clean up some deprecated/obsolete options and doc

- removed documentation of -S option from named man page - removed documentation of reserved-sockets from ARM - simplified documentation of dnssec-secure-to-insecure - it now just says it's obsolete rather than describing what it doesn't do anymore - marked three formerly obsolete options as ancient: parent-registration-delay, reserved-sockets, and suppress-initial-notify
2025-08-30 14:07:59 +00:00 · 2023-02-08 10:33:06 -08:00 · 2023-02-08 10:33:06 -08:00 · 362ba054cf
commit 362ba054cf
parent 06872bdd4e
7 changed files with 15 additions and 47 deletions
--- a/bin/named/config.c
+++ b/bin/named/config.c
@ -100,7 +100,6 @@ options {\n\
 	recursing-file \"named.recursing\";\n\
 	recursive-clients 1000;\n\
 	request-nsid false;\n\
-	reserved-sockets 512;\n\
 	resolver-query-timeout 10;\n\
 	rrset-order { order random; };\n\
 	secroots-file \"named.secroots\";\n\
--- a/bin/named/named.rst
+++ b/bin/named/named.rst
@ -143,22 +143,6 @@ Options
      This option is mainly of interest to BIND 9 developers and may be
      removed or changed in a future release.

-.. option:: -S #max-socks
-
-   This option is deprecated and no longer has any function.
-
-.. warning::
-
-      This option should be unnecessary for the vast majority of users.
-      The use of this option could even be harmful, because the specified
-      value may exceed the limitation of the underlying system API. It
-      is therefore set only when the default configuration causes
-      exhaustion of file descriptors and the operational environment is
-      known to support the specified number of sockets. Note also that
-      the actual maximum number is normally slightly fewer than the
-      specified value, because :program:`named` reserves some file descriptors
-      for its internal use.
-
 .. option:: -t directory

   This option tells :program:`named` to chroot to ``directory`` after processing the command-line arguments, but
--- a/bin/plugins/filter-aaaa.rst
+++ b/bin/plugins/filter-aaaa.rst
@ -30,7 +30,7 @@ Description

 Until BIND 9.12, this feature was implemented natively in :iscman:`named` and
 enabled with the ``filter-aaaa`` ACL and the ``filter-aaaa-on-v4`` and
-``filter-aaaa-on-v6`` options. These options are now deprecated in
+``filter-aaaa-on-v6`` options. These options are no longer available in
 :iscman:`named.conf` but can be passed as parameters to the
 ``filter-aaaa.so`` plugin, for example:

--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@ -2823,11 +2823,9 @@ Boolean Options
   ``yes``.

 .. namedconf:statement:: dnssec-secure-to-insecure
-   :tags: dnssec
-   :short: Allows a dynamic zone to transition from secure to insecure by deleting all DNSKEY records (obsoleted).
+   :tags: obsolete

-   This option used to allow a dynamic zone to transition from secure to insecure by deleting all DNSKEY records.
-   It has been obsoleted because DNSSEC key operations triggered by dynamic updates are no longer supported.
+   This option no longer has any effect.

 .. namedconf:statement:: synth-from-dnssec
   :tags: dnssec
@ -3774,11 +3772,6 @@ system.
   arguments are all fixed-point numbers with precision of 1/100; at
   most two places after the decimal point are significant.

-.. namedconf:statement:: reserved-sockets
-   :tags: deprecated
-
-   This option is deprecated and no longer has any effect.
-
 .. namedconf:statement:: max-cache-size
   :tags: server
   :short: Sets the maximum amount of memory to use for an individual cache database and its associated metadata.
@ -7214,9 +7207,6 @@ Zone Options
   The use of this option in :any:`zone` blocks is deprecated and
   will be rendered nonoperational in a future release.

-:any:`dnssec-secure-to-insecure`
-   See the description of :any:`dnssec-secure-to-insecure` in :ref:`boolean_options`.
-
 .. _dynamic_update_policies:

