remove configuration, syntax checking and implementation of dnssec-enable

author Evan Hunt <each@isc.org>

Tue, 12 Mar 2019 01:34:08 +0000 (18:34 -0700)

committer Evan Hunt <each@isc.org>

Fri, 15 Mar 2019 06:29:07 +0000 (23:29 -0700)
author Evan Hunt <each@isc.org>
Tue, 12 Mar 2019 01:34:08 +0000 (18:34 -0700)
committer Evan Hunt <each@isc.org>
Fri, 15 Mar 2019 06:29:07 +0000 (23:29 -0700)
diff --git a/bin/named/config.c b/bin/named/config.c

index a1bec1e8ce44ddee12ebf9382ce427d950cbe54c..f9a8db2f0bcf809ce1c2186f1e9f0f4529bd1c77 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -143,7 +143,6 @@ options {\n\
         cleaning-interval 0;  /* now meaningless */\n\
         clients-per-query 10;\n\
         dnssec-accept-expired no;\n\
-       dnssec-enable yes;\n\
         dnssec-validation " VALIDATION_DEFAULT "; \n"
  #ifdef HAVE_DNSTAP
  "      dnstap-identity hostname;\n"
diff --git a/bin/named/server.c b/bin/named/server.c

index 807b0379ddf4e41e5404580e37b5697dc2ca4d52..6857416a4d7e29d9cbf94aead8631219600af0dc 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -4140,27 +4140,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
         INSIST(result == ISC_R_SUCCESS);
         view->acceptexpired = cfg_obj_asboolean(obj);
  
-       obj = NULL;
-       result = named_config_get(maps, "dnssec-enable", &obj);
-       INSIST(result == ISC_R_SUCCESS);
-       view->enablednssec = cfg_obj_asboolean(obj);
-
         obj = NULL;
         /* 'optionmaps', not 'maps': don't check named_g_defaults yet */
         (void)named_config_get(optionmaps, "dnssec-validation", &obj);
         if (obj == NULL) {
                 /*
-                * If dnssec-enable is yes, then we default to
-                * VALIDATION_DEFAULT as set in config.c. Otherwise
-                * we default to "no".
+                * Default to VALIDATION_DEFAULT as set in config.c.
                  */
-               if (view->enablednssec) {
-                       (void)cfg_map_get(named_g_defaults,
-                                         "dnssec-validation", &obj);
-                       INSIST(obj != NULL);
-               } else {
-                       view->enablevalidation = false;
-               }
+               (void)cfg_map_get(named_g_defaults, "dnssec-validation", &obj);
+               INSIST(obj != NULL);
         }
         if (obj != NULL) {
                 if (cfg_obj_isboolean(obj)) {
diff --git a/lib/bind9/check.c b/lib/bind9/check.c

index b9ea978875961dacca4349094b1ccb4a7e76a233..813cb7930bceeb921b55e92a5b02cb733596e6ca 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -3454,8 +3454,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
         const cfg_obj_t *options = NULL;
         const cfg_obj_t *opts = NULL;
         const cfg_obj_t *plugin_list = NULL;
-       bool enablednssec, enablevalidation;
-       const char *valstr = "no";
         unsigned int tflags, mflags;
  
         /*
@@ -3606,40 +3604,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
  
         isc_symtab_destroy(&symtab);
  
-       /*
-        * Check that dnssec-enable/dnssec-validation are sensible.
-        */
-       obj = NULL;
-       if (voptions != NULL)
-               (void)cfg_map_get(voptions, "dnssec-enable", &obj);
-       if (obj == NULL && options != NULL)
-               (void)cfg_map_get(options, "dnssec-enable", &obj);
-       if (obj == NULL)
-               enablednssec = true;
-       else
-               enablednssec = cfg_obj_asboolean(obj);
-
-       obj = NULL;
-       if (voptions != NULL)
-               (void)cfg_map_get(voptions, "dnssec-validation", &obj);
-       if (obj == NULL && options != NULL)
-               (void)cfg_map_get(options, "dnssec-validation", &obj);
-       if (obj == NULL) {
-               enablevalidation = enablednssec;
-               valstr = "yes";
-       } else if (cfg_obj_isboolean(obj)) {
-               enablevalidation = cfg_obj_asboolean(obj);
-               valstr = enablevalidation ? "yes" : "no";
-       } else {
-               enablevalidation = true;
-               valstr = "auto";
-       }
-
-       if (enablevalidation && !enablednssec)
-               cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
-                           "'dnssec-validation %s;' and 'dnssec-enable no;'",
-                           valstr);
-
         /*
          * Check trusted-keys and managed-keys.
          */
diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h

index f17e9733d0d764520c9c2a7933bd4c4d6c48f859..69e91fa716f037679e205e510ac298c8bd1da155 100644 (file)
--- a/lib/dns/include/dns/view.h
+++ b/lib/dns/include/dns/view.h
@@ -123,7 +123,6 @@ struct dns_view {
         bool                            use_glue_cache;
         bool                            minimal_any;
         dns_minimaltype_t               minimalresponses;
-       bool                            enablednssec;
         bool                            enablevalidation;
         bool                            acceptexpired;
         bool                            requireservercookie;
diff --git a/lib/dns/view.c b/lib/dns/view.c

index 5b821d38db5870b81228f0242c641cbdb2655e4e..cb89730c77cccc91af154967bec0be86c4b9a416 100644 (file)
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -179,7 +179,6 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
         view->qminimization = false;
         view->qmin_strict = false;
         view->auth_nxdomain = false; /* Was true in BIND 8 */
-       view->enablednssec = true;
         view->enablevalidation = true;
         view->acceptexpired = false;
         view->use_glue_cache = false;
diff --git a/lib/ns/query.c b/lib/ns/query.c

index fda6246645f172ead3c862506a068c8b76253f3a..57d8b17ecd13f694552d98dda5e388ed992f17f3 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -10787,14 +10787,6 @@ ns_query_start(ns_client_t *client) {
          */
         client->next = query_next_callback;
  
-       /*
-        * Behave as if we don't support DNSSEC if not enabled.
-        */
-       if (!client->view->enablednssec) {
-               message->flags &= ~DNS_MESSAGEFLAG_CD;
-               client->extflags &= ~DNS_MESSAGEEXTFLAG_DO;
-       }
-
         if ((message->flags & DNS_MESSAGEFLAG_RD) != 0)
                 client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
author	Evan Hunt <each@isc.org>
	Tue, 12 Mar 2019 01:34:08 +0000 (18:34 -0700)
committer	Evan Hunt <each@isc.org>
	Fri, 15 Mar 2019 06:29:07 +0000 (23:29 -0700)
bin/named/config.c		patch \| blob \| blame \| history
bin/named/server.c		patch \| blob \| blame \| history
lib/bind9/check.c		patch \| blob \| blame \| history
lib/dns/include/dns/view.h		patch \| blob \| blame \| history
lib/dns/view.c		patch \| blob \| blame \| history
lib/ns/query.c		patch \| blob \| blame \| history