From ff3dace139b0b159156c1ee85e76a3feb5f6c19a Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Sun, 20 Jan 2019 23:50:17 -0800 Subject: [PATCH] Ancient named.conf options are now a fatal configuration error - options that were flagged as obsolete or not implemented in 9.0.0 are now flagged as "ancient", and are a fatal error - the ARM has been updated to remove these, along with other obsolete descriptions of BIND 8 behavior - the log message for obsolete options explicitly recommends removal --- bin/named/named.conf.docbook | 103 ++++---- bin/tests/system/checkconf/ancient.conf | 17 ++ bin/tests/system/checkconf/good.conf | 8 - bin/tests/system/checkconf/tests.sh | 9 + doc/arm/Bv9ARM-book.xml | 312 +----------------------- doc/arm/options.grammar.xml | 49 ++-- doc/misc/docbook-grammars.pl | 4 +- doc/misc/docbook-options.pl | 4 +- doc/misc/docbook-zoneopt.pl | 4 +- doc/misc/options | 75 +++--- lib/isccfg/include/isccfg/grammar.h | 6 +- lib/isccfg/namedconf.c | 61 +++-- lib/isccfg/parser.c | 36 ++- 13 files changed, 221 insertions(+), 467 deletions(-) create mode 100644 bin/tests/system/checkconf/ancient.conf diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index a167b30b57..0f7b74e7bc 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -13,7 +13,7 @@ - 2018-10-23 + 2018-12-07 ISC @@ -203,9 +203,9 @@ options { bindkeys-file quoted_string; blackhole { address_match_element; ... }; cache-file quoted_string; - catalog-zones { zone quoted_string [ default-masters [ port - integer ] [ dscp integer ] { ( masters | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key + catalog-zones { zone string [ default-masters [ port integer ] + [ dscp integer ] { ( masters | ipv4_address [ port + integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval ttlval ]; ... }; check-dup-records ( fail | warn | ignore ); @@ -259,12 +259,15 @@ options { dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( quoted_string | none | hostname ); - dnstap-output ( file | unix ) quoted_string [ size ( unlimited | - size ) ] [ versions ( unlimited | integer ) ] [ suffix ( - increment | timestamp ) ]; + dnstap { ( all | auth | client | forwarder | + resolver | update ) [ ( query | response ) ]; + ... }; + dnstap-identity ( quoted_string | none | + hostname ); + dnstap-output ( file | unix ) quoted_string [ + size ( unlimited | size ) ] [ versions ( + unlimited | integer ) ] [ suffix ( increment + | timestamp ) ]; dnstap-version ( quoted_string | none ); dscp integer; dual-stack-servers [ port integer ] { ( quoted_string [ port @@ -280,9 +283,6 @@ options { fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; files ( default | unlimited | sizeval ); - filter-aaaa { address_match_element; ... }; - filter-aaaa-on-v4 ( break-dnssec | boolean ); - filter-aaaa-on-v6 ( break-dnssec | boolean ); flush-zones-on-shutdown boolean; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address @@ -403,18 +403,17 @@ options { resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; - response-policy { zone quoted_string [ log boolean ] [ - max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ - policy ( cname | disabled | drop | given | no-op | nodata | - nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [ - max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ - min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ - qname-wait-recurse boolean ] [ recursive-only boolean ] [ - nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; + response-policy { zone string [ log boolean ] [ max-policy-ttl + ttlval ] [ min-update-interval ttlval ] [ policy ( cname | + disabled | drop | given | no-op | nodata | nxdomain | passthru + | tcp-only quoted_string ) ] [ recursive-only boolean ] [ + nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ + break-dnssec boolean ] [ max-policy-ttl ttlval ] [ + min-update-interval ttlval ] [ min-ns-dots integer ] [ + nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] + [ recursive-only boolean ] [ nsip-enable boolean ] [ + nsdname-enable boolean ] [ dnsrps-enable boolean ] [ + dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name @@ -474,6 +473,14 @@ options { + PLUGIN + + +plugin ( query ) string [ { unspecified-text + } ]; + + + SERVER @@ -558,9 +565,9 @@ view string [ class ] { auth-nxdomain boolean; // default changed auto-dnssec ( allow | maintain | off ); cache-file quoted_string; - catalog-zones { zone quoted_string [ default-masters [ port - integer ] [ dscp integer ] { ( masters | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key + catalog-zones { zone string [ default-masters [ port integer ] + [ dscp integer ] { ( masters | ipv4_address [ port + integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval ttlval ]; ... }; check-dup-records ( fail | warn | ignore ); @@ -613,8 +620,9 @@ view string [ class ] { dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; + dnstap { ( all | auth | client | forwarder | + resolver | update ) [ ( query | response ) ]; + ... }; dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port @@ -628,9 +636,6 @@ view string [ class ] { fetch-quota-params integer fixedpoint fixedpoint fixedpoint; fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; - filter-aaaa { address_match_element; ... }; - filter-aaaa-on-v4 ( break-dnssec | boolean ); - filter-aaaa-on-v6 ( break-dnssec | boolean ); forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; @@ -671,6 +676,8 @@ view string [ class ] { max-udp-size integer; max-zone-ttl ( unlimited | ttlval ); message-compression boolean; + min-cache-ttl ttlval; + min-ncache-ttl ttlval; min-refresh-time integer; min-retry-time integer; minimal-any boolean; @@ -689,6 +696,8 @@ view string [ class ] { nta-lifetime ttlval; nta-recheck ttlval; nxdomain-redirect string; + plugin ( query ) string [ { + unspecified-text } ]; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; @@ -726,18 +735,17 @@ view string [ class ] { resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; - response-policy { zone quoted_string [ log boolean ] [ - max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ - policy ( cname | disabled | drop | given | no-op | nodata | - nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [ - max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ - min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ - qname-wait-recurse boolean ] [ recursive-only boolean ] [ - nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; + response-policy { zone string [ log boolean ] [ max-policy-ttl + ttlval ] [ min-update-interval ttlval ] [ policy ( cname | + disabled | drop | given | no-op | nodata | nxdomain | passthru + | tcp-only quoted_string ) ] [ recursive-only boolean ] [ + nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ + break-dnssec boolean ] [ max-policy-ttl ttlval ] [ + min-update-interval ttlval ] [ min-ns-dots integer ] [ + nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] + [ recursive-only boolean ] [ nsip-enable boolean ] [ + nsdname-enable boolean ] [ dnsrps-enable boolean ] [ + dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name @@ -873,9 +881,7 @@ view string [ class ] { notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; - pubkey integer - integer - integer + pubkey integer integer integer request-expire boolean; request-ixfr boolean; serial-update-method ( date | increment | unixtime ); @@ -977,7 +983,6 @@ zone string [ class ] { notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; - pubkey integer integer request-expire boolean; request-ixfr boolean; serial-update-method ( date | increment | unixtime ); diff --git a/bin/tests/system/checkconf/ancient.conf b/bin/tests/system/checkconf/ancient.conf new file mode 100644 index 0000000000..2723eb824e --- /dev/null +++ b/bin/tests/system/checkconf/ancient.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * Ancient options are fatal. + */ +options { + fake-iquery yes; +}; diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf index 467e96c755..d627d2a844 100644 --- a/bin/tests/system/checkconf/good.conf +++ b/bin/tests/system/checkconf/good.conf @@ -26,16 +26,11 @@ options { }; coresize 1073741824; datasize 104857600; - deallocate-on-exit yes; directory "."; dscp 41; dump-file "named_dumpdb"; - fake-iquery yes; files 1000; - has-old-clients no; heartbeat-interval 30; - host-statistics yes; - host-statistics-max 100; hostname none; interface-interval 30; keep-response-order { @@ -52,14 +47,11 @@ options { }; match-mapped-addresses yes; memstatistics-file "named.memstats"; - multiple-cnames no; - named-xfer "this is no longer needed"; pid-file none; port 5300; querylog yes; recursing-file "named.recursing"; recursive-clients 3000; - serial-queries 10; serial-query-rate 100; server-id none; max-cache-size 20000000000000; diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index e54bbc3892..ec3bc04e1b 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -77,6 +77,14 @@ do status=`expr $status + $ret` done +n=`expr $n + 1` +echo_i "checking that ancient options report a fatal error ($n)" +ret=0 +$CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1 +grep "no longer exists" ancient.out > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + n=`expr $n + 1` echo_i "checking that named-checkconf -z catches missing hint file ($n)" ret=0 @@ -340,6 +348,7 @@ echo_i "check that named-checkconf -l print out the zone list ($n)" ret=0 $CHECKCONF -l good.conf | grep -v "is not implemented" | +grep -v "no longer exists" | grep -v "is obsolete" > checkconf.out$n || ret=1 diff good.zonelist checkconf.out$n > diff.out$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 474147e657..25df01340d 