upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-29 22:04:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ancient named.conf options are now a fatal configuration error

Browse source 
- options that were flagged as obsolete or not implemented in 9.0.0
  are now flagged as "ancient", and are a fatal error
- the ARM has been updated to remove these, along with other
  obsolete descriptions of BIND 8 behavior
- the log message for obsolete options explicitly recommends removal
This commit is contained in:
Evan Hunt 2019-01-20 23:50:17 -08:00 committed by Ondřej Surý
parent 5a623052a1
commit ff3dace139
13 changed files with 221 additions and 467 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

103
bin/named/named.conf.docbook
View file

@ -13,7 +13,7 @@
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
<date>2018-10-23</date>
<date>2018-12-07</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
@ -203,9 +203,9 @@ options {
bindkeys-file <replaceable>quoted_string</replaceable>;
blackhole { <replaceable>address_match_element</replaceable>; ... };
cache-file <replaceable>quoted_string</replaceable>;
catalog-zones { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
catalog-zones { zone <replaceable>string</replaceable> [ default-masters [ port <replaceable>integer</replaceable> ]
[ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port
<replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ]; ... };
check-dup-records ( fail | warn | ignore );
@ -259,12 +259,15 @@ options {
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dnstap-identity ( <replaceable>quoted_string</replaceable> | none | hostname );
dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable> [ size ( unlimited |
<replaceable>size</replaceable> ) ] [ versions ( unlimited | <replaceable>integer</replaceable> ) ] [ suffix (
increment | timestamp ) ];
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
... };
dnstap-identity ( <replaceable>quoted_string</replaceable> | none |
hostname );
dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable> [
size ( unlimited | <replaceable>size</replaceable> ) ] [ versions (
unlimited | <replaceable>integer</replaceable> ) ] [ suffix ( increment
| timestamp ) ];
dnstap-version ( <replaceable>quoted_string</replaceable> | none );
dscp <replaceable>integer</replaceable>;
dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
@ -280,9 +283,6 @@ options {
fetches-per-server <replaceable>integer</replaceable> [ ( drop | fail ) ];
fetches-per-zone <replaceable>integer</replaceable> [ ( drop | fail ) ];
files ( default | unlimited | <replaceable>sizeval</replaceable> );
filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
flush-zones-on-shutdown <replaceable>boolean</replaceable>;
forward ( first | only );
forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
@ -403,18 +403,17 @@ options {
resolver-retry-interval <replaceable>integer</replaceable>;
response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
policy ( cname | disabled | drop | given | no-op | nodata |
nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
nsdname-enable <replaceable>boolean</replaceable> ]; ... } [ break-dnssec <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ] [
nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ] [
dnsrps-enable <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
} ];
response-policy { zone <replaceable>string</replaceable> [ log <replaceable>boolean</replaceable> ] [ max-policy-ttl
<replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [ policy ( cname |
disabled | drop | given | no-op | nodata | nxdomain | passthru
| tcp-only <replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ] [
nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ]; ... } [
break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>ttlval</replaceable> ] [
min-update-interval <replaceable>ttlval</replaceable> ] [ min-ns-dots <replaceable>integer</replaceable> ] [
nsip-wait-recurse <replaceable>boolean</replaceable> ] [ qname-wait-recurse <replaceable>boolean</replaceable> ]
[ recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
nsdname-enable <replaceable>boolean</replaceable> ] [ dnsrps-enable <replaceable>boolean</replaceable> ] [
dnsrps-options { <replaceable>unspecified-text</replaceable> } ];
root-delegation-only [ exclude { <replaceable>string</replaceable>; ... } ];
root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
@ -474,6 +473,14 @@ options {
</literallayout>
</refsection>
<refsection><info><title>PLUGIN</title></info>
<literallayout class="normal">
plugin ( query ) <replaceable>string</replaceable> [ { <replaceable>unspecified-text</replaceable>
} ];
</literallayout>
</refsection>
<refsection><info><title>SERVER</title></info>
<literallayout class="normal">
@ -558,9 +565,9 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
auto-dnssec ( allow | maintain | off );
cache-file <replaceable>quoted_string</replaceable>;
catalog-zones { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
catalog-zones { zone <replaceable>string</replaceable> [ default-masters [ port <replaceable>integer</replaceable> ]
[ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port
<replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ]; ... };
check-dup-records ( fail | warn | ignore );
@ -613,8 +620,9 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
... };
dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv4_address</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
@ -628,9 +636,6 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
fetches-per-server <replaceable>integer</replaceable> [ ( drop | fail ) ];
fetches-per-zone <replaceable>integer</replaceable> [ ( drop | fail ) ];
filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
forward ( first | only );
forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
| <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
@ -671,6 +676,8 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
max-udp-size <replaceable>integer</replaceable>;
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
message-compression <replaceable>boolean</replaceable>;
min-cache-ttl <replaceable>ttlval</replaceable>;
min-ncache-ttl <replaceable>ttlval</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
@ -689,6 +696,8 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
nta-lifetime <replaceable>ttlval</replaceable>;
nta-recheck <replaceable>ttlval</replaceable>;
nxdomain-redirect <replaceable>string</replaceable>;
plugin ( query ) <replaceable>string</replaceable> [ {
<replaceable>unspecified-text</replaceable> } ];
preferred-glue <replaceable>string</replaceable>;
prefetch <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
provide-ixfr <replaceable>boolean</replaceable>;
@ -726,18 +735,17 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
resolver-retry-interval <replaceable>integer</replaceable>;
response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
policy ( cname | disabled | drop | given | no-op | nodata |
nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
nsdname-enable <replaceable>boolean</replaceable> ]; ... } [ break-dnssec <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ] [
nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ] [
dnsrps-enable <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
} ];
response-policy { zone <replaceable>string</replaceable> [ log <replaceable>boolean</replaceable> ] [ max-policy-ttl
<replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [ policy ( cname |
disabled | drop | given | no-op | nodata | nxdomain | passthru
| tcp-only <replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ] [
nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ]; ... } [
break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>ttlval</replaceable> ] [
min-update-interval <replaceable>ttlval</replaceable> ] [ min-ns-dots <replaceable>integer</replaceable> ] [
nsip-wait-recurse <replaceable>boolean</replaceable> ] [ qname-wait-recurse <replaceable>boolean</replaceable> ]
[ recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
nsdname-enable <replaceable>boolean</replaceable> ] [ dnsrps-enable <replaceable>boolean</replaceable> ] [
dnsrps-options { <replaceable>unspecified-text</replaceable> } ];
root-delegation-only [ exclude { <replaceable>string</replaceable>; ... } ];
root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
@ -873,9 +881,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable>
| * ) ] [ dscp <replaceable>integer</replaceable> ];
notify-to-soa <replaceable>boolean</replaceable>;
pubkey <replaceable>integer</replaceable>
<replaceable>integer</replaceable>
<replaceable>integer</replaceable>
pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable>
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );
@ -977,7 +983,6 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
[ dscp <replaceable>integer</replaceable> ];
notify-to-soa <replaceable>boolean</replaceable>;
pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable>
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );

17
bin/tests/system/checkconf/ancient.conf Normal file
View file

@ -0,0 +1,17 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* Ancient options are fatal.
*/
options {
fake-iquery yes;
};

8
bin/tests/system/checkconf/good.conf
View file

@ -26,16 +26,11 @@ options {
};
coresize 1073741824;
datasize 104857600;
deallocate-on-exit yes;
directory ".";
dscp 41;
dump-file "named_dumpdb";
fake-iquery yes;
files 1000;
has-old-clients no;
heartbeat-interval 30;
host-statistics yes;
host-statistics-max 100;
hostname none;
interface-interval 30;
keep-response-order {
@ -52,14 +47,11 @@ options {
};
match-mapped-addresses yes;
memstatistics-file "named.memstats";
multiple-cnames no;
named-xfer "this is no longer needed";
pid-file none;
port 5300;
querylog yes;
recursing-file "named.recursing";
recursive-clients 3000;
serial-queries 10;
serial-query-rate 100;
server-id none;
max-cache-size 20000000000000;

9
bin/tests/system/checkconf/tests.sh
View file

@ -77,6 +77,14 @@ do
status=`expr $status + $ret`
done
n=`expr $n + 1`
echo_i "checking that ancient options report a fatal error ($n)"
ret=0
$CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1
grep "no longer exists" ancient.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking that named-checkconf -z catches missing hint file ($n)"
ret=0
@ -340,6 +348,7 @@ echo_i "check that named-checkconf -l print out the zone list ($n)"
ret=0
$CHECKCONF -l good.conf |
grep -v "is not implemented" |
grep -v "no longer exists" |
grep -v "is obsolete" > checkconf.out$n || ret=1
diff good.zonelist checkconf.out$n > diff.out$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi

