From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 17 Mar 2020 11:15:41 +0000 (+0100)
Subject: Recursor: deprecate query-local-address6
X-Git-Tag: dnsdist-1.5.0-rc3~53^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea02eebaefc3ada1bb621755855079d13160b885;p=thirdparty%2Fpdns.git

Recursor: deprecate query-local-address6

Merged with query-local-address
---

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index d94076e61e..96bdffd322 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -3991,7 +3991,11 @@ static int serviceMain(int argc, char*argv[])
   checkLinuxIPv6Limits();
   try {
     pdns::parseQueryLocalAddress(::arg()["query-local-address"]);
-    pdns::parseQueryLocalAddress(::arg()["query-local-address6"]);
+    if (!::arg()["query-local-address6"].empty()) {
+      // TODO remove in 4.5.0
+      g_log<<Logger::Warning<<"query-local-address6 is deprecated and will be removed in a future version. Please use query-local-address for IPv6 addresses as well"<<endl;
+      pdns::parseQueryLocalAddress(::arg()["query-local-address6"]);
+    }
   }
   catch(std::exception& e) {
     g_log<<Logger::Error<<"Assigning local query addresses: "<<e.what();
@@ -4003,7 +4007,7 @@ static int serviceMain(int argc, char*argv[])
     g_log<<Logger::Warning<<"Enabling IPv6 transport for outgoing queries"<<endl;
   }
   else {
-    g_log<<Logger::Warning<<"NOT using IPv6 for outgoing queries - set 'query-local-address6=::' to enable"<<endl;
+    g_log<<Logger::Warning<<"NOT using IPv6 for outgoing queries - add an IPv6 address (like '::') to query-local-address to enable"<<endl;
   }
 
   // keep this ABOVE loadRecursorLuaConfig!
@@ -4797,7 +4801,7 @@ int main(int argc, char **argv)
     ::arg().set("socket-dir",string("Where the controlsocket will live, ")+LOCALSTATEDIR+"/pdns-recursor when unset and not chrooted" )="";
     ::arg().set("delegation-only","Which domains we only accept delegations from")="";
     ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
-    ::arg().set("query-local-address6","Source IPv6 address for sending queries. IF UNSET, IPv6 WILL NOT BE USED FOR OUTGOING QUERIES")="";
+    ::arg().set("query-local-address6","DEPRECATED: Use query-local-address for IPv6 as well. Source IPv6 address for sending queries. IF UNSET, IPv6 WILL NOT BE USED FOR OUTGOING QUERIES")="";
     ::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2";
     ::arg().set("max-mthreads", "Maximum number of simultaneous Mtasker threads")="2048";
     ::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128";
diff --git a/pdns/recursordist/docs/lua-config/rpz.rst b/pdns/recursordist/docs/lua-config/rpz.rst
index 8cd75debf5..93a2e3a6d9 100644
--- a/pdns/recursordist/docs/lua-config/rpz.rst
+++ b/pdns/recursordist/docs/lua-config/rpz.rst
@@ -146,7 +146,7 @@ The default value of 0 means no restriction.
 localAddress
 ^^^^^^^^^^^^
 The source IP address to use when transferring the RPZ.
-When unset, :ref:`setting-query-local-address` and :ref:`setting-query-local-address6` are used.
+When unset, :ref:`setting-query-local-address` is used.
 
 axfrTimeout
 ^^^^^^^^^^^
diff --git a/pdns/recursordist/docs/manpages/pdns_recursor.1.rst b/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
index be117f4501..689d09cc8e 100644
--- a/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
+++ b/pdns/recursordist/docs/manpages/pdns_recursor.1.rst
@@ -88,12 +88,8 @@ at `<https://doc.powerdns.com/>`
     Maximum number of simultaneous TCP clients.
 --max-tcp-per-client=<num>
     If set, maximum number of TCP sessions per client (IP address).
---query-local-address=<address>
+--query-local-address=<address>[,address...]
     Use *address* as Source IP address when sending queries.
---query-local-address6=<address>
-    Send out local IPv6 queries from *address*. Disabled by default,
-    which also disables outgoing IPv6 support. A useful setting is
-    '::0'.
 --quiet
     Suppress logging of questions and answers.
 --server-id=<text>
diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index e5338cc7ea..1591dcd55f 100644
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -529,7 +529,7 @@ The IP address sent via EDNS Client Subnet to authoritative servers listed in
 `edns-subnet-whitelist`_ when `use-incoming-edns-subnet`_ is set and the query has
 an ECS source prefix-length set to 0.
 The default is to look for the first usable (not an ``any`` one) address in
-`query-local-address`_ then `query-local-address6`_. If no suitable address is
+`query-local-address`_ (starting with IPv4). If no suitable address is
 found, the recursor fallbacks to sending 127.0.0.1.
 
 .. _setting-edns-outgoing-bufsize:
@@ -1280,15 +1280,24 @@ described in :rfc:`7816`.
 
