Unify parental-agents, primaries to remote-servers

Having zone statements that are also top blocks is confusing, and if
we want to add more in the future (which I suspect will be for
generalized notifications, multi-signer), we need to duplicate a lot
of code.

Remove top blocks 'parental-agents' and 'primaries' and just have one
top block 'remote-servers' that you can refer to with zone statements.

bin/named/config.c

@@ -331,7 +331,7 @@ dnssec-policy \"insecure\" {\n\
 
 			    "# END TRUST ANCHORS\n\
 \n\
-primaries " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
+remote-servers " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
 	2801:1b8:10::b;		# b.root-servers.net\n\
 	2001:500:2::c;		# c.root-servers.net\n\
 	2001:500:2f::f;		# f.root-servers.net\n\
@@ -503,9 +503,9 @@ named_config_getzonetype(const cfg_obj_t *zonetypeobj) {
 	return ztype;
 }
 
-static isc_result_t
+isc_result_t
-getremotesdef(const cfg_obj_t *cctx, const char *list, const char *name,
+named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
-	      const cfg_obj_t **ret) {
+			   const char *name, const cfg_obj_t **ret) {
 	isc_result_t result;
 	const cfg_obj_t *obj = NULL;
 	const cfg_listelt_t *elt;
@@ -532,23 +532,6 @@ getremotesdef(const cfg_obj_t *cctx, const char *list, const char *name,
 	return ISC_R_NOTFOUND;
 }
 
-isc_result_t
-named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
-			   const char *name, const cfg_obj_t **ret) {
-	isc_result_t result;
-
-	if (strcmp(list, "parental-agents") == 0) {
-		return getremotesdef(cctx, list, name, ret);
-	} else if (strcmp(list, "primaries") == 0) {
-		result = getremotesdef(cctx, list, name, ret);
-		if (result != ISC_R_SUCCESS) {
-			result = getremotesdef(cctx, "masters", name, ret);
-		}
-		return result;
-	}
-	return ISC_R_NOTFOUND;
-}
-
 static isc_result_t
 named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
 		     dns_name_t **namep) {
@@ -598,9 +581,8 @@ named_config_getname(isc_mem_t *mctx, const cfg_obj_t *obj,
 	}
 
 isc_result_t
-named_config_getipandkeylist(const cfg_obj_t *config, const char *listtype,
+named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
-			     const cfg_obj_t *list, isc_mem_t *mctx,
+			     isc_mem_t *mctx, dns_ipkeylist_t *ipkl) {
-			     dns_ipkeylist_t *ipkl) {
 	uint32_t addrcount = 0, srccount = 0;
 	uint32_t keycount = 0, tlscount = 0;
 	uint32_t listcount = 0, l = 0, i = 0;
@@ -683,8 +665,6 @@ newlist:
 		isc_sockaddr_any6(&src6);
 	}
 
-	result = ISC_R_NOMEMORY;
-
 	element = cfg_list_first(addrlist);
 resume:
 	for (; element != NULL; element = cfg_list_next(element)) {
@@ -715,11 +695,11 @@ resume:
 				continue;
 			}
 			list = NULL;
-			tresult = named_config_getremotesdef(config, listtype,
+			tresult = named_config_getremotesdef(
-							     listname, &list);
+				config, "remote-servers", listname, &list);
 			if (tresult == ISC_R_NOTFOUND) {
 				cfg_obj_log(addr, ISC_LOG_ERROR,
-					    "%s \"%s\" not found", listtype,
+					    "remote-servers \"%s\" not found",
 					    listname);
 
 				result = tresult;

bin/named/include/named/config.h

@@ -57,9 +57,8 @@ named_config_getremotesdef(const cfg_obj_t *cctx, const char *list,
 			   const char *name, const cfg_obj_t **ret);
 
 isc_result_t
-named_config_getipandkeylist(const cfg_obj_t *config, const char *listtype,
+named_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
-			     const cfg_obj_t *list, isc_mem_t *mctx,
+			     isc_mem_t *mctx, dns_ipkeylist_t *ipkl);
-			     dns_ipkeylist_t *ipkl);
 