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -1085,15 +1085,8 @@ zone "eng.example.com" { (rndc) program allows the system administrator to control the operation of a name server. - Since BIND 9.2, rndc - supports all the commands of the BIND 8 ndc - utility except ndc start and - ndc restart, which were also - not supported in ndc's - channel mode. If you run rndc without any - options - it will display a usage message as follows: + options, it will display a usage message as follows: rndc @@ -3601,12 +3594,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. - In BIND 9, the logging configuration - is only established when - the entire configuration file has been parsed. In BIND 8, it was - established as soon as the logging - statement - was parsed. When the server is starting up, all logging messages + The logging configuration is only established when + the entire configuration file has been parsed. + When the server is starting up, all logging messages regarding syntax errors in the configuration file go to the default channels, or to standard error if the option was specified. @@ -4664,20 +4654,6 @@ badresp:1,adberr:0,findfail:0,valfail:0] - - named-xfer - - - This option is obsolete. It - was used in BIND 8 to specify - the pathname to the named-xfer - program. In BIND 9, no separate - named-xfer program is needed; - its functionality is built into the name server. - - - - qname-minimization @@ -5532,13 +5508,11 @@ options { auth-nxdomain - If yes, then the AA bit - is always set on NXDOMAIN responses, even if the server is - not actually - authoritative. The default is no; - this is - a change from BIND 8. If you - are using very old DNS software, you + If yes, then the + AA bit is always set on NXDOMAIN + responses, even if the server is not actually + authoritative. The default is no. + If you are using very old DNS software, you may need to set it to yes. @@ -5793,34 +5767,6 @@ options { - - fake-iquery - - - In BIND 8, this option - enabled simulating the obsolete DNS query type - IQUERY. BIND 9 never does - IQUERY simulation. - - - - - - fetch-glue - - - This option is obsolete. - In BIND 8, fetch-glue yes - caused the server to attempt to fetch glue resource records - it - didn't have when constructing the additional - data section of a response. This is now considered a bad - idea - and BIND 9 never does it. - - - - flush-zones-on-shutdown @@ -5844,33 +5790,6 @@ options { - - has-old-clients - - - This option was incorrectly implemented - in BIND 8, and is ignored by BIND 9. - To achieve the intended effect - of - has-old-clients yes, specify - the two separate options auth-nxdomain yes - and rfc2308-type1 no instead. - - - - - - host-statistics - - - In BIND 8, this enabled keeping of - statistics for every host that the name server interacts - with. - Not implemented in BIND 9. - - - - root-key-sentinel @@ -5882,21 +5801,6 @@ options { - - maintain-ixfr-base - - - This option is obsolete. - It was used in BIND 8 to - determine whether a transaction log was - kept for Incremental Zone Transfer. BIND 9 maintains a transaction - log whenever possible. If you need to disable outgoing - incremental zone - transfers, use provide-ixfr no. - - - - message-compression @@ -5989,19 +5893,6 @@ options { - - multiple-cnames - - - This option was used in BIND 8 to allow - a domain name to have multiple CNAME records in violation of - the DNS standards. BIND 9.2 onwards - always strictly enforces the CNAME rules both in master - files and dynamic updates. - - - - notify @@ -6286,24 +6177,6 @@ options { - - rfc2308-type1 - - - Setting this to yes will - cause the server to send NS records along with the SOA - record for negative - answers. The default is no. - - - - Not yet implemented in BIND - 9. - - - - - trust-anchor-telemetry @@ -6334,17 +6207,6 @@ options { - - use-id-pool - - - This option is obsolete. - BIND 9 always allocates query - IDs from a pool. - - - - use-ixfr @@ -6393,24 +6255,6 @@ options { - - treat-cr-as-space - - - This option was used in BIND - 8 to make - the server treat carriage return ("\r") characters the same way - as a space or tab character, - to facilitate loading of zone files on a UNIX system that - were generated - on an NT or DOS machine. In BIND 9, both UNIX "\n" - and NT/DOS "\r\n" newlines - are always accepted, - and the option is ignored. - - - - match-mapped-addresses @@ -6889,8 +6733,7 @@ options { Try to refresh the zone using TCP if UDP queries fail. - For BIND 8 compatibility, the default is - yes. + The default is yes. @@ -7772,22 +7615,6 @@ avoid-v6-udp-ports {}; - - serial-queries - - - In BIND 8, the serial-queries - option - set the maximum number of concurrent serial number queries - allowed to be outstanding at any given time. - BIND 9 does not limit the number of outstanding - serial queries and ignores the serial-queries