remove configuration, syntax checking and implementation of dnssec-enable

2026-06-09 10:32:13 -04:00 · 2019-03-11 18:34:08 -07:00 · 2019-03-11 18:34:08 -07:00 · b3ff3bf2e4
commit b3ff3bf2e4
parent d069658626
6 changed files with 3 additions and 62 deletions
--- a/bin/named/config.c
+++ b/bin/named/config.c
@ -143,7 +143,6 @@ options {\n\
 	cleaning-interval 0;  /* now meaningless */\n\
 	clients-per-query 10;\n\
 	dnssec-accept-expired no;\n\
-	dnssec-enable yes;\n\
 	dnssec-validation " VALIDATION_DEFAULT "; \n"
 #ifdef HAVE_DNSTAP
 "	dnstap-identity hostname;\n"
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -4140,27 +4140,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
 	INSIST(result == ISC_R_SUCCESS);
 	view->acceptexpired = cfg_obj_asboolean(obj);

-	obj = NULL;
-	result = named_config_get(maps, "dnssec-enable", &obj);
-	INSIST(result == ISC_R_SUCCESS);
-	view->enablednssec = cfg_obj_asboolean(obj);
-
 	obj = NULL;
 	/* 'optionmaps', not 'maps': don't check named_g_defaults yet */
 	(void)named_config_get(optionmaps, "dnssec-validation", &obj);
 	if (obj == NULL) {
 		/*
-		 * If dnssec-enable is yes, then we default to
-		 * VALIDATION_DEFAULT as set in config.c. Otherwise
-		 * we default to "no".
+		 * Default to VALIDATION_DEFAULT as set in config.c.
 		 */
-		if (view->enablednssec) {
-			(void)cfg_map_get(named_g_defaults,
-					  "dnssec-validation", &obj);
-			INSIST(obj != NULL);
-		} else {
-			view->enablevalidation = false;
-		}
+		(void)cfg_map_get(named_g_defaults, "dnssec-validation", &obj);
+		INSIST(obj != NULL);
 	}
 	if (obj != NULL) {
 		if (cfg_obj_isboolean(obj)) {
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@ -3454,8 +3454,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	const cfg_obj_t *options = NULL;
 	const cfg_obj_t *opts = NULL;
 	const cfg_obj_t *plugin_list = NULL;
-	bool enablednssec, enablevalidation;
-	const char *valstr = "no";
 	unsigned int tflags, mflags;

 	/*
@ -3606,40 +3604,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,

 	isc_symtab_destroy(&symtab);

-	/*
-	 * Check that dnssec-enable/dnssec-validation are sensible.
-	 */
-	obj = NULL;
-	if (voptions != NULL)
-		(void)cfg_map_get(voptions, "dnssec-enable", &obj);
-	if (obj == NULL && options != NULL)
-		(void)cfg_map_get(options, "dnssec-enable", &obj);
-	if (obj == NULL)
-		enablednssec = true;
-	else
-		enablednssec = cfg_obj_asboolean(obj);
-
-	obj = NULL;
-	if (voptions != NULL)
-		(void)cfg_map_get(voptions, "dnssec-validation", &obj);
-	if (obj == NULL && options != NULL)
-		(void)cfg_map_get(options, "dnssec-validation", &obj);
-	if (obj == NULL) {
-		enablevalidation = enablednssec;
-		valstr = "yes";
-	} else if (cfg_obj_isboolean(obj)) {
-		enablevalidation = cfg_obj_asboolean(obj);
-		valstr = enablevalidation ? "yes" : "no";
-	} else {
-		enablevalidation = true;
-		valstr = "auto";
-	}
-
-	if (enablevalidation && !enablednssec)
-		cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
-			    "'dnssec-validation %s;' and 'dnssec-enable no;'",
-			    valstr);
-
 	/*
 	 * Check trusted-keys and managed-keys.
 	 */
--- a/lib/dns/include/dns/view.h
+++ b/lib/dns/include/dns/view.h
@ -123,7 +123,6 @@ struct dns_view {
 	bool				use_glue_cache;
 	bool				minimal_any;
 	dns_minimaltype_t		minimalresponses;
-	bool				enablednssec;
 	bool				enablevalidation;
 	bool				acceptexpired;
 	bool				requireservercookie;
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@ -179,7 +179,6 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
 	view->qminimization = false;
 	view->qmin_strict = false;
 	view->auth_nxdomain = false; /* Was true in BIND 8 */
-	view->enablednssec = true;
 	view->enablevalidation = true;
 	view->acceptexpired = false;
 	view->use_glue_cache = false;
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@ -10787,14 +10787,6 @@ ns_query_start(ns_client_t *client) {
 	 */
 	client->next = query_next_callback;

-	/*
-	 * Behave as if we don't support DNSSEC if not enabled.
-	 */
-	if (!client->view->enablednssec) {
-		message->flags &= ~DNS_MESSAGEFLAG_CD;
-		client->extflags &= ~DNS_MESSAGEEXTFLAG_DO;
-	}
-
 	if ((message->flags & DNS_MESSAGEFLAG_RD) != 0)
 		client->query.attributes |= NS_QUERYATTR_WANTRECURSION;