 isc_result_t
 named_config_getport(const cfg_obj_t *config, const char *type,

bin/named/server.c

@@ -2779,8 +2779,8 @@ configure_catz_zone(dns_view_t *view, dns_view_t *pview,
 		obj = cfg_tuple_get(catz_obj, "default-primaries");
 	}
 	if (obj != NULL && cfg_obj_istuple(obj)) {
-		result = named_config_getipandkeylist(
+		result = named_config_getipandkeylist(config, obj, view->mctx,
-			config, "primaries", obj, view->mctx, &opts->masters);
+						      &opts->masters);
 	}
 
 	obj = cfg_tuple_get(catz_obj, "in-memory");

bin/named/zoneconf.c

@@ -1273,8 +1273,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 			dns_ipkeylist_t ipkl;
 			dns_ipkeylist_init(&ipkl);
 
-			CHECK(named_config_getipandkeylist(config, "primaries",
+			CHECK(named_config_getipandkeylist(config, obj, mctx,
-							   obj, mctx, &ipkl));
+							   &ipkl));
 			dns_zone_setalsonotify(zone, ipkl.addrs, ipkl.sources,
 					       ipkl.keys, ipkl.tlss,
 					       ipkl.count);
@@ -1679,9 +1679,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 		if (parentals != NULL) {
 			dns_ipkeylist_t ipkl;
 			dns_ipkeylist_init(&ipkl);
-			CHECK(named_config_getipandkeylist(
+			CHECK(named_config_getipandkeylist(config, parentals,
-				config, "parental-agents", parentals, mctx,
+							   mctx, &ipkl));
-				&ipkl));
 			dns_zone_setparentals(zone, ipkl.addrs, ipkl.sources,
 					      ipkl.keys, ipkl.tlss, ipkl.count);
 			dns_ipkeylist_clear(mctx, &ipkl);
@@ -1861,8 +1860,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 			dns_ipkeylist_t ipkl;
 			dns_ipkeylist_init(&ipkl);
 
-			CHECK(named_config_getipandkeylist(config, "primaries",
+			CHECK(named_config_getipandkeylist(config, obj, mctx,
-							   obj, mctx, &ipkl));
+							   &ipkl));
 			dns_zone_setprimaries(mayberaw, ipkl.addrs,
 					      ipkl.sources, ipkl.keys,
 					      ipkl.tlss, ipkl.count);

bin/tests/system/addzone/ns3/named1.conf.in

@@ -34,6 +34,6 @@ zone "." {
 	file "redirect.db";
 };
 
-primaries "test" {
+remote-servers "test" {
 	10.53.0.99;
 };

bin/tests/system/checkconf/bad-duplicate-primaries-2.conf

@@ -1,15 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-masters duplicate { 1.2.3.4; };
-primaries duplicate { 4.3.2.1; };

bin/tests/system/checkconf/bad-duplicate-remote-servers.conf

@@ -11,5 +11,5 @@
  * information regarding copyright ownership.
  */
 
-primaries duplicate { 1.2.3.4; };
+remote-servers duplicate { 1.2.3.4; };
-primaries duplicate { 4.3.2.1; };
+remote-servers duplicate { 4.3.2.1; };

bin/tests/system/checkconf/bad-parental-agents-def-view2.conf

@@ -12,7 +12,7 @@
  */
 
 view "test" {
-	parental-agents "net" {
+	remote-servers "net" {
 		192.168.1.2;
 	 };
 	zone "example.net" {

bin/tests/system/checkconf/bad-parental-agents-dupdef.conf

@@ -11,11 +11,11 @@
  * information regarding copyright ownership.
  */
 
-parental-agents "net" {
+remote-servers "net" {
 	192.168.1.1;
 };
 
