From f04f3abc93ee6f938f38aa00c9ad954873c2d2c0 Mon Sep 17 00:00:00 2001
From: xiaolong <xiaolonglife@163.com>
Date: Tue, 13 Apr 2021 10:47:20 +0800
Subject: [PATCH] Remove `delegation-only` from the recursor #7544

---
 docs/changelog/pre-4.0.rst                    |  1 -
 pdns/pdns_recursor.cc                         | 17 +--------
 pdns/rec_channel_rec.cc                       |  1 -
 pdns/recursordist/RECURSOR-MIB.txt            |  2 +-
 .../docs/manpages/pdns_recursor.1.rst         |  2 --
 pdns/recursordist/docs/metrics.rst            |  4 ---
 pdns/recursordist/docs/settings.rst           |  8 -----
 pdns/recursordist/test-syncres_cc.cc          |  1 -
 pdns/recursordist/test-syncres_cc3.cc         | 36 -------------------
 pdns/syncres.cc                               |  7 ----
 pdns/syncres.hh                               | 10 ------
 pdns/ws-recursor.cc                           |  4 ---
 regression-tests.recursor/TODO                |  1 -
 13 files changed, 2 insertions(+), 92 deletions(-)

diff --git a/docs/changelog/pre-4.0.rst b/docs/changelog/pre-4.0.rst
index 1dedd0ab57..ac5493cd29 100644
--- a/docs/changelog/pre-4.0.rst
+++ b/docs/changelog/pre-4.0.rst
@@ -4583,7 +4583,6 @@ New features
 ^^^^^^^^^^^^
 
 -  ^^version command (requested by Mike Benoit)
--  delegation-only, a Verisign special.
 -  Generic `SQLite <http://www.sqlite.org>`__ support, by Michel 'Who da
    man?' Stol. See `Generic SQLite
    backend <authoritative/backend-generic-sqlite.md>`__.
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 5ff39d9fc8..329767260b 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -3518,8 +3518,7 @@ static void doStats(void)
       << broadcastAccFunction<uint64_t>(pleaseGetFailedServersSize)<<", ednsmap: "
       <<broadcastAccFunction<uint64_t>(pleaseGetEDNSStatusesSize)<<endl;
     g_log<<Logger::Notice<<"stats: outpacket/query ratio "<<ratePercentage(SyncRes::s_outqueries, SyncRes::s_queries)<<"%";
-    g_log<<Logger::Notice<<", "<<ratePercentage(SyncRes::s_throttledqueries, SyncRes::s_outqueries+SyncRes::s_throttledqueries)<<"% throttled, "
-     <<SyncRes::s_nodelegated<<" no-delegation drops"<<endl;
+    g_log<<Logger::Notice<<", "<<ratePercentage(SyncRes::s_throttledqueries, SyncRes::s_outqueries+SyncRes::s_throttledqueries)<<"% throttled"<<endl;
     g_log<<Logger::Notice<<"stats: "<<SyncRes::s_tcpoutqueries<<" outgoing tcp connections, "<<
       broadcastAccFunction<uint64_t>(pleaseGetConcurrentQueries)<<" queries running, "<<SyncRes::s_outgoingtimeouts<<" outgoing timeouts"<<endl;
 
@@ -4383,16 +4382,6 @@ void parseACLs()
   l_initialized = true;
 }
 
-
-static void setupDelegationOnly()
-{
-  vector<string> parts;
-  stringtok(parts, ::arg()["delegation-only"], ", \t");
-  for(const auto& p : parts) {
-    SyncRes::addDelegationOnly(DNSName(p));
-  }
-}
-
 static std::map<unsigned int, std::set<int> > parseCPUMap()
 {
   std::map<unsigned int, std::set<int> > result;
@@ -4659,7 +4648,6 @@ static int serviceMain(int argc, char*argv[])
     g_log<<Logger::Warning<<"PowerDNS Recursor itself will distribute queries over threads"<<endl;
   }
 
-  setupDelegationOnly();
   g_outgoingEDNSBufsize=::arg().asNum("edns-outgoing-bufsize");
 
   if(::arg()["trace"]=="fail") {
@@ -5487,7 +5475,6 @@ int main(int argc, char **argv)
 #else
       )="";
 #endif
-    ::arg().set("delegation-only","Which domains we only accept delegations from")="";
     ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
     ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2";
     ::arg().set("max-mthreads", "Maximum number of simultaneous Mtasker threads")="2048";
@@ -5704,8 +5691,6 @@ int main(int argc, char **argv)
         ::arg().set("socket-dir") = "/";
     }
 
