chg: usr: The configuration clauses parental-agents and primaries are renamed to remote-servers

The top blocks 'primaries' and 'parental-agents' are no longer preferred and should be renamed to 'remote-servers'. The zone statements 'parental-agents' and 'primaries' are still used, and may refer to any 'remote-servers' top block.

Closes #4544

Merge branch '4544-primaries-block-documentation-issues' into 'main'

See merge request isc-projects/bind9!9822

bin/named/config.c

@@ -331,7 +331,7 @@ dnssec-policy \"insecure\" {\n\
 
 			    "# END TRUST ANCHORS\n\
 \n\
-primaries " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
+remote-servers " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
 	2801:1b8:10::b;		# b.root-servers.net\n\
 	2001:500:2::c;		# c.root-servers.net\n\
 	2001:500:2f::f;		# f.root-servers.net\n\
@@ -503,9 +503,9 @@ named_config_getzonetype(const cfg_obj_t *zonetypeobj) {
 	return ztype;
 }
 
-static isc_result_t
+isc_result_t
-getremotesdef(const cfg_obj_t *cctx, const char *list, const char *name,
+named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
-	      const cfg_obj_t **ret) {
+			   const char *name, const cfg_obj_t **ret) {
 	isc_result_t result;
 	const cfg_obj_t *obj = NULL;
 	const cfg_listelt_t *elt;
@@ -532,23 +532,6 @@ getremotesdef(const cfg_obj_t *cctx, const char *list, const char *name,
 	return ISC_R_NOTFOUND;
 }
 
-isc_result_t
-named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
-			   const char *name, const cfg_obj_t **ret) {
-	isc_result_t result;
-
-	if (strcmp(list, "parental-agents") == 0) {
-		return getremotesdef(cctx, list, name, ret);
-	} else if (strcmp(list, "primaries") == 0) {
-		result = getremotesdef(cctx, list, name, ret);
-		if (result != ISC_R_SUCCESS) {
-			result = getremotesdef(cctx, "masters", name, ret);
-		}
-		return result;
-	}
-	return ISC_R_NOTFOUND;
-}
-
 static isc_result_t
 named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
 		     dns_name_t **namep) {
@@ -597,10 +580,12 @@ named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
 		oldlen = newlen;                                    \
 	}
 
+static const char *remotesnames[4] = { "remote-servers", "parental-agents",
+				       "primaries", "masters" };
+
 isc_result_t
-named_config_getipandkeylist(const cfg_obj_t *config, const char *listtype,
+named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
-			     const cfg_obj_t *list, isc_mem_t *mctx,
+			     isc_mem_t *mctx, dns_ipkeylist_t *ipkl) {
-			     dns_ipkeylist_t *ipkl) {
 	uint32_t addrcount = 0, srccount = 0;
 	uint32_t keycount = 0, tlscount = 0;
 	uint32_t listcount = 0, l = 0, i = 0;
@@ -683,8 +668,6 @@ newlist:
 		isc_sockaddr_any6(&src6);
 	}
 
-	result = ISC_R_NOMEMORY;
-
 	element = cfg_list_first(addrlist);
 resume:
 	for (; element != NULL; element = cfg_list_next(element)) {
@@ -715,17 +698,22 @@ resume:
 				continue;
 			}
 			list = NULL;
-			tresult = named_config_getremotesdef(config, listtype,
+			tresult = ISC_R_NOTFOUND;
-							     listname, &list);
+			for (size_t n = 0; n < ARRAY_SIZE(remotesnames); n++) {
+				tresult = named_config_getremotesdef(
+					config, remotesnames[n], listname,
+					&list);
+				if (tresult == ISC_R_SUCCESS) {
+					break;
+				}
+			}
 			if (tresult == ISC_R_NOTFOUND) {
 				cfg_obj_log(addr, ISC_LOG_ERROR,
-					    "%s \"%s\" not found", listtype,
+					    "remote-servers \"%s\" not found",
 					    listname);
-
-				result = tresult;
-				goto cleanup;
 			}
 			if (tresult != ISC_R_SUCCESS) {
+				result = tresult;
 				goto cleanup;
 			}
 			lists[l++].name = listname;

bin/named/include/named/config.h

@@ -57,9 +57,8 @@ named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
 			   const char *name, const cfg_obj_t **ret);
 
 isc_result_t
-named_config_getipandkeylist(const cfg_obj_t *config, const char *listtype,
+named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
-			     const cfg_obj_t *list, isc_mem_t *mctx,
+			     isc_mem_t *mctx, dns_ipkeylist_t *ipkl);
-			     dns_ipkeylist_t *ipkl);
 
 isc_result_t
 named_config_getport(const cfg_obj_t *config, const char *type,

bin/named/server.c

@@ -2779,8 +2779,8 @@ configure_catz_zone(dns_view_t *view, dns_view_t *pview,
 		obj = cfg_tuple_get(catz_obj, "default-primaries");
 	}
 	if (obj != NULL && cfg_obj_istuple(obj)) {
-		result = named_config_getipandkeylist(
+		result = named_config_getipandkeylist(config, obj, view->mctx,
-			config, "primaries", obj, view->mctx, &opts->masters);
+						      &opts->masters);
 	}
 
 	obj = cfg_tuple_get(catz_obj, "in-memory");

bin/named/zoneconf.c

@@ -1273,8 +1273,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 			dns_ipkeylist_t ipkl;
 			dns_ipkeylist_init(&ipkl);
 
-			CHECK(named_config_getipandkeylist(config, "primaries",
+			CHECK(named_config_getipandkeylist(config, obj, mctx,
-							   obj, mctx, &ipkl));
+							   &ipkl));
 			dns_zone_setalsonotify(zone, ipkl.addrs, ipkl.sources,
 					       ipkl.keys, ipkl.tlss,
 					       ipkl.count);
@@ -1679,9 +1679,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 		if (parentals != NULL) {
 			dns_ipkeylist_t ipkl;
 			dns_ipkeylist_init(&ipkl);
-			CHECK(named_config_getipandkeylist(
+			CHECK(named_config_getipandkeylist(config, parentals,
-				config, "parental-agents", parentals, mctx,
+							   mctx, &ipkl));
-				&ipkl));
 			dns_zone_setparentals(zone, ipkl.addrs, ipkl.sources,
 					      ipkl.keys, ipkl.tlss, ipkl.count);
 			dns_ipkeylist_clear(mctx, &ipkl);
@@ -1861,8 +1860,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 			dns_ipkeylist_t ipkl;
 			dns_ipkeylist_init(&ipkl);
 
-			CHECK(named_config_getipandkeylist(config, "primaries",
+			CHECK(named_config_getipandkeylist(config, obj, mctx,
-							   obj, mctx, &ipkl));
+							   &ipkl));
 			dns_zone_setprimaries(mayberaw, ipkl.addrs,
 					      ipkl.sources, ipkl.keys,
 					      ipkl.tlss, ipkl.count);

bin/tests/system/addzone/ns3/named1.conf.in

@@ -34,6 +34,6 @@ zone "." {
 	file "redirect.db";
 };
 
-primaries "test" {
+remote-servers "test" {
 	10.53.0.99;
 };

bin/tests/system/checkconf/bad-duplicate-remote-servers-synonyms.conf

@@ -11,5 +11,5 @@
  * information regarding copyright ownership.
  */
 
-primaries duplicate { 1.2.3.4; };
+remote-servers duplicate { 1.2.3.4; };
 primaries duplicate { 4.3.2.1; };

bin/tests/system/checkconf/bad-duplicate-remote-servers.conf

@@ -11,5 +11,5 @@
  * information regarding copyright ownership.
  */
 
-masters duplicate { 1.2.3.4; };
+remote-servers duplicate { 1.2.3.4; };
-primaries duplicate { 4.3.2.1; };
+remote-servers duplicate { 4.3.2.1; };

bin/tests/system/checkconf/bad-parental-agents-def-view2.conf

@@ -12,7 +12,7 @@
  */
 
 view "test" {
-	parental-agents "net" {
+	remote-servers "net" {
 		192.168.1.2;
 	 };
 	zone "example.net" {

bin/tests/system/checkconf/bad-parental-agents-dupdef.conf

@@ -11,11 +11,11 @@
  * information regarding copyright ownership.
  */
 
-parental-agents "net" {
+remote-servers "net" {
 	192.168.1.1;
 };
 
-parental-agents "net" {
+remote-servers "net" {
 	192.168.1.2;
 };
 

bin/tests/system/checkconf/bad-parental-agents-empty.conf

@@ -11,7 +11,7 @@
  * information regarding copyright ownership.
  */
 
-parental-agents "net" { };
+remote-servers "net" { };
 
 zone "example.net" {
 	type primary;

bin/tests/system/checkconf/bad-parental-agents-notfound.conf

@@ -11,7 +11,7 @@
  * information regarding copyright ownership.
  */
 
-parental-agents "com" {
+remote-servers "com" {
 	192.168.1.2;
 };
 

bin/tests/system/checkconf/bad-primaries-notfound.conf

@@ -11,7 +11,7 @@
  * information regarding copyright ownership.
  */
 
-primaries "net" {
+remote-servers "net" {
 	 192.168.1.2;
 };
 

bin/tests/system/checkconf/good-multiple-remote-servers-synonyms.conf

@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+remote-servers "one" {
+	1.2.3.4;
+};
+
+parental-agents "two" {
+	1.2.3.5;
+};
+
+primaries "three" {
+	1.2.3.6;
+};
+
+masters "four" {
+	1.2.3.7;
+};

bin/tests/system/checkconf/good-multiple-remote-servers.conf

@@ -11,5 +11,5 @@
  * information regarding copyright ownership.
  */
 
-masters a { 1.2.3.4; };
+remote-servers a { 1.2.3.4; };
-primaries b { 1.2.3.4; };
+remote-servers b { 1.2.3.4; };

bin/tests/system/checkconf/good.conf.in

@@ -86,7 +86,7 @@ options {
 	transfer-source 0.0.0.0;
 	zone-statistics none;
 };
-parental-agents "parents" port 5353 source 10.10.10.10 source-v6 2001:db8::10 {
+remote-servers "parents" port 5353 source 10.10.10.10 source-v6 2001:db8::10 {
 	10.10.10.11;
 	2001:db8::11;
 };

bin/tests/system/checkconf/inline-bad.conf

@@ -12,8 +12,8 @@
  */
 
 acl "transferees" {};
-primaries "stealthPrimaries" {127.0.0.1;};
+remote-servers "stealthPrimaries" {127.0.0.1;};
-primaries "publicSecondaries" {127.0.0.1;};
+remote-servers "publicSecondaries" {127.0.0.1;};
 zone "example.net" {
 	type secondary;
 	key-directory "/var/lib/bind/example.net";

bin/tests/system/checkconf/inline-good.conf

@@ -12,8 +12,8 @@
  */
 
 acl "transferees" {};
-primaries "stealthPrimaries" {127.0.0.1;};
+remote-servers "stealthPrimaries" {127.0.0.1;};
-primaries "publicSecondaries" {127.0.0.1;};
+remote-servers "publicSecondaries" {127.0.0.1;};
 zone "example.net" {
 	type secondary;
 	file "/var/cache/bind/example.net.db";

bin/tests/system/checkconf/inline-no.conf

@@ -12,8 +12,8 @@
  */
 
 acl "transferees" {};
-primaries "stealthPrimaries" {127.0.0.1;};
+remote-servers "stealthPrimaries" {127.0.0.1;};
-primaries "publicSecondaries" {127.0.0.1;};
+remote-servers "publicSecondaries" {127.0.0.1;};
 zone "example.net" {
 	type secondary;
 	key-directory "/var/lib/bind/example.net";

bin/tests/system/checkds/ns9/named.conf.in

@@ -37,7 +37,7 @@ controls {
 	inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
-parental-agents "ns8" port @PORT@ {
+remote-servers "ns8" port @PORT@ {
 	10.53.0.8;
 };
 

bin/tests/system/notify/ns2/named.conf.in

@@ -51,10 +51,8 @@ zone "example" {
 	also-notify { /* empty */ };
 };
 
-# use both 'primaries' and 'masters' to test that they
+remote-servers noport { 10.53.0.4; };
-# can work correctly together.
+remote-servers x21 port @EXTRAPORT1@ { noport; };
-primaries noport { 10.53.0.4; };
-masters x21 port @EXTRAPORT1@ { noport; };
 
 zone x1 {
 	type primary;

bin/tests/system/nsupdate/ns1/named.conf.in

@@ -94,7 +94,7 @@ zone "other.nil" {
 	allow-transfer { any; };
 };
 
-primaries others {
+remote-servers others {
 	10.53.0.2 port @PORT@;
 	10.53.0.2 port @PORT@ key altkey;
 };

bin/tests/system/xfer/ns2/named.conf.in

@@ -61,7 +61,7 @@ zone "tsigzone" {
 	allow-transfer { tzkey; };
 };
 
-primaries "ns1" port @PORT@ source 10.53.0.2 {
+remote-servers "ns1" port @PORT@ source 10.53.0.2 {
 	10.53.0.1;
 };
 

doc/arm/reference.rst

@@ -364,8 +364,8 @@ file documentation:
     ``portrange``
         A list of a :term:`port` or a port range. A port range is specified in the form of ``range`` followed by two :term:`port` s, ``port_low`` and ``port_high``, which represents port numbers from ``port_low`` through ``port_high``, inclusive. ``port_low`` must not be larger than ``port_high``. For example, ``range 1024 65535`` represents ports from 1024 through 65535. The asterisk (``*``) character is not allowed as a valid :term:`port` or as a port range boundary.
 
-    ``remote-servers``
+    ``server-list``
-        A named list of one or more :term:`ip_address` es with optional :term:`tls_id`, :term:`server_key`, and/or :term:`port`. A ``remote-servers`` list may include other ``remote-servers`` lists. See :any:`primaries` block.
+        A named list of one or more :term:`ip_address` es with optional :term:`tls_id`, :term:`server_key`, and/or :term:`port`. A ``server-list`` list may include other ``server-list`` lists.
 
     ``server_key``
         A :term:`domain_name` representing the name of a shared key, to be used for
@@ -413,17 +413,11 @@ The following blocks are supported:
     :any:`logging`
         Specifies what information the server logs and where the log messages are sent.
 
-    ``masters``
-        Synonym for :any:`primaries`.
-
     :namedconf:ref:`options`
         Controls global server configuration options and sets defaults for other statements.
 
-    :any:`parental-agents`
+    :namedconf:ref:`remote-servers`
-        Defines a named list of servers for inclusion in primary and secondary zones' :any:`parental-agents` lists.
+        Defines a named list of servers for inclusion in various zone statements such as :any:`parental-agents`, :any:`primaries` or :any:`also-notify` lists.
-
-    :any:`primaries`
-        Defines a named list of servers for inclusion in stub and secondary zones' :any:`primaries` or :any:`also-notify` lists. (Note: this is a synonym for the original keyword ``masters``, which can still be used, but is no longer the preferred terminology.)
 
     :namedconf:ref:`server`
         Sets certain configuration options on a per-server basis.
@@ -1048,34 +1042,20 @@ At ``debug`` level 4 or higher, the detailed context information logged at
 ``debug`` level 2 is logged for errors other than SERVFAIL and for negative
 responses such as NXDOMAIN.
 
-:any:`parental-agents` Block Grammar
+``remote-servers`` Block Grammar
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.. namedconf:statement:: parental-agents
+.. namedconf:statement:: remote-servers
-   :tags: zone
+   :tags: server
-   :short: Defines a list of delegation agents to be used by primary and secondary zones.
+   :short: Defines a list of servers to be used by primary and secondary zones.
 
-:any:`parental-agents` Block Definition and Usage
+This specifies a list that allows for a common set of servers to be easily used
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+by multiple zones. The following options may reference to a list of
+remote servers: :any:`parental-agents`, :any:`primaries`, and :any:`also-notify`.
 
-:any:`parental-agents` lists allow for a common set of parental agents to be
+A "parental agent" is a trusted DNS server that is queried to check whether DS
-easily used by multiple primary and secondary zones. A "parental agent" is a
+records for a given zones are up-to-date.
-trusted DNS server that is queried to check whether DS records for a given zones
-are up-to-date.
 
-:any:`primaries` Block Grammar
+A "primary server" is where a secondary server can request zone transfers from.
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.. namedconf:statement:: primaries
-   :tags: zone
-   :short: Defines one or more primary servers for a zone.
-
-:any:`primaries` Block Definition and Usage
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-:any:`primaries` lists allow for a common set of primary servers to be easily
-used by multiple stub and secondary zones in their :any:`primaries` or
-:any:`also-notify` lists. (Note: :any:`primaries` is a synonym for the original
-keyword ``masters``, which can still be used, but is no longer the
-preferred terminology.)
 
 To force the zone transfer requests to be sent over TLS, use :any:`tls` keyword,
 e.g. ``primaries { 192.0.2.1 tls tls-configuration-name; };``,
@@ -3388,6 +3368,19 @@ options apply to zone transfers.
    per second. The lowest possible rate is one per second; when set to
    zero, it is silently raised to one.
 
+.. namedconf:statement:: primaries
+   :tags: transfer, zone
+   :short: Defines one or more servers that zone transfer can be requested from.
+
+   This specifies a list of one or more IP addresses of primary servers that
+   the secondary contacts to update its copy of the zone. Primaries list
+   elements can also be names of :any:`remote-servers` blocks.
+
+   By default, transfers are made from port 53 on the servers; this can be
+   changed for all servers by specifying a port number before the list of IP
+   addresses, or on a per-server basis after the IP address. Authentication to
+   the primary can also be done with per-server TSIG keys.
+
 .. namedconf:statement:: startup-notify-rate
    :tags: transfer, zone
    :short: Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
@@ -6476,6 +6469,18 @@ old DNSSEC key.
       trust relationship with the parental agent. For example, use TSIG to
       authenticate the parental agent, or point to a validating resolver.
 
+.. namedconf:statement:: parental-agents
+   :tags: dnssec
+
+   This specifies a list of one or more IP addresses of parental agents that
+   are used to query the zone's DS records during a KSK rollover. The list of
+   parental agents can also contain the names of :any:`remote-servers` blocks.
+
+   By default, DS queries are sent from port 53 on the servers; this can be
+   changed for all servers by specifying a port number before the list of IP
+   addresses, or on a per-server basis after the IP address. Authentication to
+   the primary can also be done with per-server TSIG keys.
+
 The following options apply to DS queries sent to :any:`parental-agents`:
 
 .. namedconf:statement:: checkds
@@ -6663,32 +6668,21 @@ Zone Types
    :short: Contains a duplicate of the data for a zone that has been transferred from a primary server.
 
    A secondary zone is a replica of a primary zone. Type ``slave`` is a
-    synonym for :any:`secondary <type secondary>`. The :any:`primaries` list specifies one or more IP
+   synonym for :any:`secondary <type secondary>`. The :any:`primaries` list
-    addresses of primary servers that the secondary contacts to update
+   specifies one or more IP addresses of primary servers that the secondary
-    its copy of the zone. Primaries list elements can
+   contacts to update its copy of the zone.
-    also be names of other primaries lists. By default,
+
-    transfers are made from port 53 on the servers;
+   If a file is
-    this can be changed for all servers by specifying
+   specified, then the replica is written to this file whenever the zone
-    a port number before the list of IP addresses,
+   is changed, and reloaded from this file on a server restart. Use of a file
-    or on a per-server basis after the IP address.
+   is recommended, since it often speeds server startup and eliminates a
-    Authentication to the primary can also be done with
+   needless waste of bandwidth. Note that for large numbers (in the tens or
-    per-server TSIG keys.  If a file is specified, then the
+   hundreds of thousands) of zones per server, it is best to use a two-level
-    replica is written to this file
+   naming scheme for zone filenames. For example, a secondary server for the
-    whenever the zone
+   zone ``example.com`` might place the zone contents into a file called
-    is changed, and reloaded from this file on a server
+   ``ex/example.com``, where ``ex/`` is just the first two letters of the zone
-    restart. Use of a file is recommended, since it
+   name. (Most operating systems behave very slowly if there are 100,000 files
-    often speeds server startup and eliminates a
+   in a single directory.)
-    needless waste of bandwidth. Note that for large
-    numbers (in the tens or hundreds of thousands) of
-    zones per server, it is best to use a two-level
-    naming scheme for zone filenames. For example,
-    a secondary server for the zone
-    ``example.com`` might place
-    the zone contents into a file called
-    ``ex/example.com``, where
-    ``ex/`` is just the first two
-    letters of the zone name. (Most operating systems
-    behave very slowly if there are 100,000 files in a single directory.)
 
 .. namedconf:statement:: type mirror
    :tags: zone
@@ -7056,6 +7050,15 @@ Zone Options
 :any:`notify-to-soa`
    See the description of :any:`notify-to-soa` in :ref:`boolean_options`.
 
+:any:`parental-agents`
+   This option is only meaningful if the zone is DNSSEC signed. When performing
+   a key rollover, BIND will query the parental agents to see if the new DS is
+   actually published before withdrawing the old DNSSEC key.
+
+:any:`primaries`
+   For secondary zones, these are the name servers to request zone transfers
+   from.
+
 :any:`zone-statistics`
    See the description of :any:`zone-statistics` in :namedconf:ref:`options`.
 

doc/dnssec-guide/signing.rst

@@ -898,7 +898,7 @@ presence. Let's look at the following configuration excerpt:
 
 ::
 
-   parental-agents "net" {
+   remote-servers "net" {
        10.53.0.11; 10.53.0.12;
    };
 

doc/misc/mirror.zoneopt

@@ -5,7 +5,7 @@ zone <string> [ <class> ] {
 	allow-query-on { <address_match_element>; ... };
 	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
 	allow-update-forwarding { <address_match_element>; ... };
-	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	check-names ( fail | warn | ignore );
 	database <string>;
 	file <quoted_string>;
@@ -31,7 +31,7 @@ zone <string> [ <class> ] {
 	notify-delay <integer>;
 	notify-source ( <ipv4_address> | * );
 	notify-source-v6 ( <ipv6_address> | * );
-	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	request-expire <boolean>;
 	request-ixfr <boolean>;
 	request-ixfr-max-diffs <integer>;

doc/misc/options

@@ -78,14 +78,14 @@ options {
 	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
 	allow-update { <address_match_element>; ... };
 	allow-update-forwarding { <address_match_element>; ... };
-	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	answer-cookie <boolean>;
 	attach-cache <string>;
 	auth-nxdomain <boolean>;
 	automatic-interface-scan <boolean>;
 	bindkeys-file <quoted_string>; // test only
 	blackhole { <address_match_element>; ... };
-	catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
+	catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
 	check-dup-records ( fail | warn | ignore );
 	check-integrity <boolean>;
 	check-mx ( fail | warn | ignore );
@@ -319,11 +319,9 @@ options {
 	zone-statistics ( full | terse | none | <boolean> );
 };
 
-parental-agents <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
-
 plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
 
-primaries <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+remote-servers <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
 
 server <netprefix> {
 	bogus <boolean>;
@@ -385,10 +383,10 @@ view <string> [ <class> ] {
 	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
 	allow-update { <address_match_element>; ... };
 	allow-update-forwarding { <address_match_element>; ... };
-	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	attach-cache <string>;
 	auth-nxdomain <boolean>;
-	catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
+	catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
 	check-dup-records ( fail | warn | ignore );
 	check-integrity <boolean>;
 	check-mx ( fail | warn | ignore );

doc/misc/primary.zoneopt

@@ -4,7 +4,7 @@ zone <string> [ <class> ] {
 	allow-query-on { <address_match_element>; ... };
 	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
 	allow-update { <address_match_element>; ... };
-	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	check-dup-records ( fail | warn | ignore );
 	check-integrity <boolean>;
 	check-mx ( fail | warn | ignore );
@@ -48,7 +48,7 @@ zone <string> [ <class> ] {
 	notify-source-v6 ( <ipv6_address> | * );
 	notify-to-soa <boolean>;
 	nsec3-test-zone <boolean>; // test only
-	parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	parental-source ( <ipv4_address> | * );
 	parental-source-v6 ( <ipv6_address> | * );
 	send-report-channel <string>;

doc/misc/redirect.zoneopt

@@ -10,6 +10,6 @@ zone <string> [ <class> ] {
 	max-records-per-type <integer>;
 	max-types-per-name <integer>;
 	max-zone-ttl ( unlimited | <duration> ); // deprecated
-	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	zone-statistics ( full | terse | none | <boolean> );
 };

doc/misc/secondary.zoneopt

@@ -5,7 +5,7 @@ zone <string> [ <class> ] {
 	allow-query-on { <address_match_element>; ... };
 	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
 	allow-update-forwarding { <address_match_element>; ... };
-	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	check-names ( fail | warn | ignore );
 	checkds ( explicit | <boolean> );
 	database <string>;
@@ -45,10 +45,10 @@ zone <string> [ <class> ] {
 	notify-source-v6 ( <ipv6_address> | * );
 	notify-to-soa <boolean>;
 	nsec3-test-zone <boolean>; // test only
-	parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	parental-source ( <ipv4_address> | * );
 	parental-source-v6 ( <ipv6_address> | * );
-	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	request-expire <boolean>;
 	request-ixfr <boolean>;
 	request-ixfr-max-diffs <integer>;

