From 5fa4aa2fec10e25a961ec0139c166247b028c77d Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Fri, 6 Jan 2023 17:01:06 -0800 Subject: [PATCH] mark "port" as deprecated for source address options Deprecate the use of "port" when configuring query-source(-v6), transfer-source(-v6), notify-source(-v6), parental-source(-v6), etc. Also deprecate use-{v4,v6}-udp-ports and avoid-{v4,v6}udp-ports. (cherry picked from commit 470ccbc8ede82be6e71ac593adbc5bb778685523) --- bin/tests/system/checkconf/tests.sh | 1 + doc/arm/reference.rst | 44 +++++++---- doc/man/named.conf.5in | 116 ++++++++++++++-------------- doc/misc/mirror.zoneopt | 12 +-- doc/misc/options | 72 ++++++++--------- doc/misc/primary.zoneopt | 12 +-- doc/misc/secondary.zoneopt | 16 ++-- doc/misc/stub.zoneopt | 4 +- lib/isccfg/include/isccfg/grammar.h | 1 + lib/isccfg/namedconf.c | 37 ++++----- lib/isccfg/parser.c | 23 ++++-- 11 files changed, 183 insertions(+), 155 deletions(-) diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 340f3116c2..3ec41a2188 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -429,6 +429,7 @@ n=`expr $n + 1` echo_i "check that named-checkconf -l prints out the zone list ($n)" ret=0 $CHECKCONF -l good.conf | +grep -v "is deprecated" | grep -v "is not implemented" | grep -v "is not recommended" | grep -v "no longer exists" | diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index ad05f0cef2..95b911c103 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -3273,11 +3273,11 @@ Query Address .. namedconf:statement:: query-source :tags: query - :short: Controls the IPv4 address and port from which queries are issued. + :short: Controls the IPv4 address from which queries are issued. .. namedconf:statement:: query-source-v6 :tags: query - :short: Controls the IPv6 address and port from which queries are issued. + :short: Controls the IPv6 address from which queries are issued. If the server does not know the answer to a question, it queries other name servers. :any:`query-source` specifies the address and port used for @@ -3293,20 +3293,24 @@ Query Address query-source address * port *; query-source-v6 address * port *; - .. note:: The address specified in the :any:`query-source` option is used for both - UDP and TCP queries, but the port applies only to UDP queries. TCP - queries always use a random unprivileged port. + .. note:: ``port`` configuration is deprecated. A warning will be logged + when this parameter is used. + + .. note:: The address specified in the :any:`query-source` option is + used for both UDP and TCP queries, but the port applies only to UDP + queries. TCP queries always use a random unprivileged port. .. namedconf:statement:: use-v4-udp-ports - :tags: query + :tags: deprecated :short: Specifies a list of ports that are valid sources for UDP/IPv4 messages. .. namedconf:statement:: use-v6-udp-ports - :tags: query + :tags: deprecated :short: Specifies a list of ports that are valid sources for UDP/IPv6 messages. - These statements specify a list of IPv4 and IPv6 UDP ports that - are used as source ports for UDP messages. + These statements, which are deprecated and will be removed in a future + release, specify a list of IPv4 and IPv6 UDP ports that are used as + source ports for UDP messages. If :term:`port` is ``*`` or is omitted, a random port number from a pre-configured range is selected and used for each query. The @@ -3325,15 +3329,16 @@ Query Address use-v6-udp-ports { range 1024 65535; }; .. namedconf:statement:: avoid-v4-udp-ports - :tags: query + :tags: deprecated :short: Specifies the range(s) of ports to be excluded from use as sources for UDP/IPv4 messages. .. namedconf:statement:: avoid-v6-udp-ports - :tags: query + :tags: deprecated :short: Specifies the range(s) of ports to be excluded from use as sources for UDP/IPv6 messages. - These ranges are excluded from those - specified in the :any:`avoid-v4-udp-ports` and :any:`avoid-v6-udp-ports` + These statements, which are deprecated and will be removed in a future + release, specific ranges of port numbers to exclude from those specified + in the :any:`avoid-v4-udp-ports` and :any:`avoid-v6-udp-ports` options, respectively. The defaults of the :any:`avoid-v4-udp-ports` and :any:`avoid-v6-udp-ports` @@ -3565,6 +3570,9 @@ options apply to zone transfers. :any:`transfer-source` statement within the :any:`view` or :any:`zone` block in the configuration file. + .. note:: ``port`` configuration is deprecated. A warning will be logged + when this parameter is used. + .. warning:: Specifying a single port is discouraged, as it removes a layer of protection against spoofing errors. @@ -3574,8 +3582,8 @@ options apply to zone transfers. :tags: transfer :short: Defines which local IPv6 address(es) are bound to TCP connections used to fetch zones transferred inbound by the server. - This option is the same as :any:`transfer-source`, except zone transfers are performed - using IPv6. + This option is the same as :any:`transfer-source`, except zone transfers + are performed using IPv6. .. namedconf:statement:: alt-transfer-source :tags: deprecated @@ -3615,6 +3623,9 @@ options apply to zone transfers. or per-view basis by including a :any:`notify-source` statement within the :any:`zone` or :any:`view` block in the configuration file. + .. note:: ``port`` configuration is deprecated. A warning will be logged + when this parameter is used. + .. warning:: Specifying a single port is discouraged, as it removes a layer of protection against spoofing errors. @@ -6537,6 +6548,9 @@ The following options apply to DS queries sent to :any:`parental-agents`: per-view basis by including a :any:`parental-source` statement within the :any:`zone` or :any:`view` block in the configuration file. + .. note:: ``port`` configuration is deprecated. A warning will be logged + when this parameter is used. + .. warning:: Specifying a single port is discouraged, as it removes a layer of protection against spoofing errors. diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index e04143d8ba..b2ece17b7d 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -127,15 +127,15 @@ options { allow\-update { ; ... }; allow\-update\-forwarding { ; ... }; also\-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ]; // deprecated - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt\-transfer\-source ( | * ) ; // deprecated + alt\-transfer\-source\-v6 ( | * ) ; // deprecated answer\-cookie ; attach\-cache ; auth\-nxdomain ; auto\-dnssec ( allow | maintain | off ); // deprecated automatic\-interface\-scan ; - avoid\-v4\-udp\-ports { ; ... }; - avoid\-v6\-udp\-ports { ; ... }; + avoid\-v4\-udp\-ports { ; ... }; // deprecated + avoid\-v6\-udp\-ports { ; ... }; // deprecated bindkeys\-file ; blackhole { ; ... }; catalog\-zones { zone [ default\-primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; @@ -265,23 +265,23 @@ options { notify ( explicit | master\-only | primary\-only | ); notify\-delay ; notify\-rate ; - notify\-source ( | * ) [ port ( | * ) ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ]; + notify\-source ( | * ) ; + notify\-source\-v6 ( | * ) ; notify\-to\-soa ; nsec3\-test\-zone ; // test only nta\-lifetime ; nta\-recheck ; nxdomain\-redirect ; - parental\-source ( | * ) [ port ( | * ) ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ]; + parental\-source ( | * ) ; + parental\-source\-v6 ( | * ) ; pid\-file ( | none ); port ; preferred\-glue ; prefetch [ ]; provide\-ixfr ; qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); - query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); + query\-source [ address ] ( | * ); + query\-source\-v6 [ address ] ( | * ); querylog ; random\-device ( | none ); // obsolete rate\-limit { @@ -357,8 +357,8 @@ options { tls\-port ; transfer\-format ( many\-answers | one\-answer ); transfer\-message\-size ; - transfer\-source ( | * ) [ port ( | * ) ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ]; + transfer\-source ( | * ) ; + transfer\-source\-v6 ( | * ) ; transfers\-in ; transfers\-out ; transfers\-per\-ns ; @@ -369,8 +369,8 @@ options { update\-check\-ksk ; update\-quota ; use\-alt\-transfer\-source ; // deprecated - use\-v4\-udp\-ports { ; ... }; - use\-v6\-udp\-ports { ; ... }; + use\-v4\-udp\-ports { ; ... }; // deprecated + use\-v6\-udp\-ports { ; ... }; // deprecated v6\-bias ; validate\-except { ; ... }; version ( | none ); @@ -392,12 +392,12 @@ server { edns\-version ; keys ; max\-udp\-size ; - notify\-source ( | * ) [ port ( | * ) ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ]; + notify\-source ( | * ) ; + notify\-source\-v6 ( | * ) ; padding ; provide\-ixfr ; - query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); - query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); + query\-source [ address ] ( | * ); + query\-source\-v6 [ address ] ( | * ); request\-expire ; request\-ixfr ; request\-nsid ; @@ -405,8 +405,8 @@ server { tcp\-keepalive ; tcp\-only ; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( | * ) [ port ( | * ) ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ]; + transfer\-source ( | * ) ; + transfer\-source\-v6 ( | * ) ; transfers ; }; // may occur multiple times @@ -443,8 +443,8 @@ view [ ] { allow\-update { ; ... }; allow\-update\-forwarding { ; ... }; also\-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ]; // deprecated - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt\-transfer\-source ( | * ) ; // deprecated + alt\-transfer\-source\-v6 ( | * ) ; // deprecated attach\-cache ; auth\-nxdomain ; auto\-dnssec ( allow | maintain | off ); // deprecated @@ -551,22 +551,22 @@ view [ ] { nocookie\-udp\-size ; notify ( explicit | master\-only | primary\-only | ); notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ]; + notify\-source ( | * ) ; + notify\-source\-v6 ( | * ) ; notify\-to\-soa ; nsec3\-test\-zone ; // test only nta\-lifetime ; nta\-recheck ; nxdomain\-redirect ; - parental\-source ( | * ) [ port ( | * ) ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ]; + parental\-source ( | * ) ; + parental\-source\-v6 ( | * ) ; plugin ( query ) [ { } ]; // may occur multiple times preferred\-glue ; prefetch [ ]; provide\-ixfr ; qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); - query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); + query\-source [ address ] ( | * ); + query\-source\-v6 [ address ] ( | * ); rate\-limit { all\-per\-second ; errors\-per\-second ; @@ -606,12 +606,12 @@ view [ ] { edns\-version ; keys ; max\-udp\-size ; - notify\-source ( | * ) [ port ( | * ) ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ]; + notify\-source ( | * ) ; + notify\-source\-v6 ( | * ) ; padding ; provide\-ixfr ; - query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); - query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); + query\-source [ address ] ( | * ); + query\-source\-v6 [ address ] ( | * ); request\-expire ; request\-ixfr ; request\-nsid ; @@ -619,8 +619,8 @@ view [ ] { tcp\-keepalive ; tcp\-only ; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( | * ) [ port ( | * ) ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ]; + transfer\-source ( | * ) ; + transfer\-source\-v6 ( | * ) ; transfers ; }; // may occur multiple times servfail\-ttl ; @@ -637,8 +637,8 @@ view [ ] { suppress\-initial\-notify ; // obsolete synth\-from\-dnssec ; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( | * ) [ port ( | * ) ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ]; + transfer\-source ( | * ) ; + transfer\-source\-v6 ( | * ) ; trust\-anchor\-telemetry ; // experimental trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times trusted\-keys { ; ... }; // may occur multiple times, deprecated @@ -671,8 +671,8 @@ zone [ ] { allow\-transfer [ port ] [ transport ] { ; ... }; allow\-update { ; ... }; also\-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ]; // deprecated - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt\-transfer\-source ( | * ) ; // deprecated + alt\-transfer\-source\-v6 ( | * ) ; // deprecated auto\-dnssec ( allow | maintain | off ); // deprecated check\-dup\-records ( fail | warn | ignore ); check\-integrity ; @@ -709,13 +709,13 @@ zone [ ] { max\-zone\-ttl ( unlimited | ); notify ( explicit | master\-only | primary\-only | ); notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ]; + notify\-source ( | * ) ; + notify\-source\-v6 ( | * ) ; notify\-to\-soa ; nsec3\-test\-zone ; // test only parental\-agents [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental\-source ( | * ) [ port ( | * ) ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ]; + parental\-source ( | * ) ; + parental\-source\-v6 ( | * ) ; serial\-update\-method ( date | increment | unixtime ); sig\-signing\-nodes ; sig\-signing\-signatures ; @@ -744,8 +744,8 @@ zone [ ] { allow\-transfer [ port ] [ transport ] { ; ... }; allow\-update\-forwarding { ; ... }; also\-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ]; // deprecated - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt\-transfer\-source ( | * ) ; // deprecated + alt\-transfer\-source\-v6 ( | * ) ; // deprecated auto\-dnssec ( allow | maintain | off ); // deprecated check\-names ( fail | warn | ignore ); database ; @@ -779,13 +779,13 @@ zone [ ] { multi\-master ; notify ( explicit | master\-only | primary\-only | ); notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ]; + notify\-source ( | * ) ; + notify\-source\-v6 ( | * ) ; notify\-to\-soa ; nsec3\-test\-zone ; // test only parental\-agents [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental\-source ( | * ) [ port ( | * ) ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ]; + parental\-source ( | * ) ; + parental\-source\-v6 ( | * ) ; primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; request\-expire ; request\-ixfr ; @@ -793,8 +793,8 @@ zone [ ] { sig\-signing\-signatures ; sig\-signing\-type ; sig\-validity\-interval [ ]; - transfer\-source ( | * ) [ port ( | * ) ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ]; + transfer\-source ( | * ) ; + transfer\-source\-v6 ( | * ) ; try\-tcp\-refresh ; update\-check\-ksk ; use\-alt\-transfer\-source ; // deprecated @@ -819,8 +819,8 @@ zone [ ] { allow\-transfer [ port ] [ transport ] { ; ... }; allow\-update\-forwarding { ; ... }; also\-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ]; // deprecated - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt\-transfer\-source ( | * ) ; // deprecated + alt\-transfer\-source\-v6 ( | * ) ; // deprecated check\-names ( fail | warn | ignore ); database ; file ; @@ -842,13 +842,13 @@ zone [ ] { multi\-master ; notify ( explicit | master\-only | primary\-only | ); notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ]; + notify\-source ( | * ) ; + notify\-source\-v6 ( | * ) ; primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; request\-expire ; request\-ixfr ; - transfer\-source ( | * ) [ port ( | * ) ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ]; + transfer\-source ( | * ) ; + transfer\-source\-v6 ( | * ) ; try\-tcp\-refresh ; use\-alt\-transfer\-source ; // deprecated zero\-no\-soa\-ttl ; @@ -962,8 +962,8 @@ zone [ ] { min\-retry\-time ; multi\-master ; primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - transfer\-source ( | * ) [ port ( | * ) ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ]; + transfer\-source ( | * ) ; + transfer\-source\-v6 ( | * ) ; use\-alt\-transfer\-source ; // deprecated zone\-statistics ( full | terse | none | ); }; diff --git a/doc/misc/mirror.zoneopt b/doc/misc/mirror.zoneopt index a7fc7fa66e..ac371cd6e1 100644 --- a/doc/misc/mirror.zoneopt +++ b/doc/misc/mirror.zoneopt @@ -6,8 +6,8 @@ zone [ ] { allow-transfer [ port ] [ transport ] { ; ... }; allow-update-forwarding { ; ... }; also-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ]; // deprecated - alt-transfer-source-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt-transfer-source ( | * ) ; // deprecated + alt-transfer-source-v6 ( | * ) ; // deprecated check-names ( fail | warn | ignore ); database ; file ; @@ -29,13 +29,13 @@ zone [ ] { multi-master ; notify ( explicit | master-only | primary-only | ); notify-delay ; - notify-source ( | * ) [ port ( | * ) ]; - notify-source-v6 ( | * ) [ port ( | * ) ]; + notify-source ( | * ) ; + notify-source-v6 ( | * ) ; primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; request-expire ; request-ixfr ; - transfer-source ( | * ) [ port ( | * ) ]; - transfer-source-v6 ( | * ) [ port ( | * ) ]; + transfer-source ( | * ) ; + transfer-source-v6 ( | * ) ; try-tcp-refresh ; use-alt-transfer-source ; // deprecated zero-no-soa-ttl ; diff --git a/doc/misc/options b/doc/misc/options index 7ca815617f..0613ce883f 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -70,15 +70,15 @@ options { allow-update { ; ... }; allow-update-forwarding { ; ... }; also-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ]; // deprecated - alt-transfer-source-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt-transfer-source ( | * ) ; // deprecated + alt-transfer-source-v6 ( | * ) ; // deprecated answer-cookie ; attach-cache ; auth-nxdomain ; auto-dnssec ( allow | maintain | off ); // deprecated automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; + avoid-v4-udp-ports { ; ... }; // deprecated + avoid-v6-udp-ports { ; ... }; // deprecated bindkeys-file ; blackhole { ; ... }; catalog-zones { zone [ default-primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; @@ -208,23 +208,23 @@ options { notify ( explicit | master-only | primary-only | ); notify-delay ; notify-rate ; - notify-source ( | * ) [ port ( | * ) ]; - notify-source-v6 ( | * ) [ port ( | * ) ]; + notify-source ( | * ) ; + notify-source-v6 ( | * ) ; notify-to-soa ; nsec3-test-zone ; // test only nta-lifetime ; nta-recheck ; nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ]; - parental-source-v6 ( | * ) [ port ( | * ) ]; + parental-source ( | * ) ; + parental-source-v6 ( | * ) ; pid-file ( | none ); port ; preferred-glue ; prefetch [ ]; provide-ixfr ; qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); + query-source [ address ] ( | * ); + query-source-v6 [ address ] ( | * ); querylog ; random-device ( | none ); // obsolete rate-limit { @@ -300,8 +300,8 @@ options { tls-port ; transfer-format ( many-answers | one-answer ); transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ]; - transfer-source-v6 ( | * ) [ port ( | * ) ]; + transfer-source ( | * ) ; + transfer-source-v6 ( | * ) ; transfers-in ; transfers-out ; transfers-per-ns ; @@ -312,8 +312,8 @@ options { update-check-ksk ; update-quota ; use-alt-transfer-source ; // deprecated - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; + use-v4-udp-ports { ; ... }; // deprecated + use-v6-udp-ports { ; ... }; // deprecated v6-bias ; validate-except { ; ... }; version ( | none ); @@ -335,12 +335,12 @@ server { edns-version ; keys ; max-udp-size ; - notify-source ( | * ) [ port ( | * ) ]; - notify-source-v6 ( | * ) [ port ( | * ) ]; + notify-source ( | * ) ; + notify-source-v6 ( | * ) ; padding ; provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); + query-source [ address ] ( | * ); + query-source-v6 [ address ] ( | * ); request-expire ; request-ixfr ; request-nsid ; @@ -348,8 +348,8 @@ server { tcp-keepalive ; tcp-only ; transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ]; - transfer-source-v6 ( | * ) [ port ( | * ) ]; + transfer-source ( | * ) ; + transfer-source-v6 ( | * ) ; transfers ; }; // may occur multiple times @@ -386,8 +386,8 @@ view [ ] { allow-update { ; ... }; allow-update-forwarding { ; ... }; also-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ]; // deprecated - alt-transfer-source-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt-transfer-source ( | * ) ; // deprecated + alt-transfer-source-v6 ( | * ) ; // deprecated attach-cache ; auth-nxdomain ; auto-dnssec ( allow | maintain | off ); // deprecated @@ -494,22 +494,22 @@ view [ ] { nocookie-udp-size ; notify ( explicit | master-only | primary-only | ); notify-delay ; - notify-source ( | * ) [ port ( | * ) ]; - notify-source-v6 ( | * ) [ port ( | * ) ]; + notify-source ( | * ) ; + notify-source-v6 ( | * ) ; notify-to-soa ; nsec3-test-zone ; // test only nta-lifetime ; nta-recheck ; nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ]; - parental-source-v6 ( | * ) [ port ( | * ) ]; + parental-source ( | * ) ; + parental-source-v6 ( | * ) ; plugin ( query ) [ { } ]; // may occur multiple times preferred-glue ; prefetch [ ]; provide-ixfr ; qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); + query-source [ address ] ( | * ); + query-source-v6 [ address ] ( | * ); rate-limit { all-per-second ; errors-per-second ; @@ -549,12 +549,12 @@ view [ ] { edns-version ; keys ; max-udp-size ; - notify-source ( | * ) [ port ( | * ) ]; - notify-source-v6 ( | * ) [ port ( | * ) ]; + notify-source ( | * ) ; + notify-source-v6 ( | * ) ; padding ; provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ); + query-source [ address ] ( | * ); + query-source-v6 [ address ] ( | * ); request-expire ; request-ixfr ; request-nsid ; @@ -562,8 +562