-parental-agents "net" {
+remote-servers "net" {
 	192.168.1.2;
 };
 

bin/tests/system/checkconf/bad-parental-agents-empty.conf

@@ -11,7 +11,7 @@
  * information regarding copyright ownership.
  */
 
-parental-agents "net" { };
+remote-servers "net" { };
 
 zone "example.net" {
 	type primary;

bin/tests/system/checkconf/bad-parental-agents-notfound.conf

@@ -11,7 +11,7 @@
  * information regarding copyright ownership.
  */
 
-parental-agents "com" {
+remote-servers "com" {
 	192.168.1.2;
 };
 

bin/tests/system/checkconf/bad-primaries-notfound.conf

@@ -11,7 +11,7 @@
  * information regarding copyright ownership.
  */
 
-primaries "net" {
+remote-servers "net" {
 	 192.168.1.2;
 };
 

bin/tests/system/checkconf/good-multiple-remote-servers.conf

@@ -11,5 +11,5 @@
  * information regarding copyright ownership.
  */
 
-masters a { 1.2.3.4; };
+remote-servers a { 1.2.3.4; };
-primaries b { 1.2.3.4; };
+remote-servers b { 1.2.3.4; };

bin/tests/system/checkconf/good.conf.in

@@ -86,7 +86,7 @@ options {
 	transfer-source 0.0.0.0;
 	zone-statistics none;
 };
-parental-agents "parents" port 5353 source 10.10.10.10 source-v6 2001:db8::10 {
+remote-servers "parents" port 5353 source 10.10.10.10 source-v6 2001:db8::10 {
 	10.10.10.11;
 	2001:db8::11;
 };

bin/tests/system/checkconf/inline-bad.conf

@@ -12,8 +12,8 @@
  */
 
 acl "transferees" {};
-primaries "stealthPrimaries" {127.0.0.1;};
+remote-servers "stealthPrimaries" {127.0.0.1;};
-primaries "publicSecondaries" {127.0.0.1;};
+remote-servers "publicSecondaries" {127.0.0.1;};
 zone "example.net" {
 	type secondary;
 	key-directory "/var/lib/bind/example.net";

bin/tests/system/checkconf/inline-good.conf

@@ -12,8 +12,8 @@
  */
 
 acl "transferees" {};
-primaries "stealthPrimaries" {127.0.0.1;};
+remote-servers "stealthPrimaries" {127.0.0.1;};
-primaries "publicSecondaries" {127.0.0.1;};
+remote-servers "publicSecondaries" {127.0.0.1;};
 zone "example.net" {
 	type secondary;
 	file "/var/cache/bind/example.net.db";

bin/tests/system/checkconf/inline-no.conf

@@ -12,8 +12,8 @@
  */
 
 acl "transferees" {};
-primaries "stealthPrimaries" {127.0.0.1;};
+remote-servers "stealthPrimaries" {127.0.0.1;};
-primaries "publicSecondaries" {127.0.0.1;};
+remote-servers "publicSecondaries" {127.0.0.1;};
 zone "example.net" {
 	type secondary;
 	key-directory "/var/lib/bind/example.net";

bin/tests/system/checkds/ns9/named.conf.in

@@ -37,7 +37,7 @@ controls {
 	inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
-parental-agents "ns8" port @PORT@ {
+remote-servers "ns8" port @PORT@ {
 	10.53.0.8;
 };
 

bin/tests/system/notify/ns2/named.conf.in

@@ -51,10 +51,8 @@ zone "example" {
 	also-notify { /* empty */ };
 };
 
-# use both 'primaries' and 'masters' to test that they
+remote-servers noport { 10.53.0.4; };
-# can work correctly together.
+remote-servers x21 port @EXTRAPORT1@ { noport; };
-primaries noport { 10.53.0.4; };
-masters x21 port @EXTRAPORT1@ { noport; };
 
 zone x1 {
 	type primary;

bin/tests/system/nsupdate/ns1/named.conf.in

@@ -94,7 +94,7 @@ zone "other.nil" {
 	allow-transfer { any; };
 };
 