312
doc/arm/Bv9ARM-book.xml
View file

@ -1085,15 +1085,8 @@ zone "eng.example.com" {
(<command>rndc</command>) program allows the
system
administrator to control the operation of a name server.
Since <acronym>BIND</acronym> 9.2, <command>rndc</command>
supports all the commands of the BIND 8 <command>ndc</command>
utility except <command>ndc start</command> and
<command>ndc restart</command>, which were also
not supported in <command>ndc</command>'s
channel mode.
If you run <command>rndc</command> without any
options
it will display a usage message as follows:
options, it will display a usage message as follows:
</para>
<cmdsynopsis label="Usage" sepchar=" ">
<command>rndc</command>
@ -3601,12 +3594,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</programlisting>
<para>
In <acronym>BIND</acronym> 9, the logging configuration
is only established when
the entire configuration file has been parsed. In <acronym>BIND</acronym> 8, it was
established as soon as the <command>logging</command>
statement
was parsed. When the server is starting up, all logging messages
The logging configuration is only established when
the entire configuration file has been parsed.
When the server is starting up, all logging messages
regarding syntax errors in the configuration file go to the default
channels, or to standard error if the <option>-g</option> option
was specified.
@ -4664,20 +4654,6 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</listitem>
</varlistentry>
<varlistentry>
<term><command>named-xfer</command></term>
<listitem>
<para>
<emphasis>This option is obsolete.</emphasis> It
was used in <acronym>BIND</acronym> 8 to specify
the pathname to the <command>named-xfer</command>
program. In <acronym>BIND</acronym> 9, no separate
<command>named-xfer</command> program is needed;
its functionality is built into the name server.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>qname-minimization</command></term>
<listitem>
@ -5532,13 +5508,11 @@ options {
<term><command>auth-nxdomain</command></term>
<listitem>
<para>
If <userinput>yes</userinput>, then the <command>AA</command> bit
is always set on NXDOMAIN responses, even if the server is
not actually
authoritative. The default is <userinput>no</userinput>;
this is
a change from <acronym>BIND</acronym> 8. If you
are using very old DNS software, you
If <userinput>yes</userinput>, then the
<command>AA</command> bit is always set on NXDOMAIN
responses, even if the server is not actually
authoritative. The default is <userinput>no</userinput>.
If you are using very old DNS software, you
may need to set it to <userinput>yes</userinput>.
</para>
</listitem>
@ -5793,34 +5767,6 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>fake-iquery</command></term>
<listitem>
<para>
In <acronym>BIND</acronym> 8, this option
enabled simulating the obsolete DNS query type
IQUERY. <acronym>BIND</acronym> 9 never does
IQUERY simulation.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>fetch-glue</command></term>
<listitem>
<para>
<emphasis>This option is obsolete</emphasis>.
In BIND 8, <userinput>fetch-glue yes</userinput>
caused the server to attempt to fetch glue resource records
it
didn't have when constructing the additional
data section of a response. This is now considered a bad
idea
and BIND 9 never does it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>flush-zones-on-shutdown</command></term>
<listitem>
@ -5844,33 +5790,6 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>has-old-clients</command></term>
<listitem>
<para>
This option was incorrectly implemented
in <acronym>BIND</acronym> 8, and is ignored by <acronym>BIND</acronym> 9.
To achieve the intended effect
of
<command>has-old-clients</command> <userinput>yes</userinput>, specify
the two separate options <command>auth-nxdomain</command> <userinput>yes</userinput>
and <command>rfc2308-type1</command> <userinput>no</userinput> instead.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>host-statistics</command></term>
<listitem>
<para>
In BIND 8, this enabled keeping of
statistics for every host that the name server interacts
with.
Not implemented in BIND 9.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>root-key-sentinel</command></term>
<listitem>
@ -5882,21 +5801,6 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>maintain-ixfr-base</command></term>
<listitem>
<para>
<emphasis>This option is obsolete</emphasis>.
It was used in <acronym>BIND</acronym> 8 to
determine whether a transaction log was
kept for Incremental Zone Transfer. <acronym>BIND</acronym> 9 maintains a transaction
log whenever possible. If you need to disable outgoing
incremental zone
transfers, use <command>provide-ixfr</command> <userinput>no</userinput>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>message-compression</command></term> <listitem>
<para>
@ -5989,19 +5893,6 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>multiple-cnames</command></term>
<listitem>
<para>
This option was used in <acronym>BIND</acronym> 8 to allow
a domain name to have multiple CNAME records in violation of
the DNS standards. <acronym>BIND</acronym> 9.2 onwards
always strictly enforces the CNAME rules both in master
files and dynamic updates.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>notify</command></term>
<listitem>
@ -6286,24 +6177,6 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>rfc2308-type1</command></term>
<listitem>
<para>
Setting this to <userinput>yes</userinput> will
cause the server to send NS records along with the SOA
record for negative
answers. The default is <userinput>no</userinput>.
</para>
<note>
<simpara>
Not yet implemented in <acronym>BIND</acronym>
9.
</simpara>
</note>
</listitem>
</varlistentry>
<varlistentry>
<term><command>trust-anchor-telemetry</command></term>
<listitem>
