Remove `delegation-only` from the recursor #7544

diff --git a/docs/changelog/pre-4.0.rst b/docs/changelog/pre-4.0.rst
index 1dedd0ab57203c7a2127de28197cce70cc1d6ccd..ac5493cd2925b93ac60d0248447732e0b015d585 100644 (file)
--- a/docs/changelog/pre-4.0.rst
+++ b/docs/changelog/pre-4.0.rst
@@ -4583,7 +4583,6 @@ New features
 ^^^^^^^^^^^^
 
 -  ^^version command (requested by Mike Benoit)
--  delegation-only, a Verisign special.
 -  Generic `SQLite <http://www.sqlite.org>`__ support, by Michel 'Who da
    man?' Stol. See `Generic SQLite
    backend <authoritative/backend-generic-sqlite.md>`__.

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 5ff39d9fc8ecac7d1c1ae77c9382e55f0762bdb5..329767260b92629853b94894e6f504b431030eb5 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -3518,8 +3518,7 @@ static void doStats(void)
       << broadcastAccFunction<uint64_t>(pleaseGetFailedServersSize)<<", ednsmap: "
       <<broadcastAccFunction<uint64_t>(pleaseGetEDNSStatusesSize)<<endl;
     g_log<<Logger::Notice<<"stats: outpacket/query ratio "<<ratePercentage(SyncRes::s_outqueries, SyncRes::s_queries)<<"%";
-    g_log<<Logger::Notice<<", "<<ratePercentage(SyncRes::s_throttledqueries, SyncRes::s_outqueries+SyncRes::s_throttledqueries)<<"% throttled, "
-     <<SyncRes::s_nodelegated<<" no-delegation drops"<<endl;
+    g_log<<Logger::Notice<<", "<<ratePercentage(SyncRes::s_throttledqueries, SyncRes::s_outqueries+SyncRes::s_throttledqueries)<<"% throttled"<<endl;
     g_log<<Logger::Notice<<"stats: "<<SyncRes::s_tcpoutqueries<<" outgoing tcp connections, "<<
       broadcastAccFunction<uint64_t>(pleaseGetConcurrentQueries)<<" queries running, "<<SyncRes::s_outgoingtimeouts<<" outgoing timeouts"<<endl;
 
@@ -4383,16 +4382,6 @@ void parseACLs()
   l_initialized = true;
 }
 
-
-static void setupDelegationOnly()
-{
-  vector<string> parts;
-  stringtok(parts, ::arg()["delegation-only"], ", \t");
-  for(const auto& p : parts) {
-    SyncRes::addDelegationOnly(DNSName(p));
-  }
-}
-
 static std::map<unsigned int, std::set<int> > parseCPUMap()
 {
   std::map<unsigned int, std::set<int> > result;
@@ -4659,7 +4648,6 @@ static int serviceMain(int argc, char*argv[])
     g_log<<Logger::Warning<<"PowerDNS Recursor itself will distribute queries over threads"<<endl;
   }
 
-  setupDelegationOnly();
   g_outgoingEDNSBufsize=::arg().asNum("edns-outgoing-bufsize");
 
   if(::arg()["trace"]=="fail") {
@@ -5487,7 +5475,6 @@ int main(int argc, char **argv)
 #else
       )="";
 #endif
-    ::arg().set("delegation-only","Which domains we only accept delegations from")="";
     ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
     ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2";
     ::arg().set("max-mthreads", "Maximum number of simultaneous Mtasker threads")="2048";
@@ -5704,8 +5691,6 @@ int main(int argc, char **argv)
         ::arg().set("socket-dir") = "/";
     }
 
-    ::arg().set("delegation-only")=toLower(::arg()["delegation-only"]);
-
     if(::arg().asNum("threads")==1) {
       if (::arg().mustDo("pdns-distributes-queries")) {
         g_log<<Logger::Warning<<"Only one thread, no need to distribute queries ourselves"<<endl;

diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc
index 08ca90b8a91e958b3bf82d98e93c1d2c9e1f50b5..dca663d9950e96f070b03654e6e28dfdec2f105f 100644 (file)
--- a/pdns/rec_channel_rec.cc
+++ b/pdns/rec_channel_rec.cc
@@ -1140,7 +1140,6 @@ static void registerAllStats1()
   addGetStat("over-capacity-drops", &g_stats.overCapacityDrops);
   addGetStat("policy-drops", &g_stats.policyDrops);
   addGetStat("no-packet-error", &g_stats.noPacketError);
-  addGetStat("dlg-only-drops", &SyncRes::s_nodelegated);
   addGetStat("ignored-packets", &g_stats.ignoredCount);
   addGetStat("empty-queries", &g_stats.emptyQueriesCount);
   addGetStat("max-mthread-stack", &g_stats.maxMThreadStackUsage);

