out$n.1 >/dev/null || ret=1
+else
+  grep "rrset-order: order 'fixed' was disabled at compilation time" <checkconf.out$n.1 >/dev/null || ret=1
+fi
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 # set -i to ignore deprecate warnings
-$CHECKCONF -i deprecated.conf >checkconf.out$n.2 2>&1
-grep '.*' <checkconf.out$n.2 >/dev/null && ret=1
+$CHECKCONF -i deprecated.conf 2>&1 | grep_v "rrset-order: order 'fixed' was disabled at compilation time" >checkconf.out$n.2
+grep '^.+$' <checkconf.out$n.2 >/dev/null && ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 

bin/tests/system/conf.sh.common

@@ -650,3 +650,5 @@ parse_openssl_config() {
         esac
     done < "$OPENSSL_CONF"
 }
+
+grep_v() { grep -v "$@" || test $? = 1; }

configure.ac

@@ -1203,8 +1203,8 @@ AC_ARG_ENABLE([fixed-rrset],
 			      [enable fixed rrset ordering [default=no]])],
 	      [], [enable_fixed_rrset="no"])
 AS_IF([test "$enable_fixed_rrset" = "yes"],
-      [AC_DEFINE([DNS_RDATASET_FIXED], [1],
-		 [Define to enable "rrset-order fixed" syntax.])])
+      [AC_MSG_WARN([fixed rrset ordering is deprecated and will be removed in the future release])
+       AC_DEFINE([DNS_RDATASET_FIXED], [1], [Define to enable "rrset-order fixed" syntax.])])
 
 #
 # Activate dnstap?

doc/arm/reference.rst

@@ -4132,6 +4132,8 @@ RRset Ordering
    ``fixed``
        Records are returned in the order they are defined in the zone file.
 
+       This value is deprecated and will be removed in a future release.
+
    .. note::
 
        The ``fixed`` option is only available if BIND is configured with

doc/notes/notes-current.rst

@@ -36,6 +36,11 @@ Feature Changes
   in a future BIND 9.21.x release. Please don't rely on a specific
   order of resource records in the DNS messages.  :gl:`#4593`
 
+- The ``fixed`` value for the ``rrset-order`` option and the corresponding
+  ``./configure`` script option has been deprecated and will be removed in a
+  future BIND 9.21.x release. Please don't rely on a specific order of resource
+  records in the DNS messages.  :gl:`#4446`
+
 Bug Fixes
 ~~~~~~~~~
 

lib/isccfg/check.c

@@ -168,7 +168,12 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) {
 			result = ISC_R_FAILURE;
 		}
 	} else if (strcasecmp(cfg_obj_asstring(obj), "fixed") == 0) {
-#if !DNS_RDATASET_FIXED
+#if DNS_RDATASET_FIXED
+		if ((ent->pctx->flags & CFG_PCTX_NODEPRECATED) == 0) {
+			cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+				    "rrset-order: order 'fixed' is deprecated");
+		}
+#else
 		cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
 			    "rrset-order: order 'fixed' was disabled at "
 			    "compilation time");