From df435fc7da1467fa0c88c602c4a9c35d3cb8a465 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Tue, 8 Dec 2020 12:01:58 +0100 Subject: [PATCH] Remove the option 'dnssec-lookaside' Obsoleted in 9.15, we can remove the option in 9.17. --- bin/tests/system/checkconf/tests.sh | 24 ----------- bin/tests/system/checkconf/warn-dlv-auto.conf | 14 ------ .../checkconf/warn-dlv-dlv.example.com.conf | 14 ------ .../checkconf/warn-dlv-dlv.isc.org.conf | 14 ------ lib/isccfg/namedconf.c | 43 +------------------ 5 files changed, 1 insertion(+), 108 deletions(-) delete mode 100644 bin/tests/system/checkconf/warn-dlv-auto.conf delete mode 100644 bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf delete mode 100644 bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index fea98a6ee2..2f613d8877 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -403,30 +403,6 @@ diff good.zonelist checkconf.out$n > diff.out$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - -n=`expr $n + 1` -echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates a warning ($n)" -ret=0 -$CHECKCONF warn-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1 -grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` - n=`expr $n + 1` echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" ret=0 diff --git a/bin/tests/system/checkconf/warn-dlv-auto.conf b/bin/tests/system/checkconf/warn-dlv-auto.conf deleted file mode 100644 index 3ba734204f..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-auto.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside auto; -}; diff --git a/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf b/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf deleted file mode 100644 index fd242bceb7..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside . trust-anchor dlv.example.com; -}; diff --git a/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf b/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf deleted file mode 100644 index 49b11bc56c..0000000000 --- a/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - dnssec-lookaside . trust-anchor dlv.isc.org; -}; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 6f591e79b4..e37cc25ed3 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1857,46 +1857,6 @@ static cfg_clausedef_t *rrl_clausesets[] = { rrl_clauses, NULL }; static cfg_type_t cfg_type_rrl = { "rate-limit", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, rrl_clausesets }; -/*% - * dnssec-lookaside - */ - -static void -print_lookaside(cfg_printer_t *pctx, const cfg_obj_t *obj) { - const cfg_obj_t *domain = obj->value.tuple[0]; - - if (domain->value.string.length == 4 && - strncmp(domain->value.string.base, "auto", 4) == 0) - { - cfg_print_cstr(pctx, "auto"); - } else { - cfg_print_tuple(pctx, obj); - } -} - -static void -doc_lookaside(cfg_printer_t *pctx, const cfg_type_t *type) { - UNUSED(type); - cfg_print_cstr(pctx, "( trust-anchor | auto | no )"); -} - -static keyword_type_t trustanchor_kw = { "trust-anchor", &cfg_type_astring }; - -static cfg_type_t cfg_type_optional_trustanchor = { - "optional_trustanchor", parse_optional_keyvalue, print_keyvalue, - doc_keyvalue, &cfg_rep_string, &trustanchor_kw -}; - -static cfg_tuplefielddef_t lookaside_fields[] = { - { "domain", &cfg_type_astring, 0 }, - { "trust-anchor", &cfg_type_optional_trustanchor, 0 }, - { NULL, NULL, 0 } -}; - -static cfg_type_t cfg_type_lookaside = { "lookaside", cfg_parse_tuple, - print_lookaside, doc_lookaside, - &cfg_rep_tuple, lookaside_fields }; - static isc_result_t parse_optional_uint32(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { @@ -1999,8 +1959,7 @@ static cfg_clausedef_t view_clauses[] = { #endif /* ifdef USE_DNSRPS */ { "dnssec-accept-expired", &cfg_type_boolean, 0 }, { "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "dnssec-lookaside", &cfg_type_lookaside, - CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE }, + { "dnssec-lookaside", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT }, { "dnssec-must-be-secure", &cfg_type_mustbesecure, CFG_CLAUSEFLAG_MULTI }, { "dnssec-validation", &cfg_type_boolorauto, 0 },