option. - Instead, it limits the rate at which the queries are sent - as defined using the serial-query-rate option. - - - - transfer-format @@ -7973,10 +7800,9 @@ avoid-v6-udp-ports {}; Use the alternate transfer sources or not. If views are - specified this defaults to no + specified this defaults to no, otherwise it defaults to - yes (for BIND 8 - compatibility). + yes. @@ -8159,18 +7985,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - - max-ixfr-log-size - - - This option is obsolete; it is accepted - and ignored for BIND 8 compatibility. The option - max-journal-size performs a - similar function in BIND 9. - - - - max-journal-size @@ -8207,17 +8021,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - - host-statistics-max - - - In BIND 8, specifies the maximum number of host statistics - entries to be kept. - Not implemented in BIND 9. - - - - recursive-clients @@ -8636,36 +8439,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - - statistics-interval - - - Name server statistics will be logged - every statistics-interval - minutes. The default is - 60. The maximum value is 28 days (40320 minutes). - If set to 0, no statistics will be logged. - - - Not yet implemented in - BIND 9. - - - - - - - topology - - - In BIND 8, this option indicated network topology - so that preferential treatment could be given to - the topologicaly closest name servers when sending - queries. It is not implemented in BIND 9. - - - - @@ -9024,23 +8797,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - - min-roots - - - The minimum number of root servers that - is required for a request for the root servers to be - accepted. The default - is 2. - - - - Not implemented in BIND 9. - - - - - sig-validity-interval @@ -12163,33 +11919,6 @@ view "external" { - - ixfr-base - - - Was used in BIND 8 to - specify the name - of the transaction log (journal) file for dynamic update - and IXFR. - BIND 9 ignores the option - and constructs the name of the journal - file by appending ".jnl" - to the name of the - zone file. - - - - - - ixfr-tmp-file - - - Was an undocumented option in BIND 8. - Ignored in BIND 9. - - - - journal @@ -12292,20 +12021,6 @@ view "external" { - - pubkey - - - In BIND 8, this option was - intended for specifying - a public zone key for verification of signatures in DNSSEC - signed - zones when they are loaded from disk. BIND 9 does not verify signatures - on load and ignores the option. - - - - zone-statistics @@ -15252,9 +14967,6 @@ HOST-127.EXAMPLE. MX 0 . The $GENERATE directive is a BIND extension and not part of the standard zone file format. - - BIND 8 did not support the optional TTL and CLASS fields. -
Additional File Formats diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml index d8c9243ae5..7439ee3e4f 100644 --- a/doc/arm/options.grammar.xml +++ b/doc/arm/options.grammar.xml @@ -41,9 +41,9 @@ bindkeys-file quoted_string; blackhole { address_match_element; ... }; cache-file quoted_string; - catalog-zones { zone quoted_string [ default-masters [ port - integer ] [ dscp integer ] { ( masters | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key + catalog-zones { zone string [ default-masters [ port integer ] + [ dscp integer ] { ( masters | ipv4_address [ port + integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval ttlval ]; ... }; check-dup-records ( fail | warn | ignore ); @@ -97,12 +97,15 @@ dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( quoted_string | none | hostname ); - dnstap-output ( file | unix ) quoted_string [ size ( unlimited | - size ) ] [ versions ( unlimited | integer ) ] [ suffix ( - increment | timestamp ) ]; + dnstap { ( all | auth | client | forwarder | + resolver | update ) [ ( query | response ) ]; + ... }; + dnstap-identity ( quoted_string | none | + hostname ); + dnstap-output ( file | unix ) quoted_string [ + size ( unlimited | size ) ] [ versions ( + unlimited | integer ) ] [ suffix ( increment + | timestamp ) ]; dnstap-version ( quoted_string | none ); dscp integer; dual-stack-servers [ port integer ] { ( quoted_string [ port @@ -118,9 +121,6 @@ fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; files ( default | unlimited | sizeval ); - filter-aaaa { address_match_element; ... }; - filter-aaaa-on-v4 ( break-dnssec | boolean ); - filter-aaaa-on-v6 ( break-dnssec | boolean ); flush-zones-on-shutdown boolean; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address @@ -176,6 +176,8 @@ memstatistics boolean; memstatistics-file quoted_string; message-compression boolean; + min-cache-ttl ttlval; + min-ncache-ttl ttlval; min-refresh-time integer; min-retry-time integer; minimal-any boolean; @@ -239,18 +241,17 @@ resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; - response-policy { zone quoted_string [ log boolean ] [ - max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ - policy ( cname | disabled | drop | given | no-op | nodata | - nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [ - max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ - min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ - qname-wait-recurse boolean ] [ recursive-only boolean ] [ - nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; + response-policy { zone string [ log boolean ] [ max-policy-ttl + ttlval ] [ min-update-interval ttlval ] [ policy ( cname | + disabled | drop | given | no-op | nodata | nxdomain | passthru + | tcp-only quoted_string ) ] [ recursive-only boolean ] [ + nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ + break-dnssec boolean ] [ max-policy-ttl ttlval ] [ + min-update-interval ttlval ] [ min-ns-dots integer ] [ + nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] + [ recursive-only boolean ] [ nsip-enable boolean ] [ + nsdname-enable boolean ] [ dnsrps-enable boolean ] [ + dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name diff --git a/doc/misc/docbook-grammars.pl b/doc/misc/docbook-grammars.pl index 43f47e813d..7d36da8fe3 100644 --- a/doc/misc/docbook-grammars.pl +++ b/doc/misc/docbook-grammars.pl @@ -59,7 +59,9 @@ while () { $display = 1 } - if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) { + if (m{// not.*implemented} || m{// obsolete} || + m{// ancient} || m{// test.*only}) + { next; } diff --git a/doc/misc/docbook-options.pl b/doc/misc/docbook-options.pl index 6495b53e81..25a6d9927f 100644 --- a/doc/misc/docbook-options.pl +++ b/doc/misc/docbook-options.pl @@ -120,7 +120,9 @@ while () { my $blank = 0; while () { - if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) { + if (m{// not.*implemented} || m{// obsolete} || + m{// ancient} || m{// test.*only}) + { next; } diff --git a/doc/misc/docbook-zoneopt.pl b/doc/misc/docbook-zoneopt.pl index 295fc2865a..2adf2b10f9 100644 --- a/doc/misc/docbook-zoneopt.pl +++ b/doc/misc/docbook-zoneopt.pl @@ -44,7 +44,9 @@ print <) { - if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) { + if (m{// not.*implemented} || m{// obsolete} || + m{// ancient} || m{// test.*only}) + { next; } diff --git a/doc/misc/options b/doc/misc/options index 53c1e7e310..6fed7a3324 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -111,7 +111,7 @@ options { cookie-secret ; // may occur multiple times coresize ( default | unlimited | ); datasize ( default | unlimited | ); - deallocate-on-exit ; // obsolete + deallocate-on-exit ; // ancient deny-answer-addresses { ; ... } [ except-from { ; ... } ]; deny-answer-aliases { ; ... } [ except-from { ; ... @@ -166,8 +166,8 @@ options { empty-contact ; empty-server ; empty-zones-enable ; - fake-iquery ; // obsolete - fetch-glue ; // obsolete + fake-iquery ; // ancient + fetch-glue ; // ancient fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; @@ -189,10 +189,10 @@ options { geoip-directory ( | none ); // not configured geoip-use-ecs ; // obsolete glue-cache ; - has-old-clients ; // obsolete + has-old-clients ; // ancient heartbeat-interval ; - host-statistics ; // not implemented - host-statistics-max ; // not implemented + host-statistics ; // ancient + host-statistics-max ; // ancient hostname ( | none ); inline-signing ; interface-interval ; @@ -207,9 +207,9 @@ options { listen-on-v6 [ port ] [ dscp ] { ; ... }; // may occur multiple times - lmdb-mapsize ; // non-operational + lmdb-mapsize ; lock-file ( | none ); - maintain-ixfr-base ; // obsolete + maintain-ixfr-base ; // ancient managed-keys-directory ; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); @@ -218,7 +218,7 @@ options { max-cache-size ( default | unlimited | | ); max-cache-ttl ; max-clients-per-query ; - max-ixfr-log-size ( default | unlimited | ); // obsolete + max-ixfr-log-size ( default | unlimited | ); // ancient max-journal-size ( default | unlimited | ); max-ncache-ttl ; max-records ; @@ -241,12 +241,12 @@ options { min-ncache-ttl ; min-refresh-time ; min-retry-time ; - min-roots ; // not implemented + min-roots ; // ancient minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); multi-master ; - multiple-cnames ; // obsolete - named-xfer ; // obsolete + multiple-cnames ; // ancient + named-xfer ; // ancient new-zones-directory ; no-case-compress { ; ... }; nocookie-udp-size ; @@ -321,14 +321,14 @@ options { [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - rfc2308-type1 ; // not yet implemented + rfc2308-type1 ; // ancient root-delegation-only [ exclude { ; ... } ]; root-key-sentinel ; rrset-order { [ class ] [ type ] [ name ] ; ... }; secroots-file ; send-cookie ; - serial-queries ; // obsolete + serial-queries ; // ancient serial-query-rate ; serial-update-method ( date | increment | unixtime ); server-id ( | none | hostname ); @@ -347,7 +347,7 @@ options { stale-answer-ttl ; startup-notify-rate ; statistics-file ; - statistics-interval ; // not yet implemented + statistics-interval ; // ancient suppress-initial-notify ; // not yet implemented synth-from-dnssec ; tcp-advertised-timeout ; @@ -360,7 +360,7 @@ options { tkey-domain ; tkey-gssapi-credential ; tkey-gssapi-keytab ; - topology { ; ... }; // not implemented + topology { ; ... }; // ancient transfer-format ( many-answers | one-answer ); transfer-message-size ; transfer-source ( | * ) [ port ( | * ) ] [ @@ -370,12 +370,12 @@ options { transfers-in ; transfers-out ; transfers-per-ns ; - treat-cr-as-space ; // obsolete + treat-cr-as-space ; // ancient trust-anchor-telemetry ; // experimental try-tcp-refresh ; update-check-ksk ; use-alt-transfer-source ; - use-id-pool ; // obsolete + use-id-pool ; // ancient use-ixfr ; // obsolete use-queryport-pool ; // obsolete use-v4-udp-ports { ; ... }; @@ -532,7 +532,7 @@ view [ ] { empty-contact ; empty-server ; empty-zones-enable ; - fetch-glue ; // obsolete + fetch-glue ; // ancient fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; @@ -552,8 +552,8 @@ view [ ] { }; // may occur multiple times key-directory ; lame-ttl ; - lmdb-mapsize ; // non-operational - maintain-ixfr-base ; // obsolete + lmdb-mapsize ; + maintain-ixfr-base ; // ancient managed-keys { ; ... }; // may occur multiple times @@ -566,7 +566,7 @@ view [ ] { max-cache-size ( default | unlimited | | ); max-cache-ttl ; max-clients-per-query ; - max-ixfr-log-size ( default | unlimited | ); // obsolete + max-ixfr-log-size ( default | unlimited | ); // ancient max-journal-size ( default | unlimited | ); max-ncache-ttl ; max-records ; @@ -586,7 +586,7 @@ view [ ] { min-ncache-ttl ; min-refresh-time ; min-retry-time ; - min-roots ; // not implemented + min-roots ; // ancient minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); multi-master ; @@ -658,7 +658,7 @@ view [ ] { [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - rfc2308-type1 ; // not yet implemented + rfc2308-type1 ; // ancient root-delegation-only [ exclude { ; ... } ]; root-key-sentinel ; rrset-order { [ class ] [ type ] [ name @@ -711,7 +711,7 @@ view [ ] { stale-answer-ttl ; suppress-initial-notify ; // not yet implemented synth-from-dnssec ; - topology { ; ... }; // not implemented + topology { ; ... }; // ancient transfer-format ( many-answers | one-answer ); transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; @@ -771,19 +771,19 @@ view [ ] { dscp ]; ... }; in-view ; inline-signing ; - ixfr-base ; // obsolete + ixfr-base ; // ancient ixfr-from-differences ; - ixfr-tmp-file ; // obsolete + ixfr-tmp-file ; // ancient journal ; key-directory ; - maintain-ixfr-base ; // obsolete + maintain-ixfr-base ; // ancient masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; max-ixfr-log-size ( default | unlimited | - ); // obsolete + ); // ancient max-journal-size ( default | unlimited | ); max-records ; max-refresh-time ; @@ -804,10 +804,8 @@ view [ ] { | * ) ] [ dscp ]; notify-to-soa ; nsec3-test-zone ; // test only - pubkey - - - ; // obsolete, may occur multiple times + pubkey + ; // ancient request-expire ; request-ixfr ; serial-update-method ( date | increment | unixtime ); @@ -877,18 +875,18 @@ zone [ ] { | ) [ port ] [ dscp ]; ... }; in-view ; inline-signing ; - ixfr-base ; // obsolete + ixfr-base ; // ancient ixfr-from-differences ; - ixfr-tmp-file ; // obsolete + ixfr-tmp-file ; // ancient journal ; key-directory ; - maintain-ixfr-base ; // obsolete + maintain-ixfr-base ; // ancient masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; - max-ixfr-log-size ( default | unlimited | ); // obsolete + max-ixfr-log-size ( default | unlimited | ); // ancient max-journal-size ( default | unlimited | ); max-records ; max-refresh-time ; @@ -909,8 +907,7 @@ zone [ ] { [ dscp ]; notify-to-soa ; nsec3-test-zone ; // test only - pubkey - ; // obsolete, may occur multiple times + pubkey ; // ancient request-expire ; request-ixfr ; serial-update-method ( date | increment | unixtime ); diff --git a/lib/isccfg/include/isccfg/grammar.h b/lib/isccfg/include/isccfg/grammar.h index ba9115458c..ffc594759d 100644 --- a/lib/isccfg/include/isccfg/grammar.h +++ b/lib/isccfg/include/isccfg/grammar.h @@ -32,7 +32,7 @@ /*% Clause may occur multiple times (e.g., "zone") */ #define CFG_CLAUSEFLAG_MULTI 0x00000001 -/*% Clause is obsolete */ +/*% Clause is obsolete (logs a warning, but is not a fatal error) */ #define CFG_CLAUSEFLAG_OBSOLETE 0x00000002 /*% Clause is not implemented, and may never be */ #define CFG_CLAUSEFLAG_NOTIMP 0x00000004 @@ -55,8 +55,10 @@ /*% A configuration option that is ineffective due to * compile time options, but is harmless. */ #define CFG_CLAUSEFLAG_NOOP 0x00000200 -/*% Clause is obsolete in a future release */ +/*% Clause will be obsolete in a future release (logs a warning) */ #define CFG_CLAUSEFLAG_DEPRECATED 0x00000400 +/*% Clause has been