diff --git a/pdns/recursordist/RECURSOR-MIB.txt b/pdns/recursordist/RECURSOR-MIB.txt
index 955f729ff5341168b0ba452b8349b9d261e98d99..49724d6fdb9d3b5382338f6022d77daa92e6c4aa 100644 (file)
--- a/pdns/recursordist/RECURSOR-MIB.txt
+++ b/pdns/recursordist/RECURSOR-MIB.txt
@@ -407,7 +407,7 @@ dlgOnlyDrops OBJECT-TYPE
     MAX-ACCESS read-only
     STATUS current
     DESCRIPTION
-        "Number of records dropped because of they belonged to a delegation-only zone"
+        "Obsolete"
     ::= { stats 46 }
 
 ignoredPackets OBJECT-TYPE

diff --git a/pdns/recursordist/docs/manpages/pdns_recursor.1.rst b/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
index 505224e6576d3faca5c7bb141de5b76cb5134627..e9ee42caff77133344d15349b7364002ee1e0adc 100644 (file)
--- a/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
+++ b/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
@@ -53,8 +53,6 @@ at `<https://doc.powerdns.com/>`
     ``pdns_recursor --config | grep ' config-dir='``.
 --daemon
     Operate as a daemon.
---delegation-only
-    Which domains we only accept delegations from (a Verisign special).
 --entropy-source=<file>
     Read new entropy from *file*, defaults to /dev/urandom.
 --export-etc-hosts

diff --git a/pdns/recursordist/docs/metrics.rst b/pdns/recursordist/docs/metrics.rst
index 8856036ca2a7427cdd810d7dfa00e3556e894b9a..f97deee77fb019a5d51ea378be4c4ae4b50c7795 100644 (file)
--- a/pdns/recursordist/docs/metrics.rst
+++ b/pdns/recursordist/docs/metrics.rst
@@ -266,10 +266,6 @@ cpu-steal
 
 Stolen time, which is the time spent by the whole system in other operating systems when running in a virtualized environment, in units of USER_HZ.
 
-dlg-only-drops
-^^^^^^^^^^^^^^
-number of records dropped because of :ref:`setting-delegation-only` setting
-
 dnssec-authentic-data-queries
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 .. versionadded:: 4.2

diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index 5914ce1b954ccace41edfb7f141570fddf3136af..e5c01550d4ed9b87e23e1e77b755a1071a5bdb07 100644 (file)
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -285,14 +285,6 @@ This parameter is only available on OS that provides the `pthread_setaffinity_np
 
 Operate in the background.
 
-.. _setting-delegation-only:
-
-``delegation-only``
--------------------
--  Domains, comma separated
-
-Which domains we only accept delegations from (a Verisign special).
-
 .. _setting-dont-throttle-names:
 
 ``dont-throttle-names``

diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc
index 385ea0946046b8019f9a691ed6d91ceb4dae3d44..d593d5c62f818b8ac81729e0bd36c8400c971c20 100644 (file)
--- a/pdns/recursordist/test-syncres_cc.cc
+++ b/pdns/recursordist/test-syncres_cc.cc
@@ -172,7 +172,6 @@ void initSR(bool debug)
   SyncRes::addEDNSLocalSubnet("::/0");
   SyncRes::clearEDNSRemoteSubnets();
   SyncRes::clearEDNSDomains();
-  SyncRes::clearDelegationOnly();
   SyncRes::clearDontQuery();
   SyncRes::setECSScopeZeroAddress(Netmask("127.0.0.1/32"));
   SyncRes::s_qnameminimization = false;

diff --git a/pdns/recursordist/test-syncres_cc3.cc b/pdns/recursordist/test-syncres_cc3.cc
index 856efffd190bf906b96e9f35b2e611d13f0e2cf3..9e6f51376d8686ecac947dfc33a5125db8bdfe5d 100644 (file)
--- a/pdns/recursordist/test-syncres_cc3.cc
+++ b/pdns/recursordist/test-syncres_cc3.cc
@@ -42,42 +42,6 @@ BOOST_AUTO_TEST_CASE(test_cache_auth)
   BOOST_CHECK_EQUAL(getRR<ARecordContent>(cached.at(0))->getCA().toString(), ComboAddress("192.0.2.2").toString());
 }
 
-BOOST_AUTO_TEST_CASE(test_delegation_only)
-{
-  std::unique_ptr<SyncRes> sr;
-  initSR(sr);
-
-  primeHints();
-
-  /* Thanks, Verisign */
-  SyncRes::addDelegationOnly(DNSName("com."));
-  SyncRes::addDelegationOnly(DNSName("net."));
-
-  const DNSName target("nx-powerdns.com.");
-
-  sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, LWResult* res, bool* chained) {
-    if (isRootServer(ip)) {
-      setLWResult(res, 0, false, false, true);
-      addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800);
-      addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
-      return LWResult::Result::Success;
-    }
-    else if (ip == ComboAddress("192.0.2.1:53")) {
-
-      setLWResult(res, 0, true, false, true);
-      addRecordToLW(res, domain, QType::A, "192.0.2.42");
-      return LWResult::Result::Success;
-    }
-
-    return LWResult::Result::Timeout;
-  });
-
-  vector<DNSRecord> ret;
-  int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
-  BOOST_CHECK_EQUAL(res, RCode::NXDomain);
-  BOOST_CHECK_EQUAL(ret.size(), 0U);
-}
-
 BOOST_AUTO_TEST_CASE(test_unauth_any)
 {
   std::unique_ptr<SyncRes> sr;