@ -6334,17 +6207,6 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>use-id-pool</command></term>
<listitem>
<para>
<emphasis>This option is obsolete</emphasis>.
<acronym>BIND</acronym> 9 always allocates query
IDs from a pool.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>use-ixfr</command></term>
<listitem>
@ -6393,24 +6255,6 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>treat-cr-as-space</command></term>
<listitem>
<para>
This option was used in <acronym>BIND</acronym>
8 to make
the server treat carriage return ("<command>\r</command>") characters the same way
as a space or tab character,
to facilitate loading of zone files on a UNIX system that
were generated
on an NT or DOS machine. In <acronym>BIND</acronym> 9, both UNIX "<command>\n</command>"
and NT/DOS "<command>\r\n</command>" newlines
are always accepted,
and the option is ignored.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>match-mapped-addresses</command></term>
<listitem>
@ -6889,8 +6733,7 @@ options {
<listitem>
<para>
Try to refresh the zone using TCP if UDP queries fail.
For BIND 8 compatibility, the default is
<command>yes</command>.
The default is <command>yes</command>.
</para>
</listitem>
</varlistentry>
@ -7772,22 +7615,6 @@ avoid-v6-udp-ports {};
</listitem>
</varlistentry>
<varlistentry>
<term><command>serial-queries</command></term>
<listitem>
<para>
In BIND 8, the <command>serial-queries</command>
option
set the maximum number of concurrent serial number queries
allowed to be outstanding at any given time.
BIND 9 does not limit the number of outstanding
serial queries and ignores the <command>serial-queries</command> option.
Instead, it limits the rate at which the queries are sent
as defined using the <command>serial-query-rate</command> option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>transfer-format</command></term>
<listitem>
@ -7973,10 +7800,9 @@ avoid-v6-udp-ports {};
<listitem>
<para>
Use the alternate transfer sources or not. If views are
specified this defaults to <command>no</command>
specified this defaults to <command>no</command>,
otherwise it defaults to
<command>yes</command> (for BIND 8
compatibility).
<command>yes</command>.
</para>
</listitem>
</varlistentry>
@ -8159,18 +7985,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<variablelist>
<varlistentry>
<term><command>max-ixfr-log-size</command></term>
<listitem>
<para>
This option is obsolete; it is accepted
and ignored for BIND 8 compatibility. The option
<command>max-journal-size</command> performs a
similar function in BIND 9.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>max-journal-size</command></term>
<listitem>
@ -8207,17 +8021,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
<varlistentry>
<term><command>host-statistics-max</command></term>
<listitem>
<para>
In BIND 8, specifies the maximum number of host statistics
entries to be kept.
Not implemented in BIND 9.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>recursive-clients</command></term>
<listitem>
@ -8636,36 +8439,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
<varlistentry>
<term><command>statistics-interval</command></term>
<listitem>
<para>
Name server statistics will be logged
every <command>statistics-interval</command>
minutes. The default is
60. The maximum value is 28 days (40320 minutes).
If set to 0, no statistics will be logged.
</para><note>
<simpara>
Not yet implemented in
<acronym>BIND</acronym> 9.
</simpara>
</note>
</listitem>
</varlistentry>
<varlistentry>
<term><command>topology</command></term>
<listitem>
<para>
In BIND 8, this option indicated network topology
so that preferential treatment could be given to
the topologicaly closest name servers when sending
queries. It is not implemented in BIND 9.
</para>
</listitem>
</varlistentry>
</variablelist>
</section>
@ -9024,23 +8797,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
<varlistentry>
<term><command>min-roots</command></term>
<listitem>
<para>
The minimum number of root servers that
is required for a request for the root servers to be
accepted. The default
is <userinput>2</userinput>.
</para>
<note>
<simpara>
Not implemented in <acronym>BIND</acronym> 9.
</simpara>
</note>
</listitem>
</varlistentry>
<varlistentry>
<term><command>sig-validity-interval</command></term>
<listitem>
@ -12163,33 +11919,6 @@ view "external" {
</listitem>
</varlistentry>
<varlistentry>
<term><command>ixfr-base</command></term>
<listitem>
<para>
Was used in <acronym>BIND</acronym> 8 to
specify the name
of the transaction log (journal) file for dynamic update
and IXFR.
<acronym>BIND</acronym> 9 ignores the option
and constructs the name of the journal
file by appending "<filename>.jnl</filename>"
to the name of the
zone file.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>ixfr-tmp-file</command></term>
<listitem>
<para>
Was an undocumented option in <acronym>BIND</acronym> 8.
Ignored in <acronym>BIND</acronym> 9.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>journal</command></term>
<listitem>
@ -12292,20 +12021,6 @@ view "external" {
</listitem>
</varlistentry>
<varlistentry>
<term><command>pubkey</command></term>
<listitem>
<para>
In <acronym>BIND</acronym> 8, this option was
intended for specifying
a public zone key for verification of signatures in DNSSEC
signed
zones when they are loaded from disk. <acronym>BIND</acronym> 9 does not verify signatures
on load and ignores the option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>zone-statistics</command></term>
<listitem>
@ -15252,9 +14967,6 @@ HOST-127.EXAMPLE. MX 0 .
The <command>$GENERATE</command> directive is a <acronym>BIND</acronym> extension
and not part of the standard zone file format.
</para>
<para>
BIND 8 did not support the optional TTL and CLASS fields.
</para>
</section>
<section xml:id="zonefile_format"><info><title>Additional File Formats</title></info>