obsolete so long that it's now a fatal error */ +#define CFG_CLAUSEFLAG_ANCIENT 0x00000800 /*% * Zone types for which a clause is valid: diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index bb306f98c9..6f88a4cba3 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -232,19 +232,19 @@ static cfg_type_t cfg_type_portiplist = { &cfg_rep_tuple, portiplist_fields }; -/*% - * A public key, as in the "pubkey" statement. +/* + * Obsolete format for the "pubkey" statement. */ static cfg_tuplefielddef_t pubkey_fields[] = { - { "flags", &cfg_type_uint32, 0 }, - { "protocol", &cfg_type_uint32, 0 }, - { "algorithm", &cfg_type_uint32, 0 }, - { "key", &cfg_type_qstring, 0 }, - { NULL, NULL, 0 } + { "flags", &cfg_type_uint32, 0 }, + { "protocol", &cfg_type_uint32, 0 }, + { "algorithm", &cfg_type_uint32, 0 }, + { "key", &cfg_type_qstring, 0 }, + { NULL, NULL, 0 } }; static cfg_type_t cfg_type_pubkey = { - "pubkey", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, - &cfg_rep_tuple, pubkey_fields + "pubkey", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, + &cfg_rep_tuple, pubkey_fields }; /*% @@ -1023,7 +1023,7 @@ options_clauses[] = { { "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI }, { "coresize", &cfg_type_size, 0 }, { "datasize", &cfg_type_size, 0 }, - { "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, { "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK }, #ifdef HAVE_DNSTAP { "dnstap-output", &cfg_type_dnstapoutput, 0 }, @@ -1039,7 +1039,7 @@ options_clauses[] = { #endif { "dscp", &cfg_type_uint32, 0 }, { "dump-file", &cfg_type_qstring, 0 }, - { "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, { "files", &cfg_type_size, 0 }, { "flush-zones-on-shutdown", &cfg_type_boolean, 0 }, #ifdef HAVE_DNSTAP @@ -1073,10 +1073,10 @@ options_clauses[] = { CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* HAVE_GEOIP */ { "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, { "heartbeat-interval", &cfg_type_uint32, 0 }, - { "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTIMP }, - { "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP }, + { "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, { "hostname", &cfg_type_qstringornone, 0 }, { "interface-interval", &cfg_type_ttlval, 0 }, { "keep-response-order", &cfg_type_bracketed_aml, 0 }, @@ -1088,8 +1088,8 @@ options_clauses[] = { { "max-rsa-exponent-size", &cfg_type_uint32, 0 }, { "memstatistics", &cfg_type_boolean, 0 }, { "memstatistics-file", &cfg_type_qstring, 0 }, - { "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE }, + { "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT }, { "notify-rate", &cfg_type_uint32, 0 }, { "pid-file", &cfg_type_qstringornone, 0 }, { "port", &cfg_type_uint32, 0 }, @@ -1099,7 +1099,7 @@ options_clauses[] = { { "recursive-clients", &cfg_type_uint32, 0 }, { "reserved-sockets", &cfg_type_uint32, 0 }, { "secroots-file", &cfg_type_qstring, 0 }, - { "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, + { "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, { "serial-query-rate", &cfg_type_uint32, 0 }, { "server-id", &cfg_type_serverid, 0 }, { "session-keyalg", &cfg_type_astring, 0 }, @@ -1109,7 +1109,7 @@ options_clauses[] = { { "stacksize", &cfg_type_size, 0 }, { "startup-notify-rate", &cfg_type_uint32, 0 }, { "statistics-file", &cfg_type_qstring, 0 }, - { "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_NYI }, + { "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, { "tcp-advertised-timeout", &cfg_type_uint32, 0 }, { "tcp-clients", &cfg_type_uint32, 0 }, { "tcp-idle-timeout", &cfg_type_uint32, 0 }, @@ -1124,8 +1124,8 @@ options_clauses[] = { { "transfers-in", &cfg_type_uint32, 0 }, { "transfers-out", &cfg_type_uint32, 0 }, { "transfers-per-ns", &cfg_type_uint32, 0 }, - { "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, + { "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, { "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 }, @@ -1882,7 +1882,7 @@ view_clauses[] = { { "empty-contact", &cfg_type_astring, 0 }, { "empty-server", &cfg_type_astring, 0 }, { "empty-zones-enable", &cfg_type_boolean, 0 }, - { "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, { "fetch-quota-params", &cfg_type_fetchquota, 0 }, { "fetches-per-server", &cfg_type_fetchesper, 0 }, { "fetches-per-zone", &cfg_type_fetchesper, 0 }, @@ -1897,8 +1897,7 @@ view_clauses[] = { #else { "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOOP }, #endif - { "max-acache-size", &cfg_type_sizenodefault, - CFG_CLAUSEFLAG_OBSOLETE }, + { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, { "max-cache-ttl", &cfg_type_ttlval, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, @@ -1910,7 +1909,7 @@ view_clauses[] = { { "message-compression", &cfg_type_boolean, 0 }, { "min-cache-ttl", &cfg_type_ttlval, 0 }, { "min-ncache-ttl", &cfg_type_ttlval, 0 }, - { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP }, + { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT }, { "minimal-any", &cfg_type_boolean, 0 }, { "minimal-responses", &cfg_type_minimal, 0 }, { "new-zones-directory", &cfg_type_qstring, 0 }, @@ -1943,7 +1942,7 @@ view_clauses[] = { { "resolver-retry-interval", &cfg_type_uint32, 0 }, { "response-padding", &cfg_type_resppadding, 0 }, { "response-policy", &cfg_type_rpz, 0 }, - { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, + { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT }, { "root-delegation-only", &cfg_type_optional_exclude, 0 }, { "root-key-sentinel", &cfg_type_boolean, 0 }, { "rrset-order", &cfg_type_rrsetorder, 0 }, @@ -1954,7 +1953,7 @@ view_clauses[] = { { "stale-answer-ttl", &cfg_type_ttlval, 0 }, { "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, { "synth-from-dnssec", &cfg_type_boolean, 0 }, - { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP }, + { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT }, { "transfer-format", &cfg_type_transferformat, 0 }, { "trust-anchor-telemetry", &cfg_type_boolean, CFG_CLAUSEFLAG_EXPERIMENTAL }, @@ -2086,7 +2085,7 @@ zone_clauses[] = { CFG_ZONE_MASTER | CFG_ZONE_SLAVE }, { "maintain-ixfr-base", &cfg_type_boolean, - CFG_CLAUSEFLAG_OBSOLETE + CFG_CLAUSEFLAG_ANCIENT }, { "masterfile-format", &cfg_type_masterformat, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR | @@ -2097,7 +2096,7 @@ zone_clauses[] = { CFG_ZONE_STUB | CFG_ZONE_REDIRECT }, { "max-ixfr-log-size", &cfg_type_size, - CFG_CLAUSEFLAG_OBSOLETE + CFG_CLAUSEFLAG_ANCIENT }, { "max-journal-size", &cfg_type_size, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR @@ -2243,13 +2242,13 @@ zone_only_clauses[] = { CFG_ZONE_INVIEW }, { "ixfr-base", &cfg_type_qstring, - CFG_CLAUSEFLAG_OBSOLETE + CFG_CLAUSEFLAG_ANCIENT }, { "ixfr-from-differences", &cfg_type_boolean, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR }, { "ixfr-tmp-file", &cfg_type_qstring, - CFG_CLAUSEFLAG_OBSOLETE + CFG_CLAUSEFLAG_ANCIENT }, { "journal", &cfg_type_qstring, CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR @@ -2259,7 +2258,7 @@ zone_only_clauses[] = { CFG_ZONE_REDIRECT }, { "pubkey", &cfg_type_pubkey, - CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE + CFG_CLAUSEFLAG_ANCIENT }, { "server-addresses", &cfg_type_bracketed_netaddrlist, CFG_ZONE_STATICSTUB diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 906defc929..be0d7655c9 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -1992,24 +1992,37 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) /* Clause is known. */ + /* Issue fatal errors if appropriate */ + if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) { + cfg_parser_error(pctx, 0, + "option '%s' no longer exists", + clause->name); + CHECK(ISC_R_FAILURE); + } + /* Issue warnings if appropriate */ if ((pctx->flags & CFG_PCTX_NODEPRECATED) == 0 && (clause->flags & CFG_CLAUSEFLAG_DEPRECATED) != 0) { - cfg_parser_warning(pctx, 0, "option '%s' is deprecated", + cfg_parser_warning(pctx, 0, + "option '%s' is deprecated", clause->name); } if ((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) { - cfg_parser_warning(pctx, 0, "option '%s' is obsolete", + cfg_parser_warning(pctx, 0, + "option '%s' is obsolete and " + "should be removed ", clause->name); } if ((clause->flags & CFG_CLAUSEFLAG_NOTIMP) != 0) { - cfg_parser_warning(pctx, 0, "option '%s' is " - "not implemented", clause->name); + cfg_parser_warning(pctx, 0, + "option '%s' is not implemented", + clause->name); } if ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) { - cfg_parser_warning(pctx, 0, "option '%s' is " - "not implemented", clause->name); + cfg_parser_warning(pctx, 0, + "option '%s' is not implemented", + clause->name); } if ((clause->flags & CFG_CLAUSEFLAG_NOOP) != 0) { cfg_parser_warning(pctx, 0, "option '%s' was not " @@ -2018,11 +2031,10 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) } if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) { - cfg_parser_warning(pctx, 0, "option '%s' was not " + cfg_parser_error(pctx, 0, "option '%s' was not " "enabled at compile time", clause->name); - result = ISC_R_FAILURE; - goto cleanup; + CHECK(ISC_R_FAILURE); } /* @@ -2078,8 +2090,9 @@ cfg_parse_mapbody(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) callback)); CHECK(parse_semicolon(pctx)); } else if (result == ISC_R_SUCCESS) { - cfg_parser_error(pctx, CFG_LOG_NEAR, "'%s' redefined", - clause->name); + cfg_parser_error(pctx, CFG_LOG_NEAR, + "'%s' redefined", + clause->name); result = ISC_R_EXISTS; goto cleanup; } else { @@ -2276,6 +2289,7 @@ static struct flagtext { { CFG_CLAUSEFLAG_EXPERIMENTAL, "experimental" }, { CFG_CLAUSEFLAG_NOOP, "non-operational" }, { CFG_CLAUSEFLAG_DEPRECATED, "deprecated" }, + { CFG_CLAUSEFLAG_ANCIENT, "ancient" }, { 0, NULL } };