set "multi-master" automatically with multiple primaries

By default, named logs a message at level info if a secondary
zone receives an update indicating that the serial number has
gone backwards. The "multi-master" option was provided to
allow this message to be suppressed if a zone was configured
with multiple primary servers.

That option has now been marked obsolete. The message is now
logged at debug level 1 when there are multiple primary server
addresses configured for the zone. It is still logged at level
info if there is only address.

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 0699fdb6b6ba00d0e39a888baca51c5ecd055caa..0ed261895c12e7fe5f5c5618ccf5dbbf7ee60735 100644 (file)
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -897,7 +897,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
        const char *dupcheck;
        dns_checkdstype_t checkdstype = dns_checkdstype_yes;
        dns_notifytype_t notifytype = dns_notifytype_yes;
-       uint32_t count;
        unsigned int dbargc;
        char **dbargv;
        static char default_dbtype[] = ZONEDB_DEFAULT;
@@ -907,7 +906,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
        dns_zonetype_t ztype;
        int i;
        int32_t journal_size;
-       bool multi;
        dns_kasp_t *kasp = NULL;
        bool check = false, fail = false;
        bool warn = false, ignore = false;
@@ -1838,7 +1836,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
        case dns_zone_secondary:
        case dns_zone_stub:
        case dns_zone_redirect:
-               count = 0;
                obj = NULL;
                (void)cfg_map_get(zoptions, "primaries", &obj);
                if (obj == NULL) {
@@ -1866,22 +1863,12 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
                        dns_zone_setprimaries(mayberaw, ipkl.addrs,
                                              ipkl.sources, ipkl.keys,
                                              ipkl.tlss, ipkl.count);
-                       count = ipkl.count;
                        dns_ipkeylist_clear(mctx, &ipkl);
                } else {
                        dns_zone_setprimaries(mayberaw, NULL, NULL, NULL, NULL,
                                              0);
                }
 
-               multi = false;
-               if (count > 1) {
-                       obj = NULL;
-                       result = named_config_get(maps, "multi-master", &obj);
-                       INSIST(result == ISC_R_SUCCESS && obj != NULL);
-                       multi = cfg_obj_asboolean(obj);
-               }
-               dns_zone_setoption(mayberaw, DNS_ZONEOPT_MULTIMASTER, multi);
-
                obj = NULL;
                result = named_config_get(maps, "max-transfer-time-in", &obj);
                INSIST(result == ISC_R_SUCCESS && obj != NULL);

diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index a4b35ba4ceb33a73b06784c4fd00eaeb346df508..6320feb8097fb6c5ca3e42f9f97a5ad41259b083 100644 (file)
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -736,5 +736,16 @@ if [ $ret != 0 ]; then
 fi
 status=$((status + ret))
 
+n=$((n + 1))
+echo_i "check for obsolete option warnings ($n)"
+ret=0
+$CHECKCONF warn-obsolete.conf >checkconf.out$n 2>&1 || ret=1
+grep -F "option 'multi-master' is obsolete and should be removed" checkconf.out$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+  echo_i "failed"
+  ret=1
+fi
+status=$((status + ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

diff --git a/bin/tests/system/checkconf/warn-obsolete.conf b/bin/tests/system/checkconf/warn-obsolete.conf
new file mode 100644 (file)
index 0000000..ddaf438
--- /dev/null
+++ b/bin/tests/system/checkconf/warn-obsolete.conf
@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone . {
+       type secondary;
+       primaries { 10.53.0.1; 10.53.0.2; };
+       multi-master yes;
+};

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 51a261c06860910678f321d416d508c7f756dac9..7518986367662255cef6f9afc712598bd732369b 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2525,13 +2525,9 @@ Boolean Options
    :any:`ixfr-from-differences` setting is ignored for that zone.
 
 .. namedconf:statement:: multi-master
-   :tags: transfer
-   :short: Controls whether serial number mismatch errors are logged.
+   :tags: obsolete
 
-   This should be set when there are multiple primary servers for a zone and the
-   addresses refer to different machines. If ``yes``, :iscman:`named` does not
-   log when the serial number on the primary is less than what :iscman:`named`
-   currently has. The default is ``no``.
+   This option no longer has any effect.
 
 .. namedconf:statement:: dnssec-validation
    :tags: dnssec

diff --git a/doc/misc/mirror.zoneopt b/doc/misc/mirror.zoneopt
index 72e90083bb89fddf197eb53fc42c347627ed5b1c..ea902418a16a59280582471547bab0573029112a 100644 (file)
--- a/doc/misc/mirror.zoneopt
+++ b/doc/misc/mirror.zoneopt
@@ -26,7 +26,7 @@ zone <string> [ <class> ] {
        max-types-per-name <integer>;
        min-refresh-time <integer>;
        min-retry-time <integer>;
-       multi-master <boolean>;
+       multi-master <boolean>; // obsolete
        notify ( explicit | master-only | primary-only | <boolean> );
        notify-delay <integer>;
        notify-source ( <ipv4_address> | * );

diff --git a/doc/misc/options b/doc/misc/options
index 39dda6d191df1602fb9e9f7210438242af5745dd..e9b95fc8e6edfa0e8bbc43b8c1698b53aee92973 100644 (file)
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -204,7 +204,7 @@ options {
        min-retry-time <integer>;
        minimal-any <boolean>;
        minimal-responses ( no-auth | no-auth-recursive | <boolean> );
-       multi-master <boolean>;
+       multi-master <boolean>; // obsolete
        new-zones-directory <quoted_string>;
        no-case-compress { <address_match_element>; ... };
        nocookie-udp-size <integer>;
@@ -489,7 +489,7 @@ view <string> [ <class> ] {
        min-retry-time <integer>;
        minimal-any <boolean>;
        minimal-responses ( no-auth | no-auth-recursive | <boolean> );
-       multi-master <boolean>;
+       multi-master <boolean>; // obsolete
        new-zones-directory <quoted_string>;
        no-case-compress { <address_match_element>; ... };
        nocookie-udp-size <integer>;