-    ::arg().set("delegation-only")=toLower(::arg()["delegation-only"]);
-
     if(::arg().asNum("threads")==1) {
       if (::arg().mustDo("pdns-distributes-queries")) {
         g_log<<Logger::Warning<<"Only one thread, no need to distribute queries ourselves"<<endl;
diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc
index 08ca90b8a9..dca663d995 100644
--- a/pdns/rec_channel_rec.cc
+++ b/pdns/rec_channel_rec.cc
@@ -1140,7 +1140,6 @@ static void registerAllStats1()
   addGetStat("over-capacity-drops", &g_stats.overCapacityDrops);
   addGetStat("policy-drops", &g_stats.policyDrops);
   addGetStat("no-packet-error", &g_stats.noPacketError);
-  addGetStat("dlg-only-drops", &SyncRes::s_nodelegated);
   addGetStat("ignored-packets", &g_stats.ignoredCount);
   addGetStat("empty-queries", &g_stats.emptyQueriesCount);
   addGetStat("max-mthread-stack", &g_stats.maxMThreadStackUsage);
diff --git a/pdns/recursordist/RECURSOR-MIB.txt b/pdns/recursordist/RECURSOR-MIB.txt
index 955f729ff5..49724d6fdb 100644
--- a/pdns/recursordist/RECURSOR-MIB.txt
+++ b/pdns/recursordist/RECURSOR-MIB.txt
@@ -407,7 +407,7 @@ dlgOnlyDrops OBJECT-TYPE
     MAX-ACCESS read-only
     STATUS current
     DESCRIPTION
-        "Number of records dropped because of they belonged to a delegation-only zone"
+        "Obsolete"
     ::= { stats 46 }
 
 ignoredPackets OBJECT-TYPE
diff --git a/pdns/recursordist/docs/manpages/pdns_recursor.1.rst b/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
index 505224e657..e9ee42caff 100644
--- a/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
+++ b/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
@@ -53,8 +53,6 @@ at `<https://doc.powerdns.com/>`
     ``pdns_recursor --config | grep ' config-dir='``.
 --daemon
     Operate as a daemon.
---delegation-only
-    Which domains we only accept delegations from (a Verisign special).
 --entropy-source=<file>
     Read new entropy from *file*, defaults to /dev/urandom.
 --export-etc-hosts
diff --git a/pdns/recursordist/docs/metrics.rst b/pdns/recursordist/docs/metrics.rst
index 8856036ca2..f97deee77f 100644
--- a/pdns/recursordist/docs/metrics.rst
+++ b/pdns/recursordist/docs/metrics.rst
@@ -266,10 +266,6 @@ cpu-steal
 
 Stolen time, which is the time spent by the whole system in other operating systems when running in a virtualized environment, in units of USER_HZ.
 
-dlg-only-drops
-^^^^^^^^^^^^^^
-number of records dropped because of :ref:`setting-delegation-only` setting
-
 dnssec-authentic-data-queries
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 .. versionadded:: 4.2
diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index 5914ce1b95..e5c01550d4 100644
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -285,14 +285,6 @@ This parameter is only available on OS that provides the `pthread_setaffinity_np
 
 Operate in the background.
 
-.. _setting-delegation-only:
-
-``delegation-only``
--------------------
--  Domains, comma separated
-
-Which domains we only accept delegations from (a Verisign special).
-
 .. _setting-dont-throttle-names:
 
 ``dont-throttle-names``
diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc
index 385ea09460..d593d5c62f 100644
--- a/pdns/recursordist/test-syncres_cc.cc
+++ b/pdns/recursordist/test-syncres_cc.cc
@@ -172,7 +172,6 @@ void initSR(bool debug)
   SyncRes::addEDNSLocalSubnet("::/0");
   SyncRes::clearEDNSRemoteSubnets();
   SyncRes::clearEDNSDomains();
-  SyncRes::clearDelegationOnly();
   SyncRes::clearDontQuery();
   SyncRes::setECSScopeZeroAddress(Netmask("127.0.0.1/32"));
   SyncRes::s_qnameminimization = false;
diff --git a/pdns/recursordist/test-syncres_cc3.cc b/pdns/recursordist/test-syncres_cc3.cc
index 856efffd19..9e6f51376d 100644
--- a/pdns/recursordist/test-syncres_cc3.cc
+++ b/pdns/recursordist/test-syncres_cc3.cc
@@ -42,42 +42,6 @@ BOOST_AUTO_TEST_CASE(test_cache_auth)
   BOOST_CHECK_EQUAL(getRR<ARecordContent>(cached.at(0))->getCA().toString(), ComboAddress("192.0.2.2").toString());
 }
 
