exit(1);
}
- result = isccfg_check_namedconf(config, loadplugins, logc, mctx);
+ result = isccfg_check_namedconf(config, loadplugins, nodeprecate, logc,
+ mctx);
if (result != ISC_R_SUCCESS) {
exit_status = 1;
}
* checked later when the modules are actually loaded and
* registered.)
*/
- result = isccfg_check_namedconf(config, false, named_g_lctx,
+ result = isccfg_check_namedconf(config, false, false, named_g_lctx,
named_g_mctx);
if (result != ISC_R_SUCCESS) {
goto cleanup_config;
use-v6-udp-ports { range 1024 65535; };
avoid-v4-udp-ports { range 1 1023; };
avoid-v6-udp-ports { range 1 1023; };
+
+ root-delegation-only exclude { "them"; };
};
trusted-keys {
};
zone example.com {
- type primary;
+ type primary;
file "maxttl-bad.db";
max-zone-ttl 120;
};
+
+zone "." {
+ type hint;
+ file "shared.example.db";
+ delegation-only yes;
+};
+
+zone com {
+ type delegation-only;
+};
grep "option 'use-v6-udp-ports' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
grep "option 'avoid-v4-udp-ports' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
grep "option 'avoid-v6-udp-ports' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
+grep "option 'delegation-only' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
+grep "option 'root-delegation-only' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
+grep "'type delegation-only' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
grep "token 'port' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
IPv4 and AAAA when responding to queries that arrived via IPv6.
.. namedconf:statement:: root-delegation-only
- :tags: query
+ :tags: deprecated
:short: Turns on enforcement of delegation-only in top-level domains (TLDs) and root zones with an optional exclude list.
This turns on enforcement of delegation-only in top-level domains (TLDs)
root-delegation-only exclude { "de"; "lv"; "us"; "museum"; };
};
+ This option is deprecated, and will be rendered non-operational in a
+ future release.
+
.. namedconf:statement:: disable-algorithms
:tags: dnssec
:short: Disables DNSSEC algorithms from a specified zone.
zones are reloaded along with other zones.
.. namedconf:statement:: type delegation-only
- :tags: query
+ :tags: deprecated
:short: Enforces the delegation-only status of infrastructure zones (COM, NET, ORG, etc.).
- This zone type is used to enforce the delegation-only status of infrastructure
- zones (e.g., COM, NET, ORG). Any answer that is received without an
- explicit or implicit delegation in the authority section is treated
- as NXDOMAIN. This does not apply to the zone apex, and should not be
- applied to leaf zones.
+ This zone type is used to enforce the delegation-only status of
+ infrastructure zones (e.g., COM, NET, ORG). Any answer that is received
+ without an explicit or implicit delegation in the authority section is
+ treated as NXDOMAIN. This does not apply to the zone apex, and should
+ not be applied to leaf zones.
:any:`delegation-only` has no effect on answers received from forwarders.
See caveats in :any:`root-delegation-only`.
+ This zone type is deprecated, and will be rendered non-operational in a
+ future release.
+
.. namedconf:statement:: in-view
:tags: view, zone
:short: Specifies the view in which a given zone is defined.
See the description of :any:`dialup` in :ref:`boolean_options`.
.. namedconf:statement:: delegation-only
- :tags: zone
+ :tags: deprecated
:short: Indicates that a forward, hint, or stub zone is to be treated as a delegation-only type zone.
This flag only applies to forward, hint, and stub zones. If set to
See caveats in :any:`root-delegation-only`.
+ This option is deprecated, and will be rendered non-operational in a
+ future release.
+
.. namedconf:statement:: file
:tags: zone
:short: Specifies the zone's filename.
