Remove namedconf port/tls deprecated check on *-source[-v6] options

The usage of port and tls arguments in *-source and *-source-v6 named configuration options has been previously removed. Remove configuration check deprecating usage of those arguments.
2025-08-29 13:38:26 +00:00 · 2024-11-12 10:10:12 +01:00 · 2024-11-12 10:10:12 +01:00 · 642776a976
commit 642776a976
parent a3e03b52e2
2 changed files with 4 additions and 43 deletions
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -1269,7 +1269,7 @@ cleanup:
 */
 static isc_result_t
 get_view_querysource_dispatch(const cfg_obj_t **maps, int af,
-			      dns_dispatch_t **dispatchp, bool is_firstview) {
+			      dns_dispatch_t **dispatchp) {
 	isc_result_t result = ISC_R_FAILURE;
 	dns_dispatch_t *disp = NULL;
 	isc_sockaddr_t sa;
@ -1290,6 +1290,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af,

 	sa = *(cfg_obj_assockaddr(obj));
 	INSIST(isc_sockaddr_pf(&sa) == af);
+	INSIST(isc_sockaddr_getport(&sa) == 0);

 	/*
 	 * If we don't support this address family, we're done!
@ -1311,16 +1312,6 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af,
 	/*
 	 * Try to find a dispatcher that we can share.
 	 */
-	if (isc_sockaddr_getport(&sa) != 0) {
-		INSIST(obj != NULL);
-		if (is_firstview) {
-			cfg_obj_log(obj, ISC_LOG_INFO,
-				    "using specific query-source port "
-				    "suppresses port randomization and can be "
-				    "insecure.");
-		}
-	}
-
 	result = dns_dispatch_createudp(named_g_dispatchmgr, &sa, &disp);
 	if (result != ISC_R_SUCCESS) {
 		isc_sockaddr_t any;
@ -4506,12 +4497,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 	/*
 	 * Resolver.
 	 */
-	CHECK(get_view_querysource_dispatch(
-		maps, AF_INET, &dispatch4,
-		(ISC_LIST_PREV(view, link) == NULL)));
-	CHECK(get_view_querysource_dispatch(
-		maps, AF_INET6, &dispatch6,
-		(ISC_LIST_PREV(view, link) == NULL)));
+	CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4));
+	CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6));
 	if (dispatch4 == NULL && dispatch6 == NULL) {
 		UNEXPECTED_ERROR("unable to obtain either an IPv4 or"
 				 " an IPv6 dispatch");
--- a/lib/isccfg/check.c
+++ b/lib/isccfg/check.c
@ -3134,10 +3134,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		"allow-update",
 		"allow-update-forwarding",
 	};
-	static const char *sources[] = {
-		"transfer-source",  "transfer-source-v6", "notify-source",
-		"notify-source-v6", "parental-source",	  "parental-source-v6",
-	};

 	znamestr = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));

@ -3582,28 +3578,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		}
 	}

-	/*
-	 * Warn if *-source and *-source-v6 options specify a port,
-	 * and fail if they specify the default listener port.
-	 */
-	for (i = 0; i < ARRAY_SIZE(sources); i++) {
-		obj = NULL;
-		(void)cfg_map_get(zoptions, sources[i], &obj);
-		if (obj == NULL && goptions != NULL) {
-			(void)cfg_map_get(goptions, sources[i], &obj);
-		}
-		if (obj != NULL) {
-			in_port_t port =
-				isc_sockaddr_getport(cfg_obj_assockaddr(obj));
-			if (port != 0) {
-				cfg_obj_log(obj, ISC_LOG_ERROR,
-					    "'%s': specifying a port is "
-					    "deprecated",
-					    sources[i]);
-			}
-		}
-	}
-
 	/*
 	 * Primary and secondary zones that have a "parental-agents" field,
 	 * must have a corresponding "parental-agents" clause.