-BOOST_AUTO_TEST_CASE(test_delegation_only)
-{
-  std::unique_ptr<SyncRes> sr;
-  initSR(sr);
-
-  primeHints();
-
-  /* Thanks, Verisign */
-  SyncRes::addDelegationOnly(DNSName("com."));
-  SyncRes::addDelegationOnly(DNSName("net."));
-
-  const DNSName target("nx-powerdns.com.");
-
-  sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, LWResult* res, bool* chained) {
-    if (isRootServer(ip)) {
-      setLWResult(res, 0, false, false, true);
-      addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800);
-      addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
-      return LWResult::Result::Success;
-    }
-    else if (ip == ComboAddress("192.0.2.1:53")) {
-
-      setLWResult(res, 0, true, false, true);
-      addRecordToLW(res, domain, QType::A, "192.0.2.42");
-      return LWResult::Result::Success;
-    }
-
-    return LWResult::Result::Timeout;
-  });
-
-  vector<DNSRecord> ret;
-  int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
-  BOOST_CHECK_EQUAL(res, RCode::NXDomain);
-  BOOST_CHECK_EQUAL(ret.size(), 0U);
-}
-
 BOOST_AUTO_TEST_CASE(test_unauth_any)
 {
   std::unique_ptr<SyncRes> sr;
diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 9b39a588ac..6668851f53 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -40,7 +40,6 @@
 thread_local SyncRes::ThreadLocalStorage SyncRes::t_sstorage;
 thread_local std::unique_ptr<addrringbuf_t> t_timeouts;
 
-std::unordered_set<DNSName> SyncRes::s_delegationOnly;
 std::unique_ptr<NetmaskGroup> SyncRes::s_dontQuery{nullptr};
 NetmaskGroup SyncRes::s_ednslocalsubnets;
 NetmaskGroup SyncRes::s_ednsremotesubnets;
@@ -76,7 +75,6 @@ std::atomic<uint64_t> SyncRes::s_tcpoutqueries;
 std::atomic<uint64_t> SyncRes::s_throttledqueries;
 std::atomic<uint64_t> SyncRes::s_dontqueries;
 std::atomic<uint64_t> SyncRes::s_qnameminfallbacksuccess;
-std::atomic<uint64_t> SyncRes::s_nodelegated;
 std::atomic<uint64_t> SyncRes::s_unreachables;
 std::atomic<uint64_t> SyncRes::s_ecsqueries;
 std::atomic<uint64_t> SyncRes::s_ecsresponses;
@@ -3101,11 +3099,6 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
       else if (rec.d_type == QType::DS && rec.d_name == auth) {
         LOG("NO - DS provided by child zone"<<endl);
       }
-      else if (lwr.d_aabit && lwr.d_rcode==RCode::NoError && rec.d_place==DNSResourceRecord::ANSWER && ((rec.d_type != QType::DNSKEY && rec.d_type != QType::DS) || rec.d_name != auth) && s_delegationOnly.count(auth)) {
-        LOG("NO! Is from delegation-only zone"<<endl);
-        s_nodelegated++;
-        return RCode::NXDomain;
-      }
       else {
         bool haveLogged = false;
         if (isDNAMEAnswer && rec.d_type == QType::CNAME) {
diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index 1a32e196f8..ced9c93e11 100644
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -421,14 +421,6 @@ public:
   static uint64_t doDumpFailedServers(int fd);
   static uint64_t doDumpNonResolvingNS(int fd);
   static int getRootNS(struct timeval now, asyncresolve_t asyncCallback, unsigned int depth);
-  static void clearDelegationOnly()
-  {
-    s_delegationOnly.clear();
-  }
-  static void addDelegationOnly(const DNSName& name)
-  {
-    s_delegationOnly.insert(name);
-  }
   static void addDontQuery(const std::string& mask)
   {
     if (!s_dontQuery)
@@ -750,7 +742,6 @@ public:
   static std::atomic<uint64_t> s_authzonequeries;
   static std::atomic<uint64_t> s_outqueries;
   static std::atomic<uint64_t> s_tcpoutqueries;
-  static std::atomic<uint64_t> s_nodelegated;
   static std::atomic<uint64_t> s_unreachables;
   static std::atomic<uint64_t> s_ecsqueries;
   static std::atomic<uint64_t> s_ecsresponses;
@@ -811,7 +802,6 @@ private:
   ComboAddress d_requestor;
   ComboAddress d_cacheRemote;
 
-  static std::unordered_set<DNSName> s_delegationOnly;
   static NetmaskGroup s_ednslocalsubnets;
   static NetmaskGroup s_ednsremotesubnets;
   static SuffixMatchNode s_ednsdomains;
diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index 2ed46e5c5e..95eef12ddc 100644
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -590,10 +590,6 @@ const std::map<std::string, MetricDefinition> MetricDefinitionStorage::metrics =
   {"cpu-msec-thread-0",
    MetricDefinition(PrometheusMetricType::counter,
                     "Number of milliseconds spent in thread n")},
-  {"dlg-only-drops",
-   MetricDefinition(PrometheusMetricType::counter,
-                    "Number of records dropped because of `setting-delegation-only` setting")},
-
   {"dnssec-authentic-data-queries",
    MetricDefinition(PrometheusMetricType::counter,
                     "Number of queries received with the AD bit set")},
diff --git a/regression-tests.recursor/TODO b/regression-tests.recursor/TODO
index 24bc35cd3a..ce48297397 100644
--- a/regression-tests.recursor/TODO
+++ b/regression-tests.recursor/TODO
@@ -4,5 +4,4 @@ Test suggestions:
 - export-etc-hosts and -suffix
 - lua stuff
 - auth-zones
-- delegation-only
 - forward-zones
-- 
2.47.2