--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone "test" {
+ type primary;
+ file "test.db";
+ auto-dnssec maintain;
+};
# dnssec.2: auto-dnssec warning
$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1
grep 'auto-dnssec may only be ' < checkconf.out$n.2 > /dev/null || ret=1
-# dnssec.3: should have no warnings
+# dnssec.3: should have no warnings (other than deprecation warning)
$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1
-grep '.*' < checkconf.out$n.3 > /dev/null && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; fi
+grep "option 'auto-dnssec' is deprecated" < checkconf.out$n.3 > /dev/null || ret=1
+lines=$(wc -l < "checkconf.out$n.3")
+if [ $lines != 1 ]; then ret=1; fi
+# dnssec.4: should have specific deprecation warning
+$CHECKCONF dnssec.4 > checkconf.out$n.4 2>&1
+grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" < checkconf.out$n.4 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
* ) ] [ dscp <integer> ];
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
cache-file <quoted_string>; // deprecated
catalog-zones { zone <string> [ default-masters [ port <integer> ]
[ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port
<integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
* ) ] [ dscp <integer> ];
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
cache-file <quoted_string>; // deprecated
catalog-zones { zone <string> [ default-masters [ port <integer> ]
[ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port
<integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- auto-dnssec ( allow | maintain | off );
+ auto-dnssec ( allow | maintain | off ); // deprecated
check-names ( fail | warn | ignore );
database <string>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
res3 = cfg_map_get(zoptions, "auto-dnssec", &obj);
if (res3 == ISC_R_SUCCESS) {
arg = cfg_obj_asstring(obj);
+ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+ "'auto-dnssec' option is deprecated and "
+ "will be removed in BIND 9.19. Please "
+ "migrate to dnssec-policy");
}
if (strcasecmp(arg, "off") != 0) {
if (!ddns && !signing && !has_dnssecpolicy) {
{ "alt-transfer-source-v6", &cfg_type_sockaddr6wild,
CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
{ "auto-dnssec", &cfg_type_autodnssec,
- CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY },
+ CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_CLAUSEFLAG_DEPRECATED },
{ "check-dup-records", &cfg_type_checkmode, CFG_ZONE_PRIMARY },
{ "check-integrity", &cfg_type_boolean, CFG_ZONE_PRIMARY },
{ "check-mx", &cfg_type_checkmode, CFG_ZONE_PRIMARY },
projects / thirdparty / bind9.git / commitdiff
