diff --git a/bin/named/config.c b/bin/named/config.c index 17b01ec9e1..1824f7da95 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -50,16 +50,12 @@ options {\n\ answer-cookie true;\n\ automatic-interface-scan yes;\n\ bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\ -# blackhole {none;};\n" - " cookie-algorithm siphash24;\n" - " coresize default;\n\ - datasize default;\n" - "\ +# blackhole {none;};\n\ + cookie-algorithm siphash24;\n\ # directory \n\ dnssec-policy \"none\";\n\ dump-file \"named_dump.db\";\n\ - edns-udp-size 1232;\n\ - files unlimited;\n" + edns-udp-size 1232;\n" #if defined(HAVE_GEOIP2) "\ geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP\";\n" @@ -115,7 +111,6 @@ options {\n\ session-keyalg hmac-sha256;\n\ # session-keyfile \"" NAMED_LOCALSTATEDIR "/run/named/session.key\";\n\ session-keyname local-ddns;\n\ - stacksize default;\n\ startup-notify-rate 20;\n\ statistics-file \"named.stats\";\n\ tcp-advertised-timeout 300;\n\ diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index ebacca1524..de22349678 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -109,9 +109,6 @@ EXTERN cfg_aclconfctx_t *named_g_aclconfctx INIT(NULL); /* * Initial resource limits. */ -EXTERN isc_resourcevalue_t named_g_initstacksize INIT(0); -EXTERN isc_resourcevalue_t named_g_initdatasize INIT(0); -EXTERN isc_resourcevalue_t named_g_initcoresize INIT(0); EXTERN isc_resourcevalue_t named_g_initopenfiles INIT(0); /* diff --git a/bin/named/main.c b/bin/named/main.c index 9d0207a3b8..59706f1f24 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1219,15 +1219,6 @@ setup(void) { /* * Get the initial resource limits. */ - RUNTIME_CHECK(isc_resource_getlimit(isc_resource_stacksize, - &named_g_initstacksize) == - ISC_R_SUCCESS); - RUNTIME_CHECK(isc_resource_getlimit(isc_resource_datasize, - &named_g_initdatasize) == - ISC_R_SUCCESS); - RUNTIME_CHECK(isc_resource_getlimit(isc_resource_coresize, - &named_g_initcoresize) == - ISC_R_SUCCESS); RUNTIME_CHECK(isc_resource_getlimit(isc_resource_openfiles, &named_g_initopenfiles) == ISC_R_SUCCESS); diff --git a/bin/named/server.c b/bin/named/server.c index 0962230718..63535328a0 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -52,7 +52,6 @@ #include #include #include -#include #include #include #include @@ -7438,51 +7437,6 @@ setoptstring(named_server_t *server, char **field, const cfg_obj_t *obj) { } } -static void -set_limit(const cfg_obj_t **maps, const char *configname, - const char *description, isc_resource_t resourceid, - isc_resourcevalue_t defaultvalue) { - const cfg_obj_t *obj = NULL; - const char *resource; - isc_resourcevalue_t value; - isc_result_t result; - - if (named_config_get(maps, configname, &obj) != ISC_R_SUCCESS) { - return; - } - - if (cfg_obj_isstring(obj)) { - resource = cfg_obj_asstring(obj); - if (strcasecmp(resource, "unlimited") == 0) { - value = ISC_RESOURCE_UNLIMITED; - } else { - INSIST(strcasecmp(resource, "default") == 0); - value = defaultvalue; - } - } else { - value = cfg_obj_asuint64(obj); - } - - result = isc_resource_setlimit(resourceid, value); - isc_log_write( - named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, - result == ISC_R_SUCCESS ? ISC_LOG_DEBUG(3) : ISC_LOG_WARNING, - "set maximum %s to %" PRIu64 ": %s", description, value, - isc_result_totext(result)); -} - -#define SETLIMIT(cfgvar, resource, description) \ - set_limit(maps, cfgvar, description, isc_resource_##resource, \ - named_g_init##resource) - -static void -set_limits(const cfg_obj_t **maps) { - SETLIMIT("stacksize", stacksize, "stack size"); - SETLIMIT("datasize", datasize, "data size"); - SETLIMIT("coresize", coresize, "core size"); - SETLIMIT("files", openfiles, "open files"); -} - static void portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports, bool positive) { @@ -8575,11 +8529,6 @@ load_configuration(const char *filename, named_server_t *server, server->bindkeysfile); } - /* - * Set process limits, which (usually) needs to be done as root. - */ - set_limits(maps); - /* * Check the process lockfile. */ diff --git a/conftools/perllib/dnsconf/DNSConf.i b/conftools/perllib/dnsconf/DNSConf.i index 7e2cf0e0e2..db548bc499 100644 --- a/conftools/perllib/dnsconf/DNSConf.i +++ b/conftools/perllib/dnsconf/DNSConf.i @@ -283,10 +283,6 @@ INT_FIELD_DEFS(recursiveclients) INT_FIELD_DEFS(minroots) INT_FIELD_DEFS(serialqueries) INT_FIELD_DEFS(sigvalidityinterval) -INT_FIELD_DEFS(datasize) -INT_FIELD_DEFS(stacksize) -INT_FIELD_DEFS(coresize) -INT_FIELD_DEFS(files) INT_FIELD_DEFS(maxcachesize) INT_FIELD_DEFS(maxncachettl) INT_FIELD_DEFS(maxcachettl) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index cb2bd6b71b..de69a4c0b6 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -3626,58 +3626,6 @@ options apply to zone transfers. This option acts like :any:`notify-source`, but applies to ``NOTIFY`` messages sent to IPv6 addresses. -.. _resource_limits: - -Operating System Resource Limits -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The server's usage of many system resources can be limited. Scaled -values are allowed when specifying resource limits. For example, ``1G`` -can be used instead of ``1073741824`` to specify a limit of one -gigabyte. ``unlimited`` requests unlimited use, or the maximum available -amount. ``default`` uses the limit that was in force when the server was -started. See the description of :term:`size`. - -The following options are deprecated in favor of setting the operating system -resource limits from the operating system and/or process supervisor, should not -be used, and will be rendered non-operational in a future release. - - -.. namedconf:statement:: coresize - :tags: deprecated - :short: Sets the maximum size of a core dump. - - This sets the maximum size of a core dump. The default is ``default``. - -.. namedconf:statement:: datasize - :tags: deprecated - :short: Sets the maximum amount of data memory that can be used by the server. - - This sets the maximum amount of data memory the server may use. The default is - ``default``. This is a hard limit on server memory usage; if the - server attempts to allocate memory in excess of this limit, the - allocation will fail, which may in turn leave the server unable to - perform DNS service. Therefore, this option is rarely useful as a way - to limit the amount of memory used by the server, but it can be - used to raise an operating system data size limit that is too small - by default. To limit the amount of memory used by the - server, use the :any:`max-cache-size` and :any:`recursive-clients` options - instead. - -.. namedconf:statement:: files - :tags: deprecated - :short: Sets the maximum number of files the server may have open concurrently. - - This sets the maximum number of files the server may have open concurrently. - The default is ``unlimited``. - -.. namedconf:statement:: stacksize - :tags: deprecated - :short: Sets the maximum amount of stack memory that can be used by the server. - - This sets the maximum amount of stack memory the server may use. The default is - ``default``. - .. _server_resource_limits: Server Resource Limits diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index dbd6e9d901..b03ef74839 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -152,8 +152,6 @@ options { clients\-per\-query ; cookie\-algorithm ( aes | siphash24 ); cookie\-secret ; // may occur multiple times - coresize ( default | unlimited | ); // deprecated - datasize ( default | unlimited | ); // deprecated deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; dialup ( notify | notify\-passive | passive | refresh | ); @@ -196,7 +194,6 @@ options { fetch\-quota\-params ; fetches\-per\-server [ ( drop | fail ) ]; fetches\-per\-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); // deprecated flush\-zones\-on\-shutdown ; forward ( first | only ); forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; @@ -331,7 +328,6 @@ options { sig\-signing\-type ; sig\-validity\-interval [ ]; sortlist { ; ... }; - stacksize ( default | unlimited | ); // deprecated stale\-answer\-client\-timeout ( disabled | off | ); stale\-answer\-enable ; stale\-answer\-ttl ; diff --git a/doc/misc/options b/doc/misc/options index 97462e7a2d..ce8f20a917 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -95,8 +95,6 @@ options { clients-per-query ; cookie-algorithm ( aes | siphash24 ); cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); // deprecated - datasize ( default | unlimited | ); // deprecated deny-answer-addresses { ; ... } [ except-from { ; ... } ]; deny-answer-aliases { ; ... } [ except-from { ; ... } ]; dialup ( notify | notify-passive | passive | refresh | ); @@ -139,7 +137,6 @@ options { fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); // deprecated flush-zones-on-shutdown ; forward ( first | only ); forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; @@ -274,7 +271,6 @@ options { sig-signing-type ; sig-validity-interval [ ]; sortlist { ; ... }; - stacksize ( default | unlimited | ); // deprecated stale-answer-client-timeout ( disabled | off | ); stale-answer-enable ; stale-answer-ttl ; diff --git a/fuzz/isc_lex_gettoken.in/named.conf b/fuzz/isc_lex_gettoken.in/named.conf index dd46100b6b..d00c2c526d 100644 --- a/fuzz/isc_lex_gettoken.in/named.conf +++ b/fuzz/isc_lex_gettoken.in/named.conf @@ -165,11 +165,7 @@ options { #maintain - ixfr - base no; // If yes, keep transaction log file for IXFR max - ixfr - log - size 20m; - coresize 100; - datasize 101; - files 230; max - cache - size 1m; - stacksize 231; heartbeat - interval 1001; interface - interval 1002; statistics - interval 1003; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 8336b1a58f..9543c1a02e 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1219,8 +1219,8 @@ static cfg_clausedef_t options_clauses[] = { { "blackhole", &cfg_type_bracketed_aml, 0 }, { "cookie-algorithm", &cfg_type_cookiealg, 0 }, { "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI }, - { "coresize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED }, - { "datasize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED }, + { "coresize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, + { "datasize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, { "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK }, #ifdef HAVE_DNSTAP @@ -1237,7 +1237,7 @@ static cfg_clausedef_t options_clauses[] = { { "dscp", &cfg_type_uint32, 0 }, { "dump-file", &cfg_type_qstring, 0 }, { "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT }, - { "files", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED }, + { "files", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, { "flush-zones-on-shutdown", &cfg_type_boolean, 0 }, #ifdef HAVE_DNSTAP { "fstrm-set-buffer-hint", &cfg_type_uint32, 0 }, @@ -1319,7 +1319,7 @@ static cfg_clausedef_t options_clauses[] = { { "session-keyfile", &cfg_type_qstringornone, 0 }, { "session-keyname", &cfg_type_astring, 0 }, { "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT }, - { "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED }, + { "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, { "startup-notify-rate", &cfg_type_uint32, 0 }, { "statistics-file", &cfg_type_qstring, 0 }, { "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },