dig: remove "+unexpected" option

The network manager does not support returning UDP datagrams to
clients from unexpected sources; it is therefore not possible for
dig to accept them.  The "+[no]unexpected" option has therefore
been removed from the dig command and its documentation.

bin/dig/dig.c

@@ -296,9 +296,6 @@ help(void) {
 	       "in records)\n"
 	       "                 +[no]ttlunits       (Display TTLs in "
 	       "human-readable units)\n"
-	       "                 +[no]unexpected     (Print replies from "
-	       "unexpected sources\n"
-	       "                                      default=off)\n"
 	       "                 +[no]unknownformat  (Print RDATA in RFC 3597 "
 	       "\"unknown\" "
 	       "format)\n"
@@ -1807,7 +1804,8 @@ plus_option(char *option, bool is_batchfile, dig_lookup_t *lookup) {
 			switch (cmd[2]) {
 			case 'e':
 				FULLCHECK("unexpected");
-				lookup->accept_reply_unexpected_src = state;
+				fprintf(stderr, ";; +unexpected option "
+						"is deprecated");
 				break;
 			case 'k':
 				FULLCHECK("unknownformat");

bin/dig/dig.rst

@@ -549,11 +549,6 @@ abbreviation is unambiguous; for example, ``+cd`` is equivalent to
    units of ``s``, ``m``, ``h``, ``d``, and ``w``, representing seconds, minutes,
    hours, days, and weeks. This implies ``+ttlid``.
 
-``+[no]unexpected``
-   This option accepts [or does not accept] answers from unexpected sources.  By default, ``dig``
-   will not accept a reply from a source other than the one to which it sent the
-   query.
-
 ``+[no]unknownformat``
    This option prints all RDATA in unknown RR type presentation format (:rfc:`3597`).
    The default is to print RDATA for known types in the type's

bin/dig/dighost.c

@@ -650,7 +650,6 @@ make_empty_lookup(void) {
 	looknew->ttlunits = false;
 	looknew->expandaaaa = false;
 	looknew->qr = false;
-	looknew->accept_reply_unexpected_src = false;
 #ifdef HAVE_LIBIDN2
 	looknew->idnin = isatty(1) ? (getenv("IDN_DISABLE") == NULL) : false;
 	looknew->idnout = looknew->idnin;
@@ -799,8 +798,6 @@ clone_lookup(dig_lookup_t *lookold, bool servers) {
 	looknew->ttlunits = lookold->ttlunits;
 	looknew->expandaaaa = lookold->expandaaaa;
 	looknew->qr = lookold->qr;
-	looknew->accept_reply_unexpected_src =
-		lookold->accept_reply_unexpected_src;
 	looknew->idnin = lookold->idnin;
 	looknew->idnout = lookold->idnout;
 	looknew->udpsize = lookold->udpsize;
@@ -3627,43 +3624,6 @@ recv_done(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,
 	isc_buffer_add(&b, region->length);
 
 	peer = isc_nmhandle_peeraddr(handle);
-	if (!l->tcp_mode &&
-	    !isc_sockaddr_compare(&peer, &query->sockaddr,
-				  ISC_SOCKADDR_CMPADDR | ISC_SOCKADDR_CMPPORT |
-					  ISC_SOCKADDR_CMPSCOPE |
-					  ISC_SOCKADDR_CMPSCOPEZERO))
-	{
-		char buf1[ISC_SOCKADDR_FORMATSIZE];
-		char buf2[ISC_SOCKADDR_FORMATSIZE];
-		isc_sockaddr_t any;
-
-		if (isc_sockaddr_pf(&query->sockaddr) == AF_INET) {
-			isc_sockaddr_any(&any);
-		} else {
-			isc_sockaddr_any6(&any);
-		}
-
-		/*
-		 * We don't expect a match when the packet is
-		 * sent to 0.0.0.0, :: or to a multicast addresses.
-		 * XXXMPA broadcast needs to be handled here as well.
-		 */
-		if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
-		     !isc_sockaddr_ismulticast(&query->sockaddr)) ||
-		    isc_sockaddr_getport(&query->sockaddr) !=
-			    isc_sockaddr_getport(&peer))
-		{
-			isc_sockaddr_format(&peer, buf1, sizeof(buf1));
-			isc_sockaddr_format(&query->sockaddr, buf2,
-					    sizeof(buf2));
-			dighost_warning("reply from unexpected source: %s,"
-					" expected %s\n",
-					buf1, buf2);
-			if (!l->accept_reply_unexpected_src) {
-				match = false;
-			}
-		}
-	}
 
 	result = dns_message_peekheader(&b, &id, &msgflags);
 	if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {

bin/dig/dighost.h

@@ -114,12 +114,9 @@ struct dig_lookup {
 		tcp_keepalive, header_only, ednsneg, mapped,
 		print_unknown_format, multiline, nottl, noclass, onesoa,
 		use_usec, nocrypto, ttlunits, idnin, idnout, expandaaaa, qr,
-		accept_reply_unexpected_src, /*%  print replies from
-					      * unexpected
-					      *   sources. */
-		setqid;			     /*% use a speciied query ID */
-	char textname[MXNAME];		     /*% Name we're going to be
-					      * looking up */
+		setqid;	       /*% use a specified query ID */
+	char textname[MXNAME]; /*% Name we're going to be
+				* looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
 	dns_rdatatype_t qrdtype;

bin/tests/system/digdelv/tests.sh

@@ -919,33 +919,6 @@ if [ -x "$DIG" ] ; then
     status=$((status+ret))
   fi
 
-  n=$((n+1))
-  echo_i "check that dig +unexpected works ($n)"
-  ret=0
-  dig_with_opts @10.53.0.6 +tries=1 +time=2 +unexpected a a.example > dig.out.test$n || ret=1
-  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
-  grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
-  if [ $ret -ne 0 ]; then echo_i "failed"; fi
-  status=$((status+ret))
-
-  n=$((n+1))
-  echo_i "check that dig +nounexpected works ($n)"
-  ret=0
-  dig_with_opts @10.53.0.6 +nounexpected +tries=1 +time=2 a a.example > dig.out.test$n && ret=1
-  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
-  grep "status: NOERROR" < dig.out.test$n > /dev/null && ret=1
-  if [ $ret -ne 0 ]; then echo_i "failed"; fi
-  status=$((status+ret))
-
-  n=$((n+1))
-  echo_i "check that dig default for +[no]unexpected (+nounexpected) works ($n)"
-  ret=0
-  dig_with_opts @10.53.0.6 +tries=1 +time=2 a a.example > dig.out.test$n && ret=1
-  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
-  grep "status: NOERROR" < dig.out.test$n > /dev/null && ret=1
-  if [ $ret -ne 0 ]; then echo_i "failed"; fi
-  status=$((status+ret))
-
   n=$((n+1))
   echo_i "check that dig +bufsize=0 just sets the buffer size to 0 ($n)"
   ret=0