-primaries others {
+remote-servers others {
 	10.53.0.2 port @PORT@;
 	10.53.0.2 port @PORT@ key altkey;
 };

bin/tests/system/xfer/ns2/named.conf.in

@@ -61,7 +61,7 @@ zone "tsigzone" {
 	allow-transfer { tzkey; };
 };
 
-primaries "ns1" port @PORT@ source 10.53.0.2 {
+remote-servers "ns1" port @PORT@ source 10.53.0.2 {
 	10.53.0.1;
 };
 

doc/arm/reference.rst

@@ -365,7 +365,7 @@ file documentation:
         A list of a :term:`port` or a port range. A port range is specified in the form of ``range`` followed by two :term:`port` s, ``port_low`` and ``port_high``, which represents port numbers from ``port_low`` through ``port_high``, inclusive. ``port_low`` must not be larger than ``port_high``. For example, ``range 1024 65535`` represents ports from 1024 through 65535. The asterisk (``*``) character is not allowed as a valid :term:`port` or as a port range boundary.
 
     ``remote-servers``
-        A named list of one or more :term:`ip_address` es with optional :term:`tls_id`, :term:`server_key`, and/or :term:`port`. A ``remote-servers`` list may include other ``remote-servers`` lists. See :any:`primaries` block.
+        A named list of one or more :term:`ip_address` es with optional :term:`tls_id`, :term:`server_key`, and/or :term:`port`. A ``remote-servers`` list may include other ``remote-servers`` lists.
 
     ``server_key``
         A :term:`domain_name` representing the name of a shared key, to be used for
@@ -413,17 +413,11 @@ The following blocks are supported:
     :any:`logging`
         Specifies what information the server logs and where the log messages are sent.
 
-    ``masters``
-        Synonym for :any:`primaries`.
-
     :namedconf:ref:`options`
         Controls global server configuration options and sets defaults for other statements.
 
-    :any:`parental-agents`
+    :namedconf:ref:`remote-servers`
-        Defines a named list of servers for inclusion in primary and secondary zones' :any:`parental-agents` lists.
+        Defines a named list of servers for inclusion in various zone statements such as :any:`parental-agents`, :any:`primaries` or :any:`also-notify` lists.
-
-    :any:`primaries`
-        Defines a named list of servers for inclusion in stub and secondary zones' :any:`primaries` or :any:`also-notify` lists. (Note: this is a synonym for the original keyword ``masters``, which can still be used, but is no longer the preferred terminology.)
 
     :namedconf:ref:`server`
         Sets certain configuration options on a per-server basis.
@@ -1048,34 +1042,20 @@ At ``debug`` level 4 or higher, the detailed context information logged at
 ``debug`` level 2 is logged for errors other than SERVFAIL and for negative
 responses such as NXDOMAIN.
 
-:any:`parental-agents` Block Grammar
+``remote-servers`` Block Grammar
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.. namedconf:statement:: parental-agents
+.. namedconf:statement:: remote-servers
-   :tags: zone
+   :tags: server
-   :short: Defines a list of delegation agents to be used by primary and secondary zones.
+   :short: Defines a list of servers to be used by primary and secondary zones.
 
-:any:`parental-agents` Block Definition and Usage
+This specifies a list that allows for a common set of servers to be easily used
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+by multiple zones. The following options may reference to a list of
+remote servers: :any:`parental-agents`, :any:`primaries`, and :any:`also-notify`.
 
-:any:`parental-agents` lists allow for a common set of parental agents to be
+A "parental agent" is a trusted DNS server that is queried to check whether DS
-easily used by multiple primary and secondary zones. A "parental agent" is a
+records for a given zones are up-to-date.
-trusted DNS server that is queried to check whether DS records for a given zones
-are up-to-date.
 
