From 54de054dd536ac23dc679c310ea70db9f5729314 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Wed, 7 Aug 2019 09:13:33 -0700
Subject: [PATCH] mark 'dnssec-lookaside' obsolete in parser

---
 bin/tests/system/checkconf/deprecated.conf               | 1 -
 bin/tests/system/checkconf/tests.sh                      | 9 +++++----
 ...lv.example.com.conf => warn-dlv-dlv.example.com.conf} | 0
 lib/isccfg/namedconf.c                                   | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)
 rename bin/tests/system/checkconf/{good-dlv-dlv.example.com.conf => warn-dlv-dlv.example.com.conf} (100%)

diff --git a/bin/tests/system/checkconf/deprecated.conf b/bin/tests/system/checkconf/deprecated.conf
index f080af4087..d4f30a0b0c 100644
--- a/bin/tests/system/checkconf/deprecated.conf
+++ b/bin/tests/system/checkconf/deprecated.conf
@@ -11,7 +11,6 @@
 
 options {
 	dnssec-validation yes;
-	dnssec-lookaside . trust-anchor dlv.example.com;
 };
 
 trusted-keys {
diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index d41247a903..94646ab35d 100644
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -130,7 +130,6 @@ n=`expr $n + 1`
 echo_i "checking named-checkconf deprecate warnings ($n)"
 ret=0
 $CHECKCONF deprecated.conf > checkconf.out$n.1 2>&1
-grep "option 'dnssec-lookaside' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
 grep "option 'managed-keys' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
 grep "option 'trusted-keys' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -389,6 +388,7 @@ n=`expr $n + 1`
 echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)"
 ret=0
 $CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
+grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
 grep "dnssec-lookaside 'auto' is no longer supported" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
@@ -397,17 +397,18 @@ n=`expr $n + 1`
 echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
 ret=0
 $CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
+grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
 grep "dlv.isc.org has been shut down" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
-echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates only a deprecate warning ($n)"
+echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates a warning ($n)"
 ret=0
-$CHECKCONF good-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
+$CHECKCONF warn-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
 lines=$(wc -l < checkconf.out$n)
 if [ $lines != 1 ]; then ret=1; fi
-grep "option 'dnssec-lookaside' is deprecated" < checkconf.out$n > /dev/null || ret=1
+grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 
diff --git a/bin/tests/system/checkconf/good-dlv-dlv.example.com.conf b/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf
similarity index 100%
rename from bin/tests/system/checkconf/good-dlv-dlv.example.com.conf
rename to bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index bf7e3a5bca..67c23dd89a 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1876,7 +1876,7 @@ view_clauses[] = {
 	{ "dnssec-accept-expired", &cfg_type_boolean, 0 },
 	{ "dnssec-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
 	{ "dnssec-lookaside", &cfg_type_lookaside,
-	  CFG_CLAUSEFLAG_MULTI|CFG_CLAUSEFLAG_DEPRECATED },
+	  CFG_CLAUSEFLAG_MULTI|CFG_CLAUSEFLAG_OBSOLETE },
 	{ "dnssec-must-be-secure",  &cfg_type_mustbesecure,
 	  CFG_CLAUSEFLAG_MULTI },
 	{ "dnssec-validation", &cfg_type_boolorauto, 0 },