Remove a lot of obsoleted options

These options were ancient or made obsolete a long time ago, it is
safe to remove them.

Also stop printing ancient options, they should be treated the same as
unknown options.

Removed options: lwres, geoip-use-ecs, sit-secret, use-ixfr,
acache-cleaning-interval, acache-enable, additional-from-auth,
additional-from-cache, allow-v6-synthesis, dnssec-enable,
max-acache-size, nosit-udp-size, queryport-pool-ports,
queryport-pool-updateinterval, request-sit, use-queryport-pool, and
support-ixfr.

bin/named/config.c

@@ -131,7 +131,6 @@ options {\n\
 #	treat-cr-as-space <obsolete>;\n\
 	trust-anchor-telemetry yes;\n\
 #	use-id-pool <obsolete>;\n\
-#	use-ixfr <obsolete>;\n\
 \n\
 	/* view */\n\
 	allow-new-zones no;\n\
@@ -141,7 +140,6 @@ options {\n\
 	allow-recursion { localnets; localhost; };\n\
 	allow-recursion-on { any; };\n\
 	allow-update-forwarding {none;};\n\
-#	allow-v6-synthesis <obsolete>;\n\
 	auth-nxdomain false;\n\
 	check-dup-records warn;\n\
 	check-mx warn;\n\

bin/tests/named.conf

@@ -26,9 +26,6 @@
 // watch out for ";" -- it's important!
 
 options {
-	additional-from-auth true;
-	additional-from-cache false;
-
 	version "my version string";
 	random-device "/dev/random";
 	directory "/tmp";
@@ -265,8 +262,6 @@ view "test-view" in {
 	sig-validity-interval 45;
 	max-cache-size 100000;
 	allow-query { 10.0.0.30;};
-	additional-from-cache false;
-	additional-from-auth no;
 	match-clients { 10.0.0.1 ; };
 	check-names master warn;
 	check-names slave ignore;
@@ -418,9 +413,6 @@ server 1.2.3.4 {
 	keys { "sample_key" };	// for TSIG; supported by the parser
 					// but not yet implemented in the
 					// rest of the server
-# Now called 'request-ixfr'
-#	support-ixfr yes;      // for IXFR supported by server
-					// if yes, the listed server talks IXFR
 };
 
 logging {

bin/tests/system/checkconf/bad-geoip-use-ecs.conf

@@ -1,14 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
-	geoip-use-ecs yes;
-};

bin/tests/system/checkconf/dnssec.1

@@ -9,6 +9,17 @@
  * information regarding copyright ownership.
  */
 
-options {
-	dnssec-enable no;
+view view1 {
+	match-clients { any; };
+	dnssec-validation yes;
+};
+
+view view2 {
+	match-clients { none; };
+	dnssec-validation auto;
+};
+
+view view3 {
+	match-clients { none; };
+	auto-dnssec maintain;
 };

bin/tests/system/checkconf/dnssec.2

@@ -11,15 +11,22 @@
 
 view view1 {
 	match-clients { any; };
-	dnssec-validation yes;
 };
 
 view view2 {
 	match-clients { none; };
-	dnssec-validation auto;
 };
 
 view view3 {
 	match-clients { none; };
-	auto-dnssec maintain;
+	dnssec-validation auto;
+};
+
+view view4 {
+	match-clients { none; };
+};
+
+view view5 {
+	match-clients { none; };
+	auto-dnssec off;
 };

bin/tests/system/checkconf/dnssec.3

@@ -1,32 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-view view1 {
-	match-clients { any; };
-};
-
-view view2 {
-	match-clients { none; };
-};
-
-view view3 {
-	match-clients { none; };
-	dnssec-validation auto;
-};
-
-view view4 {
-	match-clients { none; };
-};
-
-view view5 {
-	match-clients { none; };
-	auto-dnssec off;
-};

bin/tests/system/checkconf/tests.sh

@@ -113,14 +113,11 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking named-checkconf dnssec warnings ($n)"
 ret=0
-# dnssec.1: dnssec-enable is obsolete
-$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1
-grep "'dnssec-enable' is obsolete and should be removed" < checkconf.out$n.1 > /dev/null || ret=1
-# dnssec.2: auto-dnssec warning
-$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1
+# dnssec.1: auto-dnssec warning
+$CHECKCONF dnssec.1 > checkconf.out$n.2 2>&1
 grep 'auto-dnssec may only be ' < checkconf.out$n.2 > /dev/null || ret=1
-# dnssec.3: should have no warnings
-$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1
+# dnssec.2: should have no warnings
+$CHECKCONF dnssec.2 > checkconf.out$n.3 2>&1
 grep '.*' < checkconf.out$n.3 > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -460,15 +457,6 @@ grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
-n=`expr $n + 1`
-echo_i "check that 'geoip-use-ecs no' generates a warning ($n)"
-ret=0
-$CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1
-[ -s checkconf.out$n ] || ret=1
-grep "'geoip-use-ecs' is obsolete" < checkconf.out$n > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
-
 n=`expr $n + 1`
 echo_i "checking named-checkconf kasp errors ($n)"
 ret=0

bin/tests/system/checkconf/warn-geoip-use-ecs.conf

@@ -1,14 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
-	geoip-use-ecs no;
-};

bin/tests/system/keepalive/ns2/named.conf.in

@@ -27,7 +27,6 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion yes;
-	acache-enable yes;
 	send-cookie yes;
 	tcp-advertised-timeout 150;
 };

bin/tests/system/padding/ns2/named.conf.in

@@ -27,7 +27,6 @@ options {
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };
 	recursion yes;
-	acache-enable yes;
 	send-cookie yes;
 	response-padding { !10.53.0.8; any; } block-size 64;
 };

bin/tests/system/rrl/tests.sh

@@ -163,8 +163,7 @@ ckstats () {
 #########
 sec_start
 
-# Tests of referrals to "." must be done before the hints are loaded
-#   or with "additional-from-cache no"
+# Tests of referrals to "." must be done before the hints are loaded.
 burst 5 a1.tld3 +norec
 # basic rate limiting
 burst 3 a1.tld2

doc/arm/reference.rst

@@ -1658,16 +1658,6 @@ Boolean Options
    flush any pending zone writes. The default is
    ``flush-zones-on-shutdown no``.
 
-``geoip-use-ecs``
-   This option was part of an experimental implementation of the EDNS
-   CLIENT-SUBNET for authoritative servers, but is now obsolete.
-
-``ipv4only-enable``
-   Create the IPV4ONLY.ARPA zone as described in RFC 8880.  By
-   default the zone is only created if a DNS64 prefix is configured.
-   Control the SOA contact and server values with ``ipv4only-contact``
-   and  ``ipv4only-server`` respectively.
-
 ``root-key-sentinel``
    If ``yes``, respond to root key sentinel probes as described in
    draft-ietf-dnsop-kskroll-sentinel-08. The default is ``yes``.
@@ -1781,9 +1771,6 @@ Boolean Options
    option in its response, then its contents are logged in the ``nsid``
    category at level ``info``. The default is ``no``.
 
-``request-sit``
-   This experimental option is obsolete.
-
 ``require-server-cookie``
    If ``yes``, require a valid server cookie before sending a full response to a UDP
    request from a cookie-aware client. BADCOOKIE is sent if there is a
@@ -1868,9 +1855,6 @@ Boolean Options
    option may further limit the response size as the default for
    ``max-udp-size`` is 1232.
 
-``sit-secret``
-   This experimental option is obsolete.
-
 ``cookie-algorithm``
    This sets the algorithm to be used when generating the server cookie; the options are
    "aes", "sha1", or "sha256". The default is "aes" if supported by
@@ -1924,12 +1908,6 @@ Boolean Options
 
    The default is ``yes``.
 
-``use-ixfr``
-   *This option is obsolete*. To disable IXFR to a
-   particular server or servers, see the information on the
-   ``provide-ixfr`` option in :ref:`server_statement_definition_and_usage`.
-   See also :ref:`incremental_zone_transfers`.
-
 ``provide-ixfr``
    See the description of ``provide-ixfr`` in :ref:`server_statement_definition_and_usage`.
 
@@ -2003,9 +1981,6 @@ Boolean Options
 
    The default setting is ``auto-dnssec off``.
 
-``dnssec-enable``
-   This option is obsolete and has no effect.
-
 .. _dnssec-validation-option:
 
 ``dnssec-validation``
@@ -2369,12 +2344,6 @@ for details on how to specify IP address lists.
    and inherited by zones, this can lead to some zones unintentionally
    forwarding updates.
 
-``allow-v6-synthesis``
-   This option was introduced for the smooth transition from AAAA to A6
-   and from "nibble labels" to binary labels. However, since both A6 and
-   binary labels were then deprecated, this option was also deprecated.
-   It is now ignored with some warning messages.
-
 .. _allow-transfer-access:
 
 ``allow-transfer``
@@ -2534,6 +2503,14 @@ system default range; otherwise, it uses its own defaults:
    use-v4-udp-ports { range 1024 65535; };
    use-v6-udp-ports { range 1024 65535; };
 
+The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports``
+options are:
+
+::
+
+   avoid-v4-udp-ports {};
+   avoid-v6-udp-ports {};
+
 .. note:: Make sure the ranges are sufficiently large for security. A
    desirable size depends on several parameters, but we generally recommend
    it contain at least 16384 ports (14 bits of entropy). Note also that the
@@ -2553,38 +2530,14 @@ system default range; otherwise, it uses its own defaults:
    set of ports that can be safely used in the expected operational
    environment.
 
-The defaults of the ``avoid-v4-udp-ports`` and ``avoid-v6-udp-ports``
-options are:
+.. note:: The address specified in the ``query-source`` option is used for both
+   UDP and TCP queries, but the port applies only to UDP queries. TCP
+   queries always use a random unprivileged port.
 
-::
+.. note:: Solaris 2.5.1 and earlier does not support setting the source address
+   for TCP sockets.
 
-   avoid-v4-udp-ports {};
-   avoid-v6-udp-ports {};
-
-.. note:: BIND 9.5.0 introduced the ``use-queryport-pool`` option to support
-   a pool of such random ports, but this option is now obsolete because
-   reusing the same ports in the pool may not be sufficiently secure. For
-   the same reason, it is generally strongly discouraged to specify a
-   particular port for the ``query-source`` or ``query-source-v6`` options;
-   it implicitly disables the use of randomized port numbers.
-
-``use-queryport-pool``
-   This option is obsolete.
-
-``queryport-pool-ports``
-   This option is obsolete.
-
-``queryport-pool-updateinterval``
-   This option is obsolete.
-
-   .. note:: The address specified in the ``query-source`` option is used for both
-      UDP and TCP queries, but the port applies only to UDP queries. TCP
-      queries always use a random unprivileged port.
-
-   .. note:: Solaris 2.5.1 and earlier does not support setting the source address
-      for TCP sockets.
-
-   .. note:: See also ``transfer-source`` and ``notify-source``.
+.. note:: See also ``transfer-source`` and ``notify-source``.
 
 .. _zone_transfers:
 

lib/bind9/check.c

@@ -1557,17 +1557,6 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
 		}
 	}
 
-	obj = NULL;
-	(void)cfg_map_get(options, "geoip-use-ecs", &obj);
-	if (obj != NULL && cfg_obj_asboolean(obj)) {
-		cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
-			    "'geoip-use-ecs yes': "
-			    "ECS can no longer be used in geoip ACLs");
-		if (result == ISC_R_SUCCESS) {
-			result = ISC_R_FAILURE;
-		}
-	}
-
 	obj = NULL;
 	(void)cfg_map_get(options, "max-ixfr-ratio", &obj);
 	if (obj != NULL && cfg_obj_ispercentage(obj)) {

lib/isccfg/namedconf.c

@@ -235,20 +235,6 @@ static cfg_type_t cfg_type_portiplist = { "portiplist",	   cfg_parse_tuple,
 					  cfg_print_tuple, cfg_doc_tuple,
 					  &cfg_rep_tuple,  portiplist_fields };
 
-/*
- * Obsolete format for the "pubkey" statement.
- */
-static cfg_tuplefielddef_t pubkey_fields[] = {
-	{ "flags", &cfg_type_uint32, 0 },
-	{ "protocol", &cfg_type_uint32, 0 },
-	{ "algorithm", &cfg_type_uint32, 0 },
-	{ "key", &cfg_type_qstring, 0 },
-	{ NULL, NULL, 0 }
-};
-static cfg_type_t cfg_type_pubkey = { "pubkey",	       cfg_parse_tuple,
-				      cfg_print_tuple, cfg_doc_tuple,
-				      &cfg_rep_tuple,  pubkey_fields };
-
 /*%
  * A list of RR types, used in grant statements.
  * Note that the old parser allows quotes around the RR type names.
@@ -1102,8 +1088,7 @@ static cfg_clausedef_t namedconf_clauses[] = {
 	{ "controls", &cfg_type_controls, CFG_CLAUSEFLAG_MULTI },
 	{ "dnssec-policy", &cfg_type_dnssecpolicy, CFG_CLAUSEFLAG_MULTI },
 	{ "logging", &cfg_type_logging, 0 },
-	{ "lwres", &cfg_type_bracketed_text,
-	  CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE },
+	{ "lwres", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
 	{ "masters", &cfg_type_primaries, CFG_CLAUSEFLAG_MULTI },
 	{ "options", &cfg_type_options, 0 },
 	{ "primaries", &cfg_type_primaries, CFG_CLAUSEFLAG_MULTI },
@@ -1165,7 +1150,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
 	{ "coresize", &cfg_type_size, 0 },
 	{ "datasize", &cfg_type_size, 0 },
-	{ "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+	{ "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
 #ifdef HAVE_DNSTAP
 	{ "dnstap-output", &cfg_type_dnstapoutput, 0 },
@@ -1180,7 +1165,7 @@ static cfg_clausedef_t options_clauses[] = {
 #endif /* ifdef HAVE_DNSTAP */
 	{ "dscp", &cfg_type_uint32, 0 },
 	{ "dump-file", &cfg_type_qstring, 0 },
-	{ "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+	{ "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "files", &cfg_type_size, 0 },
 	{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
 #ifdef HAVE_DNSTAP
@@ -1213,11 +1198,11 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "geoip-directory", &cfg_type_qstringornone,
 	  CFG_CLAUSEFLAG_NOTCONFIGURED },
 #endif /* HAVE_GEOIP2 */
-	{ "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
-	{ "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+	{ "geoip-use-ecs", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "has-old-clients", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "heartbeat-interval", &cfg_type_uint32, 0 },
-	{ "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
-	{ "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
+	{ "host-statistics", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "host-statistics-max", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "hostname", &cfg_type_qstringornone, 0 },
 	{ "interface-interval", &cfg_type_duration, 0 },
 	{ "keep-response-order", &cfg_type_bracketed_aml, 0 },
@@ -1229,8 +1214,8 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "max-rsa-exponent-size", &cfg_type_uint32, 0 },
 	{ "memstatistics", &cfg_type_boolean, 0 },
 	{ "memstatistics-file", &cfg_type_qstring, 0 },
-	{ "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
-	{ "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
+	{ "multiple-cnames", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "named-xfer", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "notify-rate", &cfg_type_uint32, 0 },
 	{ "pid-file", &cfg_type_qstringornone, 0 },
 	{ "port", &cfg_type_uint32, 0 },
@@ -1241,17 +1226,17 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "recursive-clients", &cfg_type_uint32, 0 },
 	{ "reserved-sockets", &cfg_type_uint32, 0 },
 	{ "secroots-file", &cfg_type_qstring, 0 },
-	{ "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
+	{ "serial-queries", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "serial-query-rate", &cfg_type_uint32, 0 },
 	{ "server-id", &cfg_type_serverid, 0 },
 	{ "session-keyalg", &cfg_type_astring, 0 },
 	{ "session-keyfile", &cfg_type_qstringornone, 0 },
 	{ "session-keyname", &cfg_type_astring, 0 },
-	{ "sit-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "stacksize", &cfg_type_size, 0 },
 	{ "startup-notify-rate", &cfg_type_uint32, 0 },
 	{ "statistics-file", &cfg_type_qstring, 0 },
-	{ "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
+	{ "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "tcp-advertised-timeout", &cfg_type_uint32, 0 },
 	{ "tcp-clients", &cfg_type_uint32, 0 },
 	{ "tcp-idle-timeout", &cfg_type_uint32, 0 },
@@ -1266,9 +1251,9 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "transfers-in", &cfg_type_uint32, 0 },
 	{ "transfers-out", &cfg_type_uint32, 0 },
 	{ "transfers-per-ns", &cfg_type_uint32, 0 },
-	{ "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
-	{ "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
-	{ "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "treat-cr-as-space", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "use-id-pool", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "use-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
 	{ "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
 	{ "version", &cfg_type_qstringornone, 0 },
@@ -1920,24 +1905,22 @@ static cfg_type_t cfg_type_dns64 = { "dns64",	    cfg_parse_netprefix_map,
  */
 
 static cfg_clausedef_t view_clauses[] = {
-	{ "acache-cleaning-interval", &cfg_type_uint32,
-	  CFG_CLAUSEFLAG_OBSOLETE },
-	{ "acache-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
-	{ "additional-from-auth", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
-	{ "additional-from-cache", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "acache-cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "acache-enable", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "additional-from-auth", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "additional-from-cache", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "allow-new-zones", &cfg_type_boolean, 0 },
 	{ "allow-query-cache", &cfg_type_bracketed_aml, 0 },
 	{ "allow-query-cache-on", &cfg_type_bracketed_aml, 0 },
 	{ "allow-recursion", &cfg_type_bracketed_aml, 0 },
 	{ "allow-recursion-on", &cfg_type_bracketed_aml, 0 },
-	{ "allow-v6-synthesis", &cfg_type_bracketed_aml,
-	  CFG_CLAUSEFLAG_OBSOLETE },
+	{ "allow-v6-synthesis", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "attach-cache", &cfg_type_astring, 0 },
 	{ "auth-nxdomain", &cfg_type_boolean, 0 },
 	{ "cache-file", &cfg_type_qstring, 0 },
 	{ "catalog-zones", &cfg_type_catz, 0 },
 	{ "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI },
-	{ "cleaning-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
+	{ "cleaning-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "clients-per-query", &cfg_type_uint32, 0 },
 	{ "deny-answer-addresses", &cfg_type_denyaddresses, 0 },
 	{ "deny-answer-aliases", &cfg_type_denyaliases, 0 },
@@ -1958,8 +1941,9 @@ static cfg_clausedef_t view_clauses[] = {
 	  CFG_CLAUSEFLAG_NOTCONFIGURED },
 #endif /* ifdef USE_DNSRPS */
 	{ "dnssec-accept-expired", &cfg_type_boolean, 0 },
-	{ "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
-	{ "dnssec-lookaside", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
+	{ "dnssec-enable", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "dnssec-lookaside", NULL,
+	  CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
 	{ "dnssec-must-be-secure", &cfg_type_mustbesecure,
 	  CFG_CLAUSEFLAG_MULTI },
 	{ "dnssec-validation", &cfg_type_boolorauto, 0 },
@@ -1973,7 +1957,7 @@ static cfg_clausedef_t view_clauses[] = {
 	{ "empty-contact", &cfg_type_astring, 0 },
 	{ "empty-server", &cfg_type_astring, 0 },
 	{ "empty-zones-enable", &cfg_type_boolean, 0 },
-	{ "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+	{ "fetch-glue", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "fetch-quota-params", &cfg_type_fetchquota, 0 },
 	{ "fetches-per-server", &cfg_type_fetchesper, 0 },
 	{ "fetches-per-zone", &cfg_type_fetchesper, 0 },
@@ -1991,7 +1975,7 @@ static cfg_clausedef_t view_clauses[] = {
 #else  /* ifdef HAVE_LMDB */
 	{ "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOTCONFIGURED },
 #endif /* ifdef HAVE_LMDB */
-	{ "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
 	{ "max-cache-ttl", &cfg_type_duration, 0 },
 	{ "max-clients-per-query", &cfg_type_uint32, 0 },
@@ -2003,13 +1987,13 @@ static cfg_clausedef_t view_clauses[] = {
 	{ "message-compression", &cfg_type_boolean, 0 },
 	{ "min-cache-ttl", &cfg_type_duration, 0 },
 	{ "min-ncache-ttl", &cfg_type_duration, 0 },
-	{ "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
+	{ "min-roots", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "minimal-any", &cfg_type_boolean, 0 },
 	{ "minimal-responses", &cfg_type_minimal, 0 },
 	{ "new-zones-directory", &cfg_type_qstring, 0 },
 	{ "no-case-compress", &cfg_type_bracketed_aml, 0 },
 	{ "nocookie-udp-size", &cfg_type_uint32, 0 },
-	{ "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "nosit-udp-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "nta-lifetime", &cfg_type_duration, 0 },
 	{ "nta-recheck", &cfg_type_duration, 0 },
 	{ "nxdomain-redirect", &cfg_type_astring, 0 },
@@ -2023,20 +2007,19 @@ static cfg_clausedef_t view_clauses[] = {
 	 */
 	{ "query-source", &cfg_type_querysource4, 0 },
 	{ "query-source-v6", &cfg_type_querysource6, 0 },
-	{ "queryport-pool-ports", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
-	{ "queryport-pool-updateinterval", &cfg_type_uint32,
-	  CFG_CLAUSEFLAG_OBSOLETE },
+	{ "queryport-pool-ports", NULL, CFG_CLAUSEFLAG_ANCIENT },
+	{ "queryport-pool-updateinterval", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "rate-limit", &cfg_type_rrl, 0 },
 	{ "recursion", &cfg_type_boolean, 0 },
 	{ "request-nsid", &cfg_type_boolean, 0 },
-	{ "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "require-server-cookie", &cfg_type_boolean, 0 },
 	{ "resolver-nonbackoff-tries", &cfg_type_uint32, 0 },
 	{ "resolver-query-timeout", &cfg_type_uint32, 0 },
 	{ "resolver-retry-interval", &cfg_type_uint32, 0 },
 	{ "response-padding", &cfg_type_resppadding, 0 },
 	{ "response-policy", &cfg_type_rpz, 0 },
-	{ "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+	{ "rfc2308-type1", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "root-delegation-only", &cfg_type_optional_exclude, 0 },
 	{ "root-key-sentinel", &cfg_type_boolean, 0 },
 	{ "rrset-order", &cfg_type_rrsetorder, 0 },
@@ -2050,11 +2033,11 @@ static cfg_clausedef_t view_clauses[] = {
 	{ "suppress-initial-notify", &cfg_type_boolean,
 	  CFG_CLAUSEFLAG_OBSOLETE },
 	{ "synth-from-dnssec", &cfg_type_boolean, 0 },
-	{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT },
+	{ "topology", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "transfer-format", &cfg_type_transferformat, 0 },
 	{ "trust-anchor-telemetry", &cfg_type_boolean,
 	  CFG_CLAUSEFLAG_EXPERIMENTAL },
-	{ "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "use-queryport-pool", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "validate-except", &cfg_type_namelist, 0 },
 	{ "v6-bias", &cfg_type_uint32, 0 },
 	{ "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 },
@@ -2165,14 +2148,14 @@ static cfg_clausedef_t zone_clauses[] = {
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
 	{ "key-directory", &cfg_type_qstring,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE },
-	{ "maintain-ixfr-base", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+	{ "maintain-ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "masterfile-format", &cfg_type_masterformat,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
 		  CFG_ZONE_REDIRECT },
 	{ "masterfile-style", &cfg_type_masterstyle,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
 		  CFG_ZONE_REDIRECT },
-	{ "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
+	{ "max-ixfr-log-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "max-ixfr-ratio", &cfg_type_ixfrratio,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
 	{ "max-journal-size", &cfg_type_size,
@@ -2272,10 +2255,10 @@ static cfg_clausedef_t zone_only_clauses[] = {
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
 		  CFG_ZONE_HINT | CFG_ZONE_REDIRECT },
 	{ "in-view", &cfg_type_astring, CFG_ZONE_INVIEW },
-	{ "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
+	{ "ixfr-base", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "ixfr-from-differences", &cfg_type_boolean,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
-	{ "ixfr-tmp-file", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
+	{ "ixfr-tmp-file", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "journal", &cfg_type_qstring,
 	  CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR },
 	{ "masters", &cfg_type_namesockaddrkeylist,
@@ -2284,7 +2267,7 @@ static cfg_clausedef_t zone_only_clauses[] = {
 	{ "primaries", &cfg_type_namesockaddrkeylist,
 	  CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
 		  CFG_ZONE_REDIRECT },
-	{ "pubkey", &cfg_type_pubkey, CFG_CLAUSEFLAG_ANCIENT },
+	{ "pubkey", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "server-addresses", &cfg_type_bracketed_netaddrlist,
 	  CFG_ZONE_STATICSTUB },
 	{ "server-names", &cfg_type_namelist, CFG_ZONE_STATICSTUB },
@@ -2420,9 +2403,9 @@ static cfg_clausedef_t server_clauses[] = {
 	{ "request-expire", &cfg_type_boolean, 0 },
 	{ "request-ixfr", &cfg_type_boolean, 0 },
 	{ "request-nsid", &cfg_type_boolean, 0 },
-	{ "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "request-sit", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "send-cookie", &cfg_type_boolean, 0 },
-	{ "support-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "support-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "tcp-keepalive", &cfg_type_boolean, 0 },
 	{ "tcp-only", &cfg_type_boolean, 0 },
 	{ "transfer-format", &cfg_type_transferformat, 0 },
@@ -3789,11 +3772,14 @@ cfg_print_zonegrammar(const unsigned int zonetype, unsigned int flags,
 	for (clause = clauses; clause->name != NULL; clause++) {
 		if (((pctx.flags & CFG_PRINTER_ACTIVEONLY) != 0) &&
 		    (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) ||
-		     ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) ||
 		     ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0)))
 		{
 			continue;
 		}
+		if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) {
+			continue;
+		}
+
 		if ((clause->flags & zonetype) == 0 ||
 		    strcasecmp(clause->name, "type") == 0) {
 			continue;

lib/isccfg/parser.c

@@ -2743,11 +2743,13 @@ cfg_doc_mapbody(cfg_printer_t *pctx, const cfg_type_t *type) {
 		for (clause = *clauseset; clause->name != NULL; clause++) {
 			if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) &&
 			    (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) ||
-			     ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) ||
 			     ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0)))
 			{
 				continue;
 			}
+			if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) {
+				continue;
+			}
 			cfg_print_cstr(pctx, clause->name);
 			cfg_print_cstr(pctx, " ");
 			cfg_doc_obj(pctx, clause->type);
@@ -2797,11 +2799,13 @@ cfg_doc_map(cfg_printer_t *pctx, const cfg_type_t *type) {
 		for (clause = *clauseset; clause->name != NULL; clause++) {
 			if (((pctx->flags & CFG_PRINTER_ACTIVEONLY) != 0) &&
 			    (((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) ||
-			     ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) ||
 			     ((clause->flags & CFG_CLAUSEFLAG_TESTONLY) != 0)))
 			{
 				continue;
 			}
+			if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) {
+				continue;
+			}
 			cfg_print_indent(pctx);
 			cfg_print_cstr(pctx, clause->name);
 			if (clause->type->print != cfg_print_void) {

lib/ns/query.c

@@ -6691,7 +6691,7 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) {
 			/*
 			 * Handle referral to ".", including when recursion
 			 * is off or not requested and the hints have not
-			 * been loaded or we have "additional-from-cache no".
+			 * been loaded.
 			 */
 			constname = dns_rootname;
 			resp_result = DNS_R_DELEGATION;