49
doc/arm/options.grammar.xml
View file

@ -41,9 +41,9 @@
<command>bindkeys-file</command> <replaceable>quoted_string</replaceable>;
<command>blackhole</command> { <replaceable>address_match_element</replaceable>; ... };
<command>cache-file</command> <replaceable>quoted_string</replaceable>;
<command>catalog-zones</command> { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
<command>port</command> <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<command>catalog-zones</command> { zone <replaceable>string</replaceable> [ default-masters [ port <replaceable>integer</replaceable> ]
[ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port
<replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
<command>in-memory</command> <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ]; ... };
<command>check-dup-records</command> ( fail | warn | ignore );
@ -97,12 +97,15 @@
<command>dnssec-secure-to-insecure</command> <replaceable>boolean</replaceable>;
<command>dnssec-update-mode</command> ( maintain | no-resign );
<command>dnssec-validation</command> ( yes | no | auto );
<command>dnstap</command> { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
<command>dnstap-identity</command> ( <replaceable>quoted_string</replaceable> | none | hostname );
<command>dnstap-output</command> ( file | unix ) <replaceable>quoted_string</replaceable> [ size ( unlimited |
<replaceable>size</replaceable> ) ] [ versions ( unlimited | <replaceable>integer</replaceable> ) ] [ suffix (
<command>increment</command> | timestamp ) ];
<command>dnstap</command> { ( all | auth | client | forwarder |
<command>resolver</command> | update ) [ ( query | response ) ];
... };
<command>dnstap-identity</command> ( <replaceable>quoted_string</replaceable> | none |
<command>hostname</command> );
<command>dnstap-output</command> ( file | unix ) <replaceable>quoted_string</replaceable> [
<command>size</command> ( unlimited | <replaceable>size</replaceable> ) ] [ versions (
<command>unlimited</command> | <replaceable>integer</replaceable> ) ] [ suffix ( increment
| timestamp ) ];
<command>dnstap-version</command> ( <replaceable>quoted_string</replaceable> | none );
<command>dscp</command> <replaceable>integer</replaceable>;
<command>dual-stack-servers</command> [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
@ -118,9 +121,6 @@
<command>fetches-per-server</command> <replaceable>integer</replaceable> [ ( drop | fail ) ];
<command>fetches-per-zone</command> <replaceable>integer</replaceable> [ ( drop | fail ) ];
<command>files</command> ( default | unlimited | <replaceable>sizeval</replaceable> );
<command>filter-aaaa</command> { <replaceable>address_match_element</replaceable>; ... };
<command>filter-aaaa-on-v4</command> ( break-dnssec | <replaceable>boolean</replaceable> );
<command>filter-aaaa-on-v6</command> ( break-dnssec | <replaceable>boolean</replaceable> );
<command>flush-zones-on-shutdown</command> <replaceable>boolean</replaceable>;
<command>forward</command> ( first | only );
<command>forwarders</command> [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
@ -176,6 +176,8 @@
<command>memstatistics</command> <replaceable>boolean</replaceable>;
<command>memstatistics-file</command> <replaceable>quoted_string</replaceable>;
<command>message-compression</command> <replaceable>boolean</replaceable>;
<command>min-cache-ttl</command> <replaceable>ttlval</replaceable>;
<command>min-ncache-ttl</command> <replaceable>ttlval</replaceable>;
<command>min-refresh-time</command> <replaceable>integer</replaceable>;
<command>min-retry-time</command> <replaceable>integer</replaceable>;
<command>minimal-any</command> <replaceable>boolean</replaceable>;
@ -239,18 +241,17 @@
<command>resolver-retry-interval</command> <replaceable>integer</replaceable>;
<command>response-padding</command> { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
<command>response-policy</command> { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
<command>max-policy-ttl</command> <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
<command>policy</command> ( cname | disabled | drop | given | no-op | nodata |
<command>nxdomain</command> | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
<command>recursive-only</command> <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
<command>nsdname-enable</command> <replaceable>boolean</replaceable> ]; ... } [ break-dnssec <replaceable>boolean</replaceable> ] [
<command>max-policy-ttl</command> <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
<command>min-ns-dots</command> <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
<command>qname-wait-recurse</command> <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ] [
<command>nsip-enable</command> <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ] [
<command>dnsrps-enable</command> <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
} ];
<command>response-policy</command> { zone <replaceable>string</replaceable> [ log <replaceable>boolean</replaceable> ] [ max-policy-ttl
<replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [ policy ( cname |
<command>disabled</command> | drop | given | no-op | nodata | nxdomain | passthru
| tcp-only <replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ] [
<command>nsip-enable</command> <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ]; ... } [
<command>break-dnssec</command> <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>ttlval</replaceable> ] [
<command>min-update-interval</command> <replaceable>ttlval</replaceable> ] [ min-ns-dots <replaceable>integer</replaceable> ] [
<command>nsip-wait-recurse</command> <replaceable>boolean</replaceable> ] [ qname-wait-recurse <replaceable>boolean</replaceable> ]
[ recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
<command>nsdname-enable</command> <replaceable>boolean</replaceable> ] [ dnsrps-enable <replaceable>boolean</replaceable> ] [
<command>dnsrps-options</command> { <replaceable>unspecified-text</replaceable> } ];
<command>root-delegation-only</command> [ exclude { <replaceable>string</replaceable>; ... } ];
<command>root-key-sentinel</command> <replaceable>boolean</replaceable>;
<command>rrset-order</command> { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name

4
doc/misc/docbook-grammars.pl
View file

@ -59,7 +59,9 @@ while (<FH>) {
$display = 1
}
if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) {
if (m{// not.*implemented} || m{// obsolete} ||
m{// ancient} || m{// test.*only})
{
next;
}

4
doc/misc/docbook-options.pl
View file

@ -120,7 +120,9 @@ while (<FH>) {
my $blank = 0;
while (<FH>) {
if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) {
if (m{// not.*implemented} || m{// obsolete} ||
m{// ancient} || m{// test.*only})
{
next;
}

4
doc/misc/docbook-zoneopt.pl
View file

@ -44,7 +44,9 @@ print <<END;
END
while (<FH>) {
if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) {
if (m{// not.*implemented} || m{// obsolete} ||
m{// ancient} || m{// test.*only})
{
next;
}