 ``query-local-address``
 -----------------------
--  IPv4 Address, comma separated
+.. versionchanged:: 4.4.0
+  IPv6 addresses can be set with this option as well.
+
+-  IP addresses, comma separated
 -  Default: 0.0.0.0
 
-Send out local queries from this address, or addresses, by adding multiple addresses, increased spoofing resilience is achieved.
+Send out local queries from this address, or addresses. By adding multiple
+addresses, increased spoofing resilience is achieved. When no address of a certain
+address family is configured, there are *no* queries sent with that address family.
+In the default configuration this means that IPv6 is not used for outgoing queries.
 
 .. _setting-query-local-address6:
 
 ``query-local-address6``
 ------------------------
+.. deprecated:: 4.4.0
+  Use :ref:`setting-query-local-address` for IPv4 and IPv6.
+
 -  IPv6 addresses, comma separated
 -  Default: unset
 
diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index c9c456d519..423e3f9022 100644
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -160,11 +160,9 @@ uint16_t Resolver::sendResolve(const ComboAddress& remote, const ComboAddress& l
   // choose socket based on local
   if (local.sin4.sin_family == 0) {
     // up to us.
-    if (remote.sin4.sin_family == AF_INET && !pdns::isQueryLocalAddressFamilyEnabled(AF_INET)) {
-      throw ResolverException("No IPv4 socket available, is query-local-address set?");
-    }
-    if (remote.sin4.sin_family == AF_INET6 && !pdns::isQueryLocalAddressFamilyEnabled(AF_INET6)) {
-      throw ResolverException("No IPv6 socket available, is query-local-address6 set?");
+    if (!pdns::isQueryLocalAddressFamilyEnabled(remote.sin4.sin_family)) {
+      string ipv = remote.sin4.sin_family == AF_INET ? "4" : "6";
+      throw ResolverException("No IPv" + ipv + " socket available, is such an address configured in query-local-address?");
     }
     sock = remote.sin4.sin_family == AF_INET ? locals["default4"] : locals["default6"];
   } else {
diff --git a/regression-tests.recursor-dnssec/test_ECS.py b/regression-tests.recursor-dnssec/test_ECS.py
index 26038091e8..6d746f5abb 100644
--- a/regression-tests.recursor-dnssec/test_ECS.py
+++ b/regression-tests.recursor-dnssec/test_ECS.py
@@ -350,7 +350,7 @@ ecs-ipv6-bits=128
 ecs-ipv4-cache-bits=32
 ecs-ipv6-cache-bits=128
 forward-zones=ecs-echo.example=%s.21
-query-local-address6=::1
+query-local-address=::1
     """ % (os.environ['PREFIX'])
 
     def testSendECS(self):
@@ -367,8 +367,7 @@ query-local-address6=::1
         self.sendECSQuery(query, expected, ttlECS)
 
     def testRequireNoECS(self):
-        # we should get ::1/128 because neither ecs-scope-zero-addr nor query-local-address are set,
-        # but query-local-address6 is set to ::1
+        # we should get ::1/128 because ecs-scope-zero-addr is unset and query-local-address is set to ::1
         expected = dns.rrset.from_text(nameECS, ttlECS, dns.rdataclass.IN, 'TXT', "::1/128")
 
         ecso = clientsubnetoption.ClientSubnetOption('0.0.0.0', 0)
diff --git a/regression-tests/recursor-test b/regression-tests/recursor-test
index 4d38c9fc67..e65bbc257c 100755
--- a/regression-tests/recursor-test
+++ b/regression-tests/recursor-test
@@ -19,7 +19,7 @@ shards=$5
 
 if [ $IPv6 = 1 ]
 then
-	QLA6="::"
+	QLA6=" ::"
 else
 	QLA6=""
 fi
@@ -31,7 +31,7 @@ rm -f recursor.pid pdns_recursor.pid
 <measurement><name>system CPU seconds</name><value>%S</value></measurement>
 <measurement><name>wallclock seconds</name><value>%e</value></measurement>
 <measurement><name>%% CPU used</name><value>%P</value></measurement>
-'         ${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --max-mthreads=$mthreads --query-local-address6="${QLA6}" --threads=$threads --cache-shards=$shards --disable-packetcache > recursor.log 2>&1 &
+'         ${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --max-mthreads=$mthreads --query-local-address="0.0.0.0${QLA6}" --threads=$threads --cache-shards=$shards --disable-packetcache > recursor.log 2>&1 &
 sleep 3
 
 # warm up the cache
diff --git a/regression-tests/recursor-test-freebsd b/regression-tests/recursor-test-freebsd
index 5cdda71680..47ec529df0 100644
--- a/regression-tests/recursor-test-freebsd
+++ b/regression-tests/recursor-test-freebsd
@@ -12,13 +12,13 @@ limit=$2
 
 if [ $IPv6 = 1 ]
 then
-	QLA6="::"
+	QLA6=" ::"
 else
 	QLA6=""
 fi
 
 rm -f recursor.pid pdns_recursor.pid
-${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --local-address=0.0.0.0 --allow-from=0.0.0.0/0 --query-local-address6="${QLA6}" > recursor.log 2>&1 &
+${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --local-address=0.0.0.0 --allow-from=0.0.0.0/0 --query-local-address="0.0.0.0${QLA6}" > recursor.log 2>&1 &
 sleep 3
 ./dnsbulktest -qe 37.252.127.190 $port $limit < ${CSV} > bulktest.results
 kill $(cat pdns_recursor.pid)