-:any:`primaries` Block Grammar
+A "primary server" is where a secondary server can request zone transfers from.
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.. namedconf:statement:: primaries
-   :tags: zone
-   :short: Defines one or more primary servers for a zone.
-
-:any:`primaries` Block Definition and Usage
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-:any:`primaries` lists allow for a common set of primary servers to be easily
-used by multiple stub and secondary zones in their :any:`primaries` or
-:any:`also-notify` lists. (Note: :any:`primaries` is a synonym for the original
-keyword ``masters``, which can still be used, but is no longer the
-preferred terminology.)
 
 To force the zone transfer requests to be sent over TLS, use :any:`tls` keyword,
 e.g. ``primaries { 192.0.2.1 tls tls-configuration-name; };``,
@@ -3388,6 +3368,19 @@ options apply to zone transfers.
    per second. The lowest possible rate is one per second; when set to
    zero, it is silently raised to one.
 
+.. namedconf:statement:: primaries
+   :tags: transfer, zone
+   :short: Defines one or more servers that zone transfer can be requested from.
+
+   This specifies a list of one or more IP addresses of primary servers that
+   the secondary contacts to update its copy of the zone. Primaries list
+   elements can also be names of :any:`remote-servers` blocks.
+
+   By default, transfers are made from port 53 on the servers; this can be
+   changed for all servers by specifying a port number before the list of IP
+   addresses, or on a per-server basis after the IP address. Authentication to
+   the primary can also be done with per-server TSIG keys.
+
 .. namedconf:statement:: startup-notify-rate
    :tags: transfer, zone
    :short: Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
@@ -6476,6 +6469,18 @@ old DNSSEC key.
       trust relationship with the parental agent. For example, use TSIG to
       authenticate the parental agent, or point to a validating resolver.
 
+.. namedconf:statement:: parental-agents
+   :tags: dnssec
+
+   This specifies a list of one or more IP addresses of parental agents that
+   are used to query the zone's DS records during a KSK rollover. The list of
+   parental agents can also contain the names of :any:`remote-servers` blocks.
+
+   By default, DS queries are sent from port 53 on the servers; this can be
+   changed for all servers by specifying a port number before the list of IP
+   addresses, or on a per-server basis after the IP address. Authentication to
+   the primary can also be done with per-server TSIG keys.
+
 The following options apply to DS queries sent to :any:`parental-agents`:
 
 .. namedconf:statement:: checkds
@@ -6663,32 +6668,21 @@ Zone Types
    :short: Contains a duplicate of the data for a zone that has been transferred from a primary server.
 
    A secondary zone is a replica of a primary zone. Type ``slave`` is a
-    synonym for :any:`secondary <type secondary>`. The :any:`primaries` list specifies one or more IP
+   synonym for :any:`secondary <type secondary>`. The :any:`primaries` list
-    addresses of primary servers that the secondary contacts to update
+   specifies one or more IP addresses of primary servers that the secondary
-    its copy of the zone. Primaries list elements can
+   contacts to update its copy of the zone.
-    also be names of other primaries lists. By default,
+
-    transfers are made from port 53 on the servers;
+   If a file is
-    this can be changed for all servers by specifying
+   specified, then the replica is written to this file whenever the zone
-    a port number before the list of IP addresses,
+   is changed, and reloaded from this file on a server restart. Use of a file
-    or on a per-server basis after the IP address.
+   is recommended, since it often speeds server startup and eliminates a
-    Authentication to the primary can also be done with
+   needless waste of bandwidth. Note that for large numbers (in the tens or
-    per-server TSIG keys.  If a file is specified, then the
+   hundreds of thousands) of zones per server, it is best to use a two-level
-    replica is written to this file
+   naming scheme for zone filenames. For example, a secondary server for the
-    whenever the zone
+   zone ``example.com`` might place the zone contents into a file called
-    is changed, and reloaded from this file on a server
+   ``ex/example.com``, where ``ex/`` is just the first two letters of the zone
-    restart. Use of a file is recommended, since it
+   name. (Most operating systems behave very slowly if there are 100,000 files
-    often speeds server startup and eliminates a
+   in a single directory.)
-    needless waste of bandwidth. Note that for large
-    numbers (in the tens or hundreds of thousands) of
-    zones per server, it is best to use a two-level
-    naming scheme for zone filenames. For example,
-    a secondary server for the zone
-    ``example.com`` might place
-    the zone contents into a file called
-    ``ex/example.com``, where
-    ``ex/`` is just the first two
-    letters of the zone name. (Most operating systems
-    behave very slowly if there are 100,000 files in a single directory.)
 