 Dynamic Update Policies
--- a/doc/misc/options
+++ b/doc/misc/options
@ -17,7 +17,6 @@ dnssec-policy <string> {
 	nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
 	parent-ds-ttl <duration>;
 	parent-propagation-delay <duration>;
-	parent-registration-delay <duration>; // obsolete
 	publish-safety <duration>;
 	purge-keys <duration>;
 	retire-safety <duration>;
@ -244,7 +243,6 @@ options {
 	request-ixfr <boolean>;
 	request-nsid <boolean>;
 	require-server-cookie <boolean>;
-	reserved-sockets <integer>; // deprecated
 	resolver-nonbackoff-tries <integer>;
 	resolver-query-timeout <integer>;
 	resolver-retry-interval <integer>;
@ -275,7 +273,6 @@ options {
 	stale-refresh-time <duration>;
 	startup-notify-rate <integer>;
 	statistics-file <quoted_string>;
-	suppress-initial-notify <boolean>; // obsolete
 	synth-from-dnssec <boolean>;
 	tcp-advertised-timeout <integer>;
 	tcp-clients <integer>;
@ -568,7 +565,6 @@ view <string> [ <class> ] {
 	stale-answer-ttl <duration>;
 	stale-cache-enable <boolean>;
 	stale-refresh-time <duration>;
-	suppress-initial-notify <boolean>; // obsolete
 	synth-from-dnssec <boolean>;
 	transfer-format ( many-answers | one-answer );
 	transfer-source ( <ipv4_address> | * );
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@ -90,16 +90,15 @@ typedef enum {
 					      */
 	DNS_ZONEOPT_NOTIFYTOSOA = 1 << 21,   /*%< Notify the SOA MNAME */
 	DNS_ZONEOPT_NSEC3TESTZONE = 1 << 22, /*%< nsec3-test-zone */
-	DNS_ZONEOPT_SECURETOINSECURE = 1 << 23, /*%< dnssec-secure-to-insecure,
-						 * obsoleted */
-	DNS_ZONEOPT_DNSKEYKSKONLY = 1 << 24,	/*%< dnssec-dnskey-kskonly */
-	DNS_ZONEOPT_CHECKDUPRR = 1 << 25,	/*%< check-dup-records */
-	DNS_ZONEOPT_CHECKDUPRRFAIL = 1 << 26,	/*%< fatal check-dup-records
-						 * failures */
-	DNS_ZONEOPT_CHECKSPF = 1 << 27,		/*%< check SPF records */
-	DNS_ZONEOPT_CHECKTTL = 1 << 28,		/*%< check max-zone-ttl */
-	DNS_ZONEOPT_AUTOEMPTY = 1 << 29,	/*%< automatic empty zone */
-	DNS_ZONEOPT_CHECKSVCB = 1 << 30,	/*%< check SVBC records */
+	/* DNS_ZONEOPT_SECURETOINSECURE = 1 << 23, */
+	DNS_ZONEOPT_DNSKEYKSKONLY = 1 << 24,  /*%< dnssec-dnskey-kskonly */
+	DNS_ZONEOPT_CHECKDUPRR = 1 << 25,     /*%< check-dup-records */
+	DNS_ZONEOPT_CHECKDUPRRFAIL = 1 << 26, /*%< fatal check-dup-records
+					       * failures */
+	DNS_ZONEOPT_CHECKSPF = 1 << 27,	      /*%< check SPF records */
+	DNS_ZONEOPT_CHECKTTL = 1 << 28,	      /*%< check max-zone-ttl */
+	DNS_ZONEOPT_AUTOEMPTY = 1 << 29,      /*%< automatic empty zone */
+	DNS_ZONEOPT_CHECKSVCB = 1 << 30,      /*%< check SVBC records */
 	DNS_ZONEOPT___MAX = UINT64_MAX, /* trick to make the ENUM 64-bit wide */
 } dns_zoneopt_t;

--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@ -1307,7 +1307,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "recursing-file", &cfg_type_qstring, 0 },
 	{ "recursive-clients", &cfg_type_uint32, 0 },
 	{ "reuseport", &cfg_type_boolean, 0 },
-	{ "reserved-sockets", &cfg_type_uint32, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "reserved-sockets", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
 	{ "secroots-file", &cfg_type_qstring, 0 },
 	{ "serial-queries", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "serial-query-rate", &cfg_type_uint32, 0 },
@ -2152,7 +2152,7 @@ static cfg_clausedef_t view_clauses[] = {
 	{ "stale-cache-enable", &cfg_type_boolean, 0 },
 	{ "stale-refresh-time", &cfg_type_duration, 0 },
 	{ "suppress-initial-notify", &cfg_type_boolean,
-	  CFG_CLAUSEFLAG_OBSOLETE },
+	  CFG_CLAUSEFLAG_ANCIENT },
 	{ "synth-from-dnssec", &cfg_type_boolean, 0 },
 	{ "topology", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "transfer-format", &cfg_type_transferformat, 0 },
@ -2201,7 +2201,7 @@ static cfg_clausedef_t dnssecpolicy_clauses[] = {
 	{ "parent-ds-ttl", &cfg_type_duration, 0 },
 	{ "parent-propagation-delay", &cfg_type_duration, 0 },
 	{ "parent-registration-delay", &cfg_type_duration,
-	  CFG_CLAUSEFLAG_OBSOLETE },
+	  CFG_CLAUSEFLAG_ANCIENT },
 	{ "publish-safety", &cfg_type_duration, 0 },
 	{ "purge-keys", &cfg_type_duration, 0 },
 	{ "retire-safety", &cfg_type_duration, 0 },