diff --git a/doc/misc/secondary.zoneopt b/doc/misc/secondary.zoneopt
index 3fef812cb7a0d280d0054940e0b8ce55673f4c06..789404e711f32e7494e9058a33e183a3c3b51c05 100644 (file)
--- a/doc/misc/secondary.zoneopt
+++ b/doc/misc/secondary.zoneopt
@@ -38,7 +38,7 @@ zone <string> [ <class> ] {
        max-types-per-name <integer>;
        min-refresh-time <integer>;
        min-retry-time <integer>;
-       multi-master <boolean>;
+       multi-master <boolean>; // obsolete
        notify ( explicit | master-only | primary-only | <boolean> );
        notify-delay <integer>;
        notify-source ( <ipv4_address> | * );

diff --git a/doc/misc/stub.zoneopt b/doc/misc/stub.zoneopt
index 04ab240f258f712117284c79abe1f03ff9e6ad58..5b76bca37e3f917b16c56d1772f3d5415e3c3240 100644 (file)
--- a/doc/misc/stub.zoneopt
+++ b/doc/misc/stub.zoneopt
@@ -18,7 +18,7 @@ zone <string> [ <class> ] {
        max-types-per-name <integer>;
        min-refresh-time <integer>;
        min-retry-time <integer>;
-       multi-master <boolean>;
+       multi-master <boolean>; // obsolete
        primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
        transfer-source ( <ipv4_address> | * );
        transfer-source-v6 ( <ipv6_address> | * );

diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h
index 8165c5a67f00cfaaffee74fa6a6311882e4f1636..4fa319d3b4f5b031e0f3ecece6971f1028893bfa 100644 (file)
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@@ -73,11 +73,9 @@ typedef enum {
        DNS_ZONEOPT_NOMERGE = 1 << 2,       /*%< don't merge journal */
        DNS_ZONEOPT_CHECKNS = 1 << 3,       /*%< check if NS's are addresses */
        DNS_ZONEOPT_FATALNS = 1 << 4,       /*%< DNS_ZONEOPT_CHECKNS is fatal */
-       DNS_ZONEOPT_MULTIMASTER = 1 << 5,   /*%< this zone has multiple
-                                                primaries */
-       DNS_ZONEOPT_USEALTXFRSRC = 1 << 6,  /*%< use alternate transfer sources.
-                                                Obsoleted. */
-       DNS_ZONEOPT_CHECKNAMES = 1 << 7,    /*%< check-names */
+       /*% 5: formerly _MULTIMASTER */
+       /*%< 6: formerly _USEALTXFRSRC */
+       DNS_ZONEOPT_CHECKNAMES = 1 << 7,     /*%< check-names */
        DNS_ZONEOPT_CHECKNAMESFAIL = 1 << 8, /*%< fatal check-name failures */
        DNS_ZONEOPT_CHECKWILDCARD = 1 << 9, /*%< check for internal wildcards */
        DNS_ZONEOPT_CHECKMX = 1 << 10,      /*%< check-mx */

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3e08b77da1dee22397d4ceb76617f22d22580127..ccd6850465b0abea9286a3598183fd1bd4408354 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -553,7 +553,7 @@ typedef enum {
        DNS_ZONEFLG_NOIXFR = 0x00100000U, /*%< IXFR failed, force AXFR */
        DNS_ZONEFLG_FLUSH = 0x00200000U,
        DNS_ZONEFLG_NOEDNS = 0x00400000U,
-       DNS_ZONEFLG_USEALTXFRSRC = 0x00800000U, /*%< Obsoleted. */
+       /* 0x00800000U obsoleted. */
        DNS_ZONEFLG_SOABEFOREAXFR = 0x01000000U,
        DNS_ZONEFLG_NEEDCOMPACT = 0x02000000U,
        DNS_ZONEFLG_REFRESHING = 0x04000000U, /*%< Refreshing keydata */
@@ -14246,16 +14246,13 @@ refresh_callback(void *arg) {
                dns_remote_mark(&zone->primaries, true);
                goto next_primary;
        } else {
-               if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MULTIMASTER)) {
-                       dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN,
-                                     ISC_LOG_INFO,
-                                     "serial number (%u) "
-                                     "received from primary %s < ours (%u)",
-                                     soa.serial, primary, oldserial);
-               } else {
-                       zone_debuglogc(zone, DNS_LOGCATEGORY_XFER_IN, __func__,
-                                      1, "ahead");
-               }
+               int level = (dns_remote_count(&zone->primaries) == 1)
+                                   ? ISC_LOG_INFO
+                                   : ISC_LOG_DEBUG(1);
+               dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, level,
+                             "serial number (%u) received from "
+                             "primary %s < ours (%u)",
+                             soa.serial, primary, oldserial);
                dns_remote_mark(&zone->primaries, true);
                goto next_primary;
        }

diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 967b29a75dcba9f613fde8e865f17eb43787ece5..98cae8d255641651203e241c400da2fa461fd2f9 100644 (file)
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -2316,7 +2316,8 @@ static cfg_clausedef_t zone_clauses[] = {
        { "min-retry-time", &cfg_type_uint32,
          CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
        { "multi-master", &cfg_type_boolean,
-         CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
+         CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
+                 CFG_CLAUSEFLAG_OBSOLETE },
        { "notify", &cfg_type_notifytype,
          CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
        { "notify-delay", &cfg_type_uint32,