doc/misc/stub.zoneopt

@@ -19,7 +19,7 @@ zone <string> [ <class> ] {
 	min-refresh-time <integer>;
 	min-retry-time <integer>;
 	multi-master <boolean>;
-	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	transfer-source ( <ipv4_address> | * );
 	transfer-source-v6 ( <ipv6_address> | * );
 	zone-statistics ( full | terse | none | <boolean> );

lib/isccfg/check.c

@@ -2098,10 +2098,10 @@ check_remoteserverlist(const cfg_obj_t *cctx, const char *list,
 }
 
 /*
- * Check primaries lists for duplicates.
+ * Check remote-server lists for duplicates.
  */
 static isc_result_t
-check_primarylists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
+check_remoteserverlists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
 	isc_result_t result, tresult;
 	isc_symtab_t *symtab = NULL;
 
@@ -2109,6 +2109,15 @@ check_primarylists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
 	if (result != ISC_R_SUCCESS) {
 		return result;
 	}
+	tresult = check_remoteserverlist(cctx, "remote-servers", symtab, mctx);
+	if (tresult != ISC_R_SUCCESS) {
+		result = tresult;
+	}
+	/* parental-agents, primaries, masters are treated as synonyms */
+	tresult = check_remoteserverlist(cctx, "parental-agents", symtab, mctx);
+	if (tresult != ISC_R_SUCCESS) {
+		result = tresult;
+	}
 	tresult = check_remoteserverlist(cctx, "primaries", symtab, mctx);
 	if (tresult != ISC_R_SUCCESS) {
 		result = tresult;
@@ -2121,26 +2130,6 @@ check_primarylists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
 	return result;
 }
 
-/*
- * Check parental-agents lists for duplicates.
- */
-static isc_result_t
-check_parentalagentlists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
-	isc_result_t result, tresult;
-	isc_symtab_t *symtab = NULL;
-
-	result = isc_symtab_create(mctx, 100, freekey, mctx, false, &symtab);
-	if (result != ISC_R_SUCCESS) {
-		return result;
-	}
-	tresult = check_remoteserverlist(cctx, "parental-agents", symtab, mctx);
-	if (tresult != ISC_R_SUCCESS) {
-		result = tresult;
-	}
-	isc_symtab_destroy(&symtab);
-	return result;
-}
-
 #if HAVE_LIBNGHTTP2
 static isc_result_t
 check_httpserver(const cfg_obj_t *http, isc_symtab_t *symtab) {
@@ -2435,24 +2424,28 @@ get_remotes(const cfg_obj_t *cctx, const char *list, const char *name,
 }
 
 static isc_result_t
-get_remoteservers_def(const char *list, const char *name, const cfg_obj_t *cctx,
+get_remoteservers_def(const char *name, const cfg_obj_t *cctx,
 		      const cfg_obj_t **ret) {
-	isc_result_t result = ISC_R_NOTFOUND;
+	isc_result_t result;
 
-	if (strcmp(list, "primaries") == 0) {
+	result = get_remotes(cctx, "remote-servers", name, ret);
-		result = get_remotes(cctx, "primaries", name, ret);
+	if (result == ISC_R_SUCCESS) {
-		if (result != ISC_R_SUCCESS) {
-			result = get_remotes(cctx, "masters", name, ret);
-		}
-	} else if (strcmp(list, "parental-agents") == 0) {
-		result = get_remotes(cctx, "parental-agents", name, ret);
-	}
 		return result;
 	}
+	result = get_remotes(cctx, "primaries", name, ret);
+	if (result == ISC_R_SUCCESS) {
+		return result;
+	}
+	result = get_remotes(cctx, "parental-agents", name, ret);
+	if (result == ISC_R_SUCCESS) {
+		return result;
+	}
+	return get_remotes(cctx, "masters", name, ret);
+}
 