 .. namedconf:statement:: type mirror
    :tags: zone
@@ -7056,6 +7050,15 @@ Zone Options
 :any:`notify-to-soa`
    See the description of :any:`notify-to-soa` in :ref:`boolean_options`.
 
+:any:`parental-agents`
+   This option is only meaningful if the zone is DNSSEC signed. When performing
+   a key rollover, BIND will query the parental agents to see if the new DS is
+   actually published before withdrawing the old DNSSEC key.
+
+:any:`primaries`
+   For secondary zones, these are the name servers to request zone transfers
+   from.
+
 :any:`zone-statistics`
    See the description of :any:`zone-statistics` in :namedconf:ref:`options`.
 

doc/dnssec-guide/signing.rst

@@ -898,7 +898,7 @@ presence. Let's look at the following configuration excerpt:
 
 ::
 
-   parental-agents "net" {
+   remote-servers "net" {
        10.53.0.11; 10.53.0.12;
    };
 

doc/misc/options

@@ -319,11 +319,9 @@ options {
 	zone-statistics ( full | terse | none | <boolean> );
 };
 
-parental-agents <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
-
 plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
 
-primaries <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+remote-servers <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
 
 server <netprefix> {
 	bogus <boolean>;

lib/isccfg/check.c

@@ -2098,10 +2098,10 @@ check_remoteserverlist(const cfg_obj_t *cctx, const char *list,
 }
 
 /*
- * Check primaries lists for duplicates.
+ * Check remote-server lists for duplicates.
  */
 static isc_result_t
-check_primarylists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
+check_remoteserverlists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
 	isc_result_t result, tresult;
 	isc_symtab_t *symtab = NULL;
 
@@ -2109,31 +2109,7 @@ check_primarylists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
 	if (result != ISC_R_SUCCESS) {
 		return result;
 	}
-	tresult = check_remoteserverlist(cctx, "primaries", symtab, mctx);
+	tresult = check_remoteserverlist(cctx, "remote-servers", symtab, mctx);
-	if (tresult != ISC_R_SUCCESS) {
-		result = tresult;
-	}
-	tresult = check_remoteserverlist(cctx, "masters", symtab, mctx);
-	if (tresult != ISC_R_SUCCESS) {
-		result = tresult;
-	}
-	isc_symtab_destroy(&symtab);
-	return result;
-}
-
-/*
- * Check parental-agents lists for duplicates.
- */
-static isc_result_t
-check_parentalagentlists(const cfg_obj_t *cctx, isc_mem_t *mctx) {
-	isc_result_t result, tresult;
-	isc_symtab_t *symtab = NULL;
-
-	result = isc_symtab_create(mctx, 100, freekey, mctx, false, &symtab);
-	if (result != ISC_R_SUCCESS) {
-		return result;
-	}
-	tresult = check_remoteserverlist(cctx, "parental-agents", symtab, mctx);
 	if (tresult != ISC_R_SUCCESS) {
 		result = tresult;
 	}
@@ -2405,7 +2381,7 @@ check_tls_definitions(const cfg_obj_t *config, isc_mem_t *mctx) {
 }
 
 static isc_result_t
-get_remotes(const cfg_obj_t *cctx, const char *list, const char *name,
+get_remoteservers_def(const char *list, const char *name, const cfg_obj_t *cctx,
 		      const cfg_obj_t **ret) {
 	isc_result_t result;
 	const cfg_obj_t *obj = NULL;
@@ -2435,24 +2411,8 @@ get_remotes(const cfg_obj_t *cctx, const char *list, const char *name,
 }
 