zone <string> [ <class> ] {
type forward;
- delegation-only <boolean>;
+ delegation-only <boolean>; // deprecated
forward ( first | only );
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
};
zone <string> [ <class> ] {
type hint;
check-names ( fail | warn | ignore );
- delegation-only <boolean>;
+ delegation-only <boolean>; // deprecated
file <quoted_string>;
};
response-padding { <address_match_element>; ... } block-size <integer>;
response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
reuseport <boolean>;
- root-delegation-only [ exclude { <string>; ... } ];
+ root-delegation-only [ exclude { <string>; ... } ]; // deprecated
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
resolver-retry-interval <integer>;
response-padding { <address_match_element>; ... } block-size <integer>;
response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
- root-delegation-only [ exclude { <string>; ... } ];
+ root-delegation-only [ exclude { <string>; ... } ]; // deprecated
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
send-cookie <boolean>;
allow-query-on { <address_match_element>; ... };
check-names ( fail | warn | ignore );
database <string>;
- delegation-only <boolean>;
+ delegation-only <boolean>; // deprecated
dialup ( notify | notify-passive | passive | refresh | <boolean> );
file <quoted_string>;
forward ( first | only );
const cfg_obj_t *config, isc_symtab_t *symtab,
isc_symtab_t *files, isc_symtab_t *keydirs, isc_symtab_t *inview,
const char *viewname, dns_rdataclass_t defclass,
- cfg_aclconfctx_t *actx, isc_log_t *logctx, isc_mem_t *mctx) {
+ bool nodeprecate, cfg_aclconfctx_t *actx, isc_log_t *logctx,
+ isc_mem_t *mctx) {
const char *znamestr;
const char *typestr = NULL;
const char *target = NULL;
ztype = CFG_ZONE_HINT;
} else if (strcasecmp(typestr, "delegation-only") == 0) {
ztype = CFG_ZONE_DELEGATION;
+ if (!nodeprecate) {
+ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+ "'type delegation-only' is "
+ "deprecated");
+ }
} else if (strcasecmp(typestr, "redirect") == 0) {
ztype = CFG_ZONE_REDIRECT;
} else {
check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
const char *viewname, dns_rdataclass_t vclass,
isc_symtab_t *files, isc_symtab_t *keydirs, bool check_plugins,
- isc_symtab_t *inview, isc_log_t *logctx, isc_mem_t *mctx) {
+ bool nodeprecate, isc_symtab_t *inview, isc_log_t *logctx,
+ isc_mem_t *mctx) {
const cfg_obj_t *zones = NULL;
const cfg_obj_t *view_tkeys = NULL, *global_tkeys = NULL;
const cfg_obj_t *view_mkeys = NULL, *global_mkeys = NULL;
tresult = check_zoneconf(zone, voptions, config, symtab, files,
keydirs, inview, viewname, vclass,
- actx, logctx, mctx);
+ nodeprecate, actx, logctx, mctx);
if (tresult != ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
isc_result_t
isccfg_check_namedconf(const cfg_obj_t *config, bool check_plugins,
- isc_log_t *logctx, isc_mem_t *mctx) {
+ bool nodeprecate, isc_log_t *logctx, isc_mem_t *mctx) {
const cfg_obj_t *options = NULL;
const cfg_obj_t *views = NULL;
const cfg_obj_t *acls = NULL;
if (views == NULL) {
tresult = check_viewconf(config, NULL, NULL, dns_rdataclass_in,
- files, keydirs, check_plugins, inview,
- logctx, mctx);
+ files, keydirs, check_plugins,
+ nodeprecate, inview, logctx, mctx);
if (result == ISC_R_SUCCESS && tresult != ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
if (tresult == ISC_R_SUCCESS) {
tresult = check_viewconf(config, voptions, key, vclass,
files, keydirs, check_plugins,
- inview, logctx, mctx);
+ nodeprecate, inview, logctx,
+ mctx);
}
if (tresult != ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
isc_result_t
isccfg_check_namedconf(const cfg_obj_t *config, bool check_plugins,
- isc_log_t *logctx, isc_mem_t *mctx);
+ bool nodeprecate, isc_log_t *logctx, isc_mem_t *mctx);
/*%<
* Check the syntactic validity of a configuration parse tree generated from
* a named.conf file.
* If 'check_plugins' is true, load plugins and check the validity of their
* parameters as well.
*
+ * If 'nodeprecate' is true, do not warn about deprecated configuration.
+ *
* Requires:
*\li config is a valid parse tree
*
{ "response-padding", &cfg_type_resppadding, 0 },
{ "response-policy", &cfg_type_rpz, 0 },
{ "rfc2308-type1", NULL, CFG_CLAUSEFLAG_ANCIENT },
- { "root-delegation-only", &cfg_type_optional_exclude, 0 },
+ { "root-delegation-only", &cfg_type_optional_exclude,
+ CFG_CLAUSEFLAG_DEPRECATED },
{ "root-key-sentinel", &cfg_type_boolean, 0 },
{ "rrset-order", &cfg_type_rrsetorder, 0 },
{ "send-cookie", &cfg_type_boolean, 0 },
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR |
CFG_ZONE_STUB },
{ "delegation-only", &cfg_type_boolean,
- CFG_ZONE_HINT | CFG_ZONE_STUB | CFG_ZONE_FORWARD },
+ CFG_ZONE_HINT | CFG_ZONE_STUB | CFG_ZONE_FORWARD |
+ CFG_CLAUSEFLAG_DEPRECATED },
{ "dlz", &cfg_type_astring,
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_REDIRECT },
{ "file", &cfg_type_qstring,
projects / thirdparty / bind9.git / commitdiff
