From: Evan Hunt Date: Wed, 11 Dec 2024 19:07:53 +0000 (-0800) Subject: set "multi-master" automatically with multiple primaries X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0b3f00b0d607aa0c26c7fcd83c142db8433e5ca;p=thirdparty%2Fbind9.git set "multi-master" automatically with multiple primaries By default, named logs a message at level info if a secondary zone receives an update indicating that the serial number has gone backwards. The "multi-master" option was provided to allow this message to be suppressed if a zone was configured with multiple primary servers. That option has now been marked obsolete. The message is now logged at debug level 1 when there are multiple primary server addresses configured for the zone. It is still logged at level info if there is only address. --- diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 0699fdb6b6b..0ed261895c1 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -897,7 +897,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, const char *dupcheck; dns_checkdstype_t checkdstype = dns_checkdstype_yes; dns_notifytype_t notifytype = dns_notifytype_yes; - uint32_t count; unsigned int dbargc; char **dbargv; static char default_dbtype[] = ZONEDB_DEFAULT; @@ -907,7 +906,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, dns_zonetype_t ztype; int i; int32_t journal_size; - bool multi; dns_kasp_t *kasp = NULL; bool check = false, fail = false; bool warn = false, ignore = false; @@ -1838,7 +1836,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, case dns_zone_secondary: case dns_zone_stub: case dns_zone_redirect: - count = 0; obj = NULL; (void)cfg_map_get(zoptions, "primaries", &obj); if (obj == NULL) { @@ -1866,22 +1863,12 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, dns_zone_setprimaries(mayberaw, ipkl.addrs, ipkl.sources, ipkl.keys, ipkl.tlss, ipkl.count); - count = ipkl.count; dns_ipkeylist_clear(mctx, &ipkl); } else { dns_zone_setprimaries(mayberaw, NULL, NULL, NULL, NULL, 0); } - multi = false; - if (count > 1) { - obj = NULL; - result = named_config_get(maps, "multi-master", &obj); - INSIST(result == ISC_R_SUCCESS && obj != NULL); - multi = cfg_obj_asboolean(obj); - } - dns_zone_setoption(mayberaw, DNS_ZONEOPT_MULTIMASTER, multi); - obj = NULL; result = named_config_get(maps, "max-transfer-time-in", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index a4b35ba4ceb..6320feb8097 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -736,5 +736,16 @@ if [ $ret != 0 ]; then fi status=$((status + ret)) +n=$((n + 1)) +echo_i "check for obsolete option warnings ($n)" +ret=0 +$CHECKCONF warn-obsolete.conf >checkconf.out$n 2>&1 || ret=1 +grep -F "option 'multi-master' is obsolete and should be removed" checkconf.out$n >/dev/null || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" + ret=1 +fi +status=$((status + ret)) + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/checkconf/warn-obsolete.conf b/bin/tests/system/checkconf/warn-obsolete.conf new file mode 100644 index 00000000000..ddaf438e553 --- /dev/null +++ b/bin/tests/system/checkconf/warn-obsolete.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone . { + type secondary; + primaries { 10.53.0.1; 10.53.0.2; }; + multi-master yes; +}; diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 51a261c0686..75189863676 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -2525,13 +2525,9 @@ Boolean Options :any:`ixfr-from-differences` setting is ignored for that zone. .. namedconf:statement:: multi-master - :tags: transfer - :short: Controls whether serial number mismatch errors are logged. + :tags: obsolete - This should be set when there are multiple primary servers for a zone and the - addresses refer to different machines. If ``yes``, :iscman:`named` does not - log when the serial number on the primary is less than what :iscman:`named` - currently has. The default is ``no``. + This option no longer has any effect. .. namedconf:statement:: dnssec-validation :tags: dnssec diff --git a/doc/misc/mirror.zoneopt b/doc/misc/mirror.zoneopt index 72e90083bb8..ea902418a16 100644 --- a/doc/misc/mirror.zoneopt +++ b/doc/misc/mirror.zoneopt @@ -26,7 +26,7 @@ zone [ ] { max-types-per-name ; min-refresh-time ; min-retry-time ; - multi-master ; + multi-master ; // obsolete