mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Remove the option 'dnssec-lookaside'

Browse Source 
Obsoleted in 9.15, we can remove the option in 9.17.
This commit is contained in:
Matthijs Mekking
2020-12-08 12:01:58 +01:00
parent a889ed38ef
commit df435fc7da
5 changed files with 1 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
bin/tests/system/checkconf/tests.sh
View File

@@ -403,30 +403,6 @@ diff good.zonelist checkconf.out$n > diff.out$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret` status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)"
ret=0
$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
ret=0
$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates a warning ($n)"
ret=0
$CHECKCONF warn-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1` n=`expr $n + 1`
echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)"
ret=0 ret=0

14
bin/tests/system/checkconf/warn-dlv-auto.conf
View File

@@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
dnssec-lookaside auto;
};

14
bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf
View File

@@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
dnssec-lookaside . trust-anchor dlv.example.com;
};

14
bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf
View File

@@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
dnssec-lookaside . trust-anchor dlv.isc.org;
};

43
lib/isccfg/namedconf.c
View File

@@ -1857,46 +1857,6 @@ static cfg_clausedef_t *rrl_clausesets[] = { rrl_clauses, NULL };
static cfg_type_t cfg_type_rrl = { "rate-limit", cfg_parse_map, cfg_print_map, static cfg_type_t cfg_type_rrl = { "rate-limit", cfg_parse_map, cfg_print_map,
cfg_doc_map, &cfg_rep_map, rrl_clausesets }; cfg_doc_map, &cfg_rep_map, rrl_clausesets };
/*%
* dnssec-lookaside
*/
static void
print_lookaside(cfg_printer_t *pctx, const cfg_obj_t *obj) {
const cfg_obj_t *domain = obj->value.tuple[0];
if (domain->value.string.length == 4 &&
strncmp(domain->value.string.base, "auto", 4) == 0)
{
cfg_print_cstr(pctx, "auto");
} else {
cfg_print_tuple(pctx, obj);
}
}
static void
doc_lookaside(cfg_printer_t *pctx, const cfg_type_t *type) {
UNUSED(type);
cfg_print_cstr(pctx, "( <string> trust-anchor <string> | auto | no )");
}
static keyword_type_t trustanchor_kw = { "trust-anchor", &cfg_type_astring };
static cfg_type_t cfg_type_optional_trustanchor = {
"optional_trustanchor", parse_optional_keyvalue, print_keyvalue,
doc_keyvalue, &cfg_rep_string, &trustanchor_kw
};
static cfg_tuplefielddef_t lookaside_fields[] = {
{ "domain", &cfg_type_astring, 0 },
{ "trust-anchor", &cfg_type_optional_trustanchor, 0 },
{ NULL, NULL, 0 }
};
static cfg_type_t cfg_type_lookaside = { "lookaside", cfg_parse_tuple,
print_lookaside, doc_lookaside,
&cfg_rep_tuple, lookaside_fields };
static isc_result_t static isc_result_t
parse_optional_uint32(cfg_parser_t *pctx, const cfg_type_t *type, parse_optional_uint32(cfg_parser_t *pctx, const cfg_type_t *type,
cfg_obj_t **ret) { cfg_obj_t **ret) {
@@ -1999,8 +1959,7 @@ static cfg_clausedef_t view_clauses[] = {
#endif /* ifdef USE_DNSRPS */ #endif /* ifdef USE_DNSRPS */
{ "dnssec-accept-expired", &cfg_type_boolean, 0 }, { "dnssec-accept-expired", &cfg_type_boolean, 0 },
{ "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "dnssec-lookaside", &cfg_type_lookaside, { "dnssec-lookaside", NULL, CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_ANCIENT },
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE },
{ "dnssec-must-be-secure", &cfg_type_mustbesecure, { "dnssec-must-be-secure", &cfg_type_mustbesecure,
CFG_CLAUSEFLAG_MULTI }, CFG_CLAUSEFLAG_MULTI },
{ "dnssec-validation", &cfg_type_boolorauto, 0 }, { "dnssec-validation", &cfg_type_boolorauto, 0 },