 static isc_result_t
-validate_remotes(const char *list, const cfg_obj_t *obj,
+validate_remotes(const cfg_obj_t *obj, const cfg_obj_t *config,
-		 const cfg_obj_t *config, uint32_t *countp, isc_mem_t *mctx) {
+		 uint32_t *countp, isc_mem_t *mctx) {
 	isc_result_t result = ISC_R_SUCCESS;
 	isc_result_t tresult;
 	uint32_t count = 0;
@@ -2555,13 +2548,13 @@ resume:
 		if (tresult == ISC_R_EXISTS) {
 			continue;
 		}
-		tresult = get_remoteservers_def(list, listname, config, &obj);
+		tresult = get_remoteservers_def(listname, config, &obj);
 		if (tresult != ISC_R_SUCCESS) {
 			if (result == ISC_R_SUCCESS) {
 				result = tresult;
 			}
 			cfg_obj_log(addr, ISC_LOG_ERROR,
-				    "unable to find %s list '%s'", list,
+				    "unable to find remote-servers list '%s'",
 				    listname);
 			continue;
 		}
@@ -3444,8 +3437,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		}
 		if (tresult == ISC_R_SUCCESS && donotify) {
 			uint32_t count;
-			tresult = validate_remotes("primaries", obj, config,
+			tresult = validate_remotes(obj, config, &count, mctx);
-						   &count, mctx);
 			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
 			{
 				result = tresult;
@@ -3487,8 +3479,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 			result = ISC_R_FAILURE;
 		} else {
 			uint32_t count;
-			tresult = validate_remotes("primaries", obj, config,
+			tresult = validate_remotes(obj, config, &count, mctx);
-						   &count, mctx);
 			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
 			{
 				result = tresult;
@@ -3512,8 +3503,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		(void)cfg_map_get(zoptions, "parental-agents", &obj);
 		if (obj != NULL) {
 			uint32_t count;
-			tresult = validate_remotes("parental-agents", obj,
+			tresult = validate_remotes(obj, config, &count, mctx);
-						   config, &count, mctx);
 			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
 			{
 				result = tresult;
@@ -5911,11 +5901,7 @@ isccfg_check_namedconf(const cfg_obj_t *config, unsigned int flags,
 		result = ISC_R_FAILURE;
 	}
 
-	if (check_primarylists(config, mctx) != ISC_R_SUCCESS) {
+	if (check_remoteserverlists(config, mctx) != ISC_R_SUCCESS) {
-		result = ISC_R_FAILURE;
-	}
-
-	if (check_parentalagentlists(config, mctx) != ISC_R_SUCCESS) {
 		result = ISC_R_FAILURE;
 	}
 

lib/isccfg/namedconf.c

@@ -234,7 +234,7 @@ static cfg_tuplefielddef_t remotes_fields[] = {
 	{ NULL, NULL, 0 }
 };
 
-static cfg_type_t cfg_type_remoteservers = { "remote-servers", cfg_parse_tuple,
+static cfg_type_t cfg_type_serverlist = { "server-list",   cfg_parse_tuple,
 					  cfg_print_tuple, cfg_doc_tuple,
 					  &cfg_rep_tuple,  remotes_fields };
 
@@ -1140,11 +1140,14 @@ static cfg_clausedef_t namedconf_clauses[] = {
 	{ "key-store", &cfg_type_keystore, CFG_CLAUSEFLAG_MULTI },
 	{ "logging", &cfg_type_logging, 0 },
 	{ "lwres", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
-	{ "masters", &cfg_type_remoteservers,
+	{ "masters", &cfg_type_serverlist,
 	  CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
 	{ "options", &cfg_type_options, 0 },
-	{ "parental-agents", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
+	{ "parental-agents", &cfg_type_serverlist,
-	{ "primaries", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
+	  CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
+	{ "primaries", &cfg_type_serverlist,
+	  CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
+	{ "remote-servers", &cfg_type_serverlist, CFG_CLAUSEFLAG_MULTI },
 #if defined(HAVE_LIBXML2) || defined(HAVE_JSON_C)
 	{ "statistics-channels", &cfg_type_statschannels,
 	  CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OPTIONAL },
@@ -3740,7 +3743,7 @@ static void
 doc_remoteselement(cfg_printer_t *pctx, const cfg_type_t *type) {
 	UNUSED(type);
 	cfg_print_cstr(pctx, "( ");
-	cfg_print_cstr(pctx, "<remote-servers>");
+	cfg_print_cstr(pctx, "<server-list>");
 	cfg_print_cstr(pctx, " | ");
 	cfg_print_cstr(pctx, "<ipv4_address>");
 	cfg_print_cstr(pctx, " ");