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 9b39a588ac0dbedb9c4de70503118a0ed4caf569..6668851f53f35e2906dedaceb7c6d3a649cb90a6 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -40,7 +40,6 @@
 thread_local SyncRes::ThreadLocalStorage SyncRes::t_sstorage;
 thread_local std::unique_ptr<addrringbuf_t> t_timeouts;
 
-std::unordered_set<DNSName> SyncRes::s_delegationOnly;
 std::unique_ptr<NetmaskGroup> SyncRes::s_dontQuery{nullptr};
 NetmaskGroup SyncRes::s_ednslocalsubnets;
 NetmaskGroup SyncRes::s_ednsremotesubnets;
@@ -76,7 +75,6 @@ std::atomic<uint64_t> SyncRes::s_tcpoutqueries;
 std::atomic<uint64_t> SyncRes::s_throttledqueries;
 std::atomic<uint64_t> SyncRes::s_dontqueries;
 std::atomic<uint64_t> SyncRes::s_qnameminfallbacksuccess;
-std::atomic<uint64_t> SyncRes::s_nodelegated;
 std::atomic<uint64_t> SyncRes::s_unreachables;
 std::atomic<uint64_t> SyncRes::s_ecsqueries;
 std::atomic<uint64_t> SyncRes::s_ecsresponses;
@@ -3101,11 +3099,6 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
       else if (rec.d_type == QType::DS && rec.d_name == auth) {
         LOG("NO - DS provided by child zone"<<endl);
       }
-      else if (lwr.d_aabit && lwr.d_rcode==RCode::NoError && rec.d_place==DNSResourceRecord::ANSWER && ((rec.d_type != QType::DNSKEY && rec.d_type != QType::DS) || rec.d_name != auth) && s_delegationOnly.count(auth)) {
-        LOG("NO! Is from delegation-only zone"<<endl);
-        s_nodelegated++;
-        return RCode::NXDomain;
-      }
       else {
         bool haveLogged = false;
         if (isDNAMEAnswer && rec.d_type == QType::CNAME) {

diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index 1a32e196f847b95cde287a7a5e495717be71f113..ced9c93e11c22b91aaafeb27a955734b3ba64d3c 100644 (file)
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -421,14 +421,6 @@ public:
   static uint64_t doDumpFailedServers(int fd);
   static uint64_t doDumpNonResolvingNS(int fd);
   static int getRootNS(struct timeval now, asyncresolve_t asyncCallback, unsigned int depth);
-  static void clearDelegationOnly()
-  {
-    s_delegationOnly.clear();
-  }
-  static void addDelegationOnly(const DNSName& name)
-  {
-    s_delegationOnly.insert(name);
-  }
   static void addDontQuery(const std::string& mask)
   {
     if (!s_dontQuery)
@@ -750,7 +742,6 @@ public:
   static std::atomic<uint64_t> s_authzonequeries;
   static std::atomic<uint64_t> s_outqueries;
   static std::atomic<uint64_t> s_tcpoutqueries;
-  static std::atomic<uint64_t> s_nodelegated;
   static std::atomic<uint64_t> s_unreachables;
   static std::atomic<uint64_t> s_ecsqueries;
   static std::atomic<uint64_t> s_ecsresponses;
@@ -811,7 +802,6 @@ private:
   ComboAddress d_requestor;
   ComboAddress d_cacheRemote;
 
-  static std::unordered_set<DNSName> s_delegationOnly;
   static NetmaskGroup s_ednslocalsubnets;
   static NetmaskGroup s_ednsremotesubnets;
   static SuffixMatchNode s_ednsdomains;

diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index 2ed46e5c5e02a1b81a74cab380381aec3c3f15e3..95eef12ddcab2ab2cd01bc51afec23dbeadc179a 100644 (file)
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -590,10 +590,6 @@ const std::map<std::string, MetricDefinition> MetricDefinitionStorage::metrics =
   {"cpu-msec-thread-0",
    MetricDefinition(PrometheusMetricType::counter,
                     "Number of milliseconds spent in thread n")},
-  {"dlg-only-drops",
-   MetricDefinition(PrometheusMetricType::counter,
-                    "Number of records dropped because of `setting-delegation-only` setting")},
-
   {"dnssec-authentic-data-queries",
    MetricDefinition(PrometheusMetricType::counter,
                     "Number of queries received with the AD bit set")},

diff --git a/regression-tests.recursor/TODO b/regression-tests.recursor/TODO
index 24bc35cd3a02e33d023a83b84ca06a276de6bbcd..ce48297397d9735a6c774d55992e8c0d2e6e024d 100644 (file)
--- a/regression-tests.recursor/TODO
+++ b/regression-tests.recursor/TODO
@@ -4,5 +4,4 @@ Test suggestions:
 - export-etc-hosts and -suffix
 - lua stuff
 - auth-zones
-- delegation-only
 - forward-zones