+4801. [func] 'dnssec-lookaside auto;' and 'dnssec-lookaside .
+ trust-anchor dlv.isc.org;' now elicit warnings rather
+ than being fatal configuration errors. [RT #46410]
+
4800. [bug] When processing delzone, write one zone config per
line to the NZF. [RT #46323]
- Removed DLV key from bind.keys
- No longer use ISC DLV by default in delv
- "dnssec-lookaside auto" and configuration of
- "dnssec-lookaide" with dlv.isc.org as trust
+ "dnssec-lookaide" with dlv.isc.org as the trust
anchor are both now fatal errors.
[RT #46155]
if (!strcasecmp(dom, "no")) {
result = ISC_R_NOTFOUND;
} else if (!strcasecmp(dom, "auto")) {
- cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
- "WARNING: the DLV server at "
- "'dlv.isc.org' is no longer "
- "in service; dnssec-lookaside "
- "ignored");
+ /*
+ * Warning logged by libbind9.
+ */
result = ISC_R_NOTFOUND;
}
}
CHECK(dns_name_fromstring(dlv, cfg_obj_asstring(obj),
DNS_NAME_DOWNCASE, NULL));
if (dns_name_equal(dlv, iscdlv)) {
- cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
- "WARNING: the DLV server at "
- "'dlv.isc.org' is no longer "
- "in service; dnssec-lookaside "
- "ignored");
+ /*
+ * Warning logged by libbind9.
+ */
view->dlv = NULL;
} else {
view->dlv = dlv;
--- /dev/null
+/*
+ * Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+options {
+ dnssec-lookaside . trust-anchor dlv.example.com;
+};
if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
status=`expr $status + $ret`
+n=`expr $n + 1`
+echo "I: check that 'dnssec-lookaside auto;' generates a warning ($n)"
+ret=0
+$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
+grep "dnssec-lookaside 'auto' is no longer supported" checkconf.out$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I: check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
+ret=0
+$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
+grep "dlv.isc.org has been shut down" checkconf.out$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I: check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)"
+ret=0
+$CHECKCONF good-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
+[ -s checkconf.out$n ] && ret=1
+if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
<itemizedlist>
<listitem>
<para>
- The ISC DNSSEC Lookaside Validation (DLV) service has been shut
- down; all DLV records in the dlv.isc.org zone have been removed.
- References to the service have been removed from BIND documentation.
- Lookaside validation is no longer used by default by
- <command>delv</command>. The DLV key has been removed from
- <filename>bind.keys</filename>. Setting
- <command>dnssec-lookaside</command> to
+ The ISC DNSSEC Lookaside Validation (DLV) service has
+ been shut down; all DLV records in the dlv.isc.org zone
+ have been removed. References to the service have been
+ removed from BIND documentation. Lookaside validation
+ is no longer used by default by <command>delv</command>.
+ The DLV key has been removed from <filename>bind.keys</filename>.
+ Setting <command>dnssec-lookaside</command> to
<command>auto</command> or to use dlv.isc.org as a trust
- anchor is now a fatal configuration error. [RT #46155]
+ anchor results in a warning being issued.
</para>
</listitem>
<listitem>
continue;
}
if (!strcasecmp(dlv, "auto")) {
- cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"dnssec-lookaside 'auto' "
"is no longer supported");
- if (result == ISC_R_SUCCESS)
- result = ISC_R_FAILURE;
continue;
}
}
continue;
}
if (dns_name_equal(&dlviscorg, name)) {
- cfg_obj_log(anchor, logctx, ISC_LOG_ERROR,
+ cfg_obj_log(anchor, logctx, ISC_LOG_WARNING,
"dlv.isc.org has been shut down");
- if (result == ISC_R_SUCCESS)
- result = ISC_R_FAILURE;
continue;
}
}
projects / thirdparty / bind9.git / commitdiff