notify ( explicit | master-only | primary-only | ); notify-delay ; notify-source ( | * ); diff --git a/doc/misc/options b/doc/misc/options index 39dda6d191d..e9b95fc8e6e 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -204,7 +204,7 @@ options { min-retry-time ; minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; + multi-master ; // obsolete new-zones-directory ; no-case-compress { ; ... }; nocookie-udp-size ; @@ -489,7 +489,7 @@ view [ ] { min-retry-time ; minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; + multi-master ; // obsolete new-zones-directory ; no-case-compress { ; ... }; nocookie-udp-size ; diff --git a/doc/misc/secondary.zoneopt b/doc/misc/secondary.zoneopt index 3fef812cb7a..789404e711f 100644 --- a/doc/misc/secondary.zoneopt +++ b/doc/misc/secondary.zoneopt @@ -38,7 +38,7 @@ zone [ ] { max-types-per-name ; min-refresh-time ; min-retry-time ; - multi-master ; + multi-master ; // obsolete notify ( explicit | master-only | primary-only | ); notify-delay ; notify-source ( | * ); diff --git a/doc/misc/stub.zoneopt b/doc/misc/stub.zoneopt index 04ab240f258..5b76bca37e3 100644 --- a/doc/misc/stub.zoneopt +++ b/doc/misc/stub.zoneopt @@ -18,7 +18,7 @@ zone [ ] { max-types-per-name ; min-refresh-time ; min-retry-time ; - multi-master ; + multi-master ; // obsolete primaries [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; transfer-source ( | * ); transfer-source-v6 ( | * ); diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index 8165c5a67f0..4fa319d3b4f 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -73,11 +73,9 @@ typedef enum { DNS_ZONEOPT_NOMERGE = 1 << 2, /*%< don't merge journal */ DNS_ZONEOPT_CHECKNS = 1 << 3, /*%< check if NS's are addresses */ DNS_ZONEOPT_FATALNS = 1 << 4, /*%< DNS_ZONEOPT_CHECKNS is fatal */ - DNS_ZONEOPT_MULTIMASTER = 1 << 5, /*%< this zone has multiple - primaries */ - DNS_ZONEOPT_USEALTXFRSRC = 1 << 6, /*%< use alternate transfer sources. - Obsoleted. */ - DNS_ZONEOPT_CHECKNAMES = 1 << 7, /*%< check-names */ + /*% 5: formerly _MULTIMASTER */ + /*%< 6: formerly _USEALTXFRSRC */ + DNS_ZONEOPT_CHECKNAMES = 1 << 7, /*%< check-names */ DNS_ZONEOPT_CHECKNAMESFAIL = 1 << 8, /*%< fatal check-name failures */ DNS_ZONEOPT_CHECKWILDCARD = 1 << 9, /*%< check for internal wildcards */ DNS_ZONEOPT_CHECKMX = 1 << 10, /*%< check-mx */ diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 3e08b77da1d..ccd6850465b 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -553,7 +553,7 @@ typedef enum { DNS_ZONEFLG_NOIXFR = 0x00100000U, /*%< IXFR failed, force AXFR */ DNS_ZONEFLG_FLUSH = 0x00200000U, DNS_ZONEFLG_NOEDNS = 0x00400000U, - DNS_ZONEFLG_USEALTXFRSRC = 0x00800000U, /*%< Obsoleted. */ + /* 0x00800000U obsoleted. */ DNS_ZONEFLG_SOABEFOREAXFR = 0x01000000U, DNS_ZONEFLG_NEEDCOMPACT = 0x02000000U, DNS_ZONEFLG_REFRESHING = 0x04000000U, /*%< Refreshing keydata */ @@ -14246,16 +14246,13 @@ refresh_callback(void *arg) { dns_remote_mark(&zone->primaries, true); goto next_primary; } else { - if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MULTIMASTER)) { - dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, - ISC_LOG_INFO, - "serial number (%u) " - "received from primary %s < ours (%u)", - soa.serial, primary, oldserial); - } else { - zone_debuglogc(zone, DNS_LOGCATEGORY_XFER_IN, __func__, - 1, "ahead"); - } + int level = (dns_remote_count(&zone->primaries) == 1) + ? ISC_LOG_INFO + : ISC_LOG_DEBUG(1); + dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, level, + "serial number (%u) received from " + "primary %s < ours (%u)", + soa.serial, primary, oldserial); dns_remote_mark(&zone->primaries, true); goto next_primary; } diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 967b29a75dc..98cae8d2556 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -2316,7 +2316,8 @@ static cfg_clausedef_t zone_clauses[] = { { "min-retry-time", &cfg_type_uint32, CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB }, { "multi-master", &cfg_type_boolean, - CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB }, + CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB | + CFG_CLAUSEFLAG_OBSOLETE }, { "notify", &cfg_type_notifytype, CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR }, { "notify-delay", &cfg_type_uint32,