75
doc/misc/options
View file

@ -111,7 +111,7 @@ options {
cookie-secret <string>; // may occur multiple times
coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> );
deallocate-on-exit <boolean>; // obsolete
deallocate-on-exit <boolean>; // ancient
deny-answer-addresses { <address_match_element>; ... } [
except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
@ -166,8 +166,8 @@ options {
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fake-iquery <boolean>; // obsolete
fetch-glue <boolean>; // obsolete
fake-iquery <boolean>; // ancient
fetch-glue <boolean>; // ancient
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
@ -189,10 +189,10 @@ options {
geoip-directory ( <quoted_string> | none ); // not configured
geoip-use-ecs <boolean>; // obsolete
glue-cache <boolean>;
has-old-clients <boolean>; // obsolete
has-old-clients <boolean>; // ancient
heartbeat-interval <integer>;
host-statistics <boolean>; // not implemented
host-statistics-max <integer>; // not implemented
host-statistics <boolean>; // ancient
host-statistics-max <integer>; // ancient
hostname ( <quoted_string> | none );
inline-signing <boolean>;
interface-interval <ttlval>;
@ -207,9 +207,9 @@ options {
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>; // non-operational
lmdb-mapsize <sizeval>;
lock-file ( <quoted_string> | none );
maintain-ixfr-base <boolean>; // obsolete
maintain-ixfr-base <boolean>; // ancient
managed-keys-directory <quoted_string>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
@ -218,7 +218,7 @@ options {
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <ttlval>;
max-clients-per-query <integer>;
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <ttlval>;
max-records <integer>;
@ -241,12 +241,12 @@ options {
min-ncache-ttl <ttlval>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // not implemented
min-roots <integer>; // ancient
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
multiple-cnames <boolean>; // ancient
named-xfer <quoted_string>; // ancient
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
@ -321,14 +321,14 @@ options {
[ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
dnsrps-options { <unspecified-text> } ];
rfc2308-type1 <boolean>; // not yet implemented
rfc2308-type1 <boolean>; // ancient
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
send-cookie <boolean>;
serial-queries <integer>; // obsolete
serial-queries <integer>; // ancient
serial-query-rate <integer>;
serial-update-method ( date | increment | unixtime );
server-id ( <quoted_string> | none | hostname );
@ -347,7 +347,7 @@ options {
stale-answer-ttl <ttlval>;
startup-notify-rate <integer>;
statistics-file <quoted_string>;
statistics-interval <integer>; // not yet implemented
statistics-interval <integer>; // ancient
suppress-initial-notify <boolean>; // not yet implemented
synth-from-dnssec <boolean>;
tcp-advertised-timeout <integer>;
@ -360,7 +360,7 @@ options {
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
tkey-gssapi-keytab <quoted_string>;
topology { <address_match_element>; ... }; // not implemented
topology { <address_match_element>; ... }; // ancient
transfer-format ( many-answers | one-answer );
transfer-message-size <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
@ -370,12 +370,12 @@ options {
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
treat-cr-as-space <boolean>; // ancient
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // obsolete
use-id-pool <boolean>; // ancient
use-ixfr <boolean>; // obsolete
use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
@ -532,7 +532,7 @@ view <string> [ <class> ] {
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fetch-glue <boolean>; // obsolete
fetch-glue <boolean>; // ancient
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
@ -552,8 +552,8 @@ view <string> [ <class> ] {
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <ttlval>;
lmdb-mapsize <sizeval>; // non-operational
maintain-ixfr-base <boolean>; // obsolete
lmdb-mapsize <sizeval>;
maintain-ixfr-base <boolean>; // ancient
managed-keys { <string> <string>
<integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
@ -566,7 +566,7 @@ view <string> [ <class> ] {
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <ttlval>;
max-clients-per-query <integer>;
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <ttlval>;
max-records <integer>;
@ -586,7 +586,7 @@ view <string> [ <class> ] {
min-ncache-ttl <ttlval>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // not implemented
min-roots <integer>; // ancient
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
@ -658,7 +658,7 @@ view <string> [ <class> ] {
[ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
dnsrps-options { <unspecified-text> } ];
rfc2308-type1 <boolean>; // not yet implemented
rfc2308-type1 <boolean>; // ancient
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
@ -711,7 +711,7 @@ view <string> [ <class> ] {
stale-answer-ttl <ttlval>;
suppress-initial-notify <boolean>; // not yet implemented
synth-from-dnssec <boolean>;
topology { <address_match_element>; ... }; // not implemented
topology { <address_match_element>; ... }; // ancient
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
@ -771,19 +771,19 @@ view <string> [ <class> ] {
dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
ixfr-base <quoted_string>; // obsolete
ixfr-base <quoted_string>; // ancient
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
ixfr-tmp-file <quoted_string>; // ancient
journal <quoted_string>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
maintain-ixfr-base <boolean>; // ancient
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters>
| <ipv4_address> [ port <integer> ] | <ipv6_address> [
port <integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited |
<sizeval> ); // obsolete
<sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
@ -804,10 +804,8 @@ view <string> [ <class> ] {
| * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
pubkey <integer>
<integer>
<integer>
<quoted_string>; // obsolete, may occur multiple times
pubkey <integer> <integer> <integer>
<quoted_string>; // ancient
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );
@ -877,18 +875,18 @@ zone <string> [ <class> ] {
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
ixfr-base <quoted_string>; // obsolete
ixfr-base <quoted_string>; // ancient
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
ixfr-tmp-file <quoted_string>; // ancient
journal <quoted_string>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
maintain-ixfr-base <boolean>; // ancient
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
@ -909,8 +907,7 @@ zone <string> [ <class> ] {
[ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer>
<integer> <quoted_string>; // obsolete, may occur multiple times
pubkey <integer> <integer> <integer> <quoted_string>; // ancient
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );

6
lib/isccfg/include/isccfg/grammar.h
View file

@ -32,7 +32,7 @@
/*% Clause may occur multiple times (e.g., "zone") */
#define CFG_CLAUSEFLAG_MULTI 0x00000001
/*% Clause is obsolete */
/*% Clause is obsolete (logs a warning, but is not a fatal error) */
#define CFG_CLAUSEFLAG_OBSOLETE 0x00000002
/*% Clause is not implemented, and may never be */
#define CFG_CLAUSEFLAG_NOTIMP 0x00000004
@ -55,8 +55,10 @@
/*% A configuration option that is ineffective due to
* compile time options, but is harmless. */
#define CFG_CLAUSEFLAG_NOOP 0x00000200
/*% Clause is obsolete in a future release */
/*% Clause will be obsolete in a future release (logs a warning) */
#define CFG_CLAUSEFLAG_DEPRECATED 0x00000400
/*% Clause has been obsolete so long that it's now a fatal error */
#define CFG_CLAUSEFLAG_ANCIENT 0x00000800
/*%
* Zone types for which a clause is valid:

61
lib/isccfg/namedconf.c
View file

@ -232,19 +232,19 @@ static cfg_type_t cfg_type_portiplist = {
&cfg_rep_tuple, portiplist_fields
};
/*%
* A public key, as in the "pubkey" statement.
/*
* Obsolete format for the "pubkey" statement.
*/
static cfg_tuplefielddef_t pubkey_fields[] = {
{ "flags", &cfg_type_uint32, 0 },
{ "protocol", &cfg_type_uint32, 0 },
{ "algorithm", &cfg_type_uint32, 0 },
{ "key", &cfg_type_qstring, 0 },
{ NULL, NULL, 0 }
{ "flags", &cfg_type_uint32, 0 },
{ "protocol", &cfg_type_uint32, 0 },
{ "algorithm", &cfg_type_uint32, 0 },
{ "key", &cfg_type_qstring, 0 },
{ NULL, NULL, 0 }
};
static cfg_type_t cfg_type_pubkey = {
"pubkey", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
&cfg_rep_tuple, pubkey_fields
"pubkey", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
&cfg_rep_tuple, pubkey_fields
};
/*%
@ -1023,7 +1023,7 @@ options_clauses[] = {
{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
{ "coresize", &cfg_type_size, 0 },
{ "datasize", &cfg_type_size, 0 },
{ "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
#ifdef HAVE_DNSTAP
{ "dnstap-output", &cfg_type_dnstapoutput, 0 },
@ -1039,7 +1039,7 @@ options_clauses[] = {
#endif
{ "dscp", &cfg_type_uint32, 0 },
{ "dump-file", &cfg_type_qstring, 0 },
{ "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "files", &cfg_type_size, 0 },
{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
#ifdef HAVE_DNSTAP
@ -1073,10 +1073,10 @@ options_clauses[] = {
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_GEOIP */
{ "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "heartbeat-interval", &cfg_type_uint32, 0 },
{ "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTIMP },
{ "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },
{ "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "hostname", &cfg_type_qstringornone, 0 },
{ "interface-interval", &cfg_type_ttlval, 0 },
{ "keep-response-order", &cfg_type_bracketed_aml, 0 },
@ -1088,8 +1088,8 @@ options_clauses[] = {
{ "max-rsa-exponent-size", &cfg_type_uint32, 0 },
{ "memstatistics", &cfg_type_boolean, 0 },
{ "memstatistics-file", &cfg_type_qstring, 0 },
{ "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE },
{ "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
{ "notify-rate", &cfg_type_uint32, 0 },
{ "pid-file", &cfg_type_qstringornone, 0 },
{ "port", &cfg_type_uint32, 0 },
@ -1099,7 +1099,7 @@ options_clauses[] = {
{ "recursive-clients", &cfg_type_uint32, 0 },
{ "reserved-sockets", &cfg_type_uint32, 0 },
{ "secroots-file", &cfg_type_qstring, 0 },
{ "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
{ "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "serial-query-rate", &cfg_type_uint32, 0 },
{ "server-id", &cfg_type_serverid, 0 },
{ "session-keyalg", &cfg_type_astring, 0 },
@ -1109,7 +1109,7 @@ options_clauses[] = {
{ "stacksize", &cfg_type_size, 0 },
{ "startup-notify-rate", &cfg_type_uint32, 0 },
{ "statistics-file", &cfg_type_qstring, 0 },
{ "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_NYI },
{ "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "tcp-advertised-timeout", &cfg_type_uint32, 0 },
{ "tcp-clients", &cfg_type_uint32, 0 },
{ "tcp-idle-timeout", &cfg_type_uint32, 0 },
@ -1124,8 +1124,8 @@ options_clauses[] = {
{ "transfers-in", &cfg_type_uint32, 0 },
{ "transfers-out", &cfg_type_uint32, 0 },
{ "transfers-per-ns", &cfg_type_uint32, 0 },
{ "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
@ -1882,7 +1882,7 @@ view_clauses[] = {
{ "empty-contact", &cfg_type_astring, 0 },
{ "empty-server", &cfg_type_astring, 0 },
{ "empty-zones-enable", &cfg_type_boolean, 0 },
{ "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "fetch-quota-params", &cfg_type_fetchquota, 0 },
{ "fetches-per-server", &cfg_type_fetchesper, 0 },
{ "fetches-per-zone", &cfg_type_fetchesper, 0 },
@ -1897,8 +1897,7 @@ view_clauses[] = {
#else
{ "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOOP },
#endif
{ "max-acache-size", &cfg_type_sizenodefault,
CFG_CLAUSEFLAG_OBSOLETE },
{ "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
{ "max-cache-ttl", &cfg_type_ttlval, 0 },
{ "max-clients-per-query", &cfg_type_uint32, 0 },
@ -1910,7 +1909,7 @@ view_clauses[] = {
{ "message-compression", &cfg_type_boolean, 0 },
{ "min-cache-ttl", &cfg_type_ttlval, 0 },
{ "min-ncache-ttl", &cfg_type_ttlval, 0 },
{ "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },
{ "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "minimal-any", &cfg_type_boolean, 0 },
{ "minimal-responses", &cfg_type_minimal, 0 },
{ "new-zones-directory", &cfg_type_qstring, 0 },
@ -1943,7 +1942,7 @@ view_clauses[] = {
{ "resolver-retry-interval", &cfg_type_uint32, 0 },
{ "response-padding", &cfg_type_resppadding, 0 },
{ "response-policy", &cfg_type_rpz, 0 },
{ "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },
{ "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "root-delegation-only", &cfg_type_optional_exclude, 0 },
{ "root-key-sentinel", &cfg_type_boolean, 0 },
{ "rrset-order", &cfg_type_rrsetorder, 0 },
@ -1954,7 +1953,7 @@ view_clauses[] = {
{ "stale-answer-ttl", &cfg_type_ttlval, 0 },
{ "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },
{ "synth-from-dnssec", &cfg_type_boolean, 0 },
{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP },
{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT },
{ "transfer-format", &cfg_type_transferformat, 0 },
{ "trust-anchor-telemetry", &cfg_type_boolean,
CFG_CLAUSEFLAG_EXPERIMENTAL },
@ -2086,7 +2085,7 @@ zone_clauses[] = {
CFG_ZONE_MASTER | CFG_ZONE_SLAVE
},
{ "maintain-ixfr-base", &cfg_type_boolean,
CFG_CLAUSEFLAG_OBSOLETE
CFG_CLAUSEFLAG_ANCIENT
},
{ "masterfile-format", &cfg_type_masterformat,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR |
@ -2097,7 +2096,7 @@ zone_clauses[] = {
CFG_ZONE_STUB | CFG_ZONE_REDIRECT
},
{ "max-ixfr-log-size", &cfg_type_size,
CFG_CLAUSEFLAG_OBSOLETE
CFG_CLAUSEFLAG_ANCIENT
},
{ "max-journal-size", &cfg_type_size,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR
@ -2243,13 +2242,13 @@ zone_only_clauses[] = {
CFG_ZONE_INVIEW
},
{ "ixfr-base", &cfg_type_qstring,
CFG_CLAUSEFLAG_OBSOLETE
CFG_CLAUSEFLAG_ANCIENT
},
{ "ixfr-from-differences", &cfg_type_boolean,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR
},
{ "ixfr-tmp-file", &cfg_type_qstring,
CFG_CLAUSEFLAG_OBSOLETE
CFG_CLAUSEFLAG_ANCIENT
},
{ "journal", &cfg_type_qstring,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR
@ -2259,7 +2258,7 @@ zone_only_clauses[] = {
CFG_ZONE_REDIRECT
},
{ "pubkey", &cfg_type_pubkey,
CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE
CFG_CLAUSEFLAG_ANCIENT
},
{ "server-addresses", &cfg_type_bracketed_netaddrlist,
CFG_ZONE_STATICSTUB