 static isc_result_t
-get_remoteservers_def(const char *list, const char *name, const cfg_obj_t *cctx,
+validate_remotes(const cfg_obj_t *obj, const cfg_obj_t *config,
-		      const cfg_obj_t **ret) {
+		 uint32_t *countp, isc_mem_t *mctx) {
-	isc_result_t result = ISC_R_NOTFOUND;
-
-	if (strcmp(list, "primaries") == 0) {
-		result = get_remotes(cctx, "primaries", name, ret);
-		if (result != ISC_R_SUCCESS) {
-			result = get_remotes(cctx, "masters", name, ret);
-		}
-	} else if (strcmp(list, "parental-agents") == 0) {
-		result = get_remotes(cctx, "parental-agents", name, ret);
-	}
-	return result;
-}
-
-static isc_result_t
-validate_remotes(const char *list, const cfg_obj_t *obj,
-		 const cfg_obj_t *config, uint32_t *countp, isc_mem_t *mctx) {
 	isc_result_t result = ISC_R_SUCCESS;
 	isc_result_t tresult;
 	uint32_t count = 0;
@@ -2555,13 +2515,14 @@ resume:
 		if (tresult == ISC_R_EXISTS) {
 			continue;
 		}
-		tresult = get_remoteservers_def(list, listname, config, &obj);
+		tresult = get_remoteservers_def("remote-servers", listname,
+						config, &obj);
 		if (tresult != ISC_R_SUCCESS) {
 			if (result == ISC_R_SUCCESS) {
 				result = tresult;
 			}
 			cfg_obj_log(addr, ISC_LOG_ERROR,
-				    "unable to find %s list '%s'", list,
+				    "unable to find remote-servers list '%s'",
 				    listname);
 			continue;
 		}
@@ -3444,8 +3405,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		}
 		if (tresult == ISC_R_SUCCESS && donotify) {
 			uint32_t count;
-			tresult = validate_remotes("primaries", obj, config,
+			tresult = validate_remotes(obj, config, &count, mctx);
-						   &count, mctx);
 			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
 			{
 				result = tresult;
@@ -3487,8 +3447,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 			result = ISC_R_FAILURE;
 		} else {
 			uint32_t count;
-			tresult = validate_remotes("primaries", obj, config,
+			tresult = validate_remotes(obj, config, &count, mctx);
-						   &count, mctx);
 			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
 			{
 				result = tresult;
@@ -3512,8 +3471,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		(void)cfg_map_get(zoptions, "parental-agents", &obj);
 		if (obj != NULL) {
 			uint32_t count;
-			tresult = validate_remotes("parental-agents", obj,
+			tresult = validate_remotes(obj, config, &count, mctx);
-						   config, &count, mctx);
 			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
 			{
 				result = tresult;
@@ -5911,11 +5869,7 @@ isccfg_check_namedconf(const cfg_obj_t *config, unsigned int flags,
 		result = ISC_R_FAILURE;
 	}
 
-	if (check_primarylists(config, mctx) != ISC_R_SUCCESS) {
+	if (check_remoteserverlists(config, mctx) != ISC_R_SUCCESS) {
-		result = ISC_R_FAILURE;
-	}
-
-	if (check_parentalagentlists(config, mctx) != ISC_R_SUCCESS) {
 		result = ISC_R_FAILURE;
 	}
 

lib/isccfg/namedconf.c

@@ -1143,8 +1143,7 @@ static cfg_clausedef_t namedconf_clauses[] = {
 	{ "masters", &cfg_type_remoteservers,
 	  CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_NODOC },
 	{ "options", &cfg_type_options, 0 },
-	{ "parental-agents", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
+	{ "remote-servers", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
-	{ "primaries", &cfg_type_remoteservers, CFG_CLAUSEFLAG_MULTI },
 #if defined(HAVE_LIBXML2) || defined(HAVE_JSON_C)
 	{ "statistics-channels", &cfg_type_statschannels,
 	  CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OPTIONAL },