36
lib/isccfg/parser.c
View file

@ -1992,24 +1992,37 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret)
/* Clause is known. */
/* Issue fatal errors if appropriate */
if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) {
cfg_parser_error(pctx, 0,
"option '%s' no longer exists",
clause->name);
CHECK(ISC_R_FAILURE);
}
/* Issue warnings if appropriate */
if ((pctx->flags & CFG_PCTX_NODEPRECATED) == 0 &&
(clause->flags & CFG_CLAUSEFLAG_DEPRECATED) != 0)
{
cfg_parser_warning(pctx, 0, "option '%s' is deprecated",
cfg_parser_warning(pctx, 0,
"option '%s' is deprecated",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) {
cfg_parser_warning(pctx, 0, "option '%s' is obsolete",
cfg_parser_warning(pctx, 0,
"option '%s' is obsolete and "
"should be removed ",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NOTIMP) != 0) {
cfg_parser_warning(pctx, 0, "option '%s' is "
"not implemented", clause->name);
cfg_parser_warning(pctx, 0,
"option '%s' is not implemented",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) {
cfg_parser_warning(pctx, 0, "option '%s' is "
"not implemented", clause->name);
cfg_parser_warning(pctx, 0,
"option '%s' is not implemented",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NOOP) != 0) {
cfg_parser_warning(pctx, 0, "option '%s' was not "
@ -2018,11 +2031,10 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret)
}
if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) {
cfg_parser_warning(pctx, 0, "option '%s' was not "
cfg_parser_error(pctx, 0, "option '%s' was not "
"enabled at compile time",
clause->name);
result = ISC_R_FAILURE;
goto cleanup;
CHECK(ISC_R_FAILURE);
}
/*
@ -2078,8 +2090,9 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret)
callback));
CHECK(parse_semicolon(pctx));
} else if (result == ISC_R_SUCCESS) {
cfg_parser_error(pctx, CFG_LOG_NEAR, "'%s' redefined",
clause->name);
cfg_parser_error(pctx, CFG_LOG_NEAR,
"'%s' redefined",
clause->name);
result = ISC_R_EXISTS;
goto cleanup;
} else {
@ -2276,6 +2289,7 @@ static struct flagtext {
{ CFG_CLAUSEFLAG_EXPERIMENTAL, "experimental" },
{ CFG_CLAUSEFLAG_NOOP, "non-operational" },
{ CFG_CLAUSEFLAG_DEPRECATED, "deprecated" },
{ CFG_CLAUSEFLAG_ANCIENT, "ancient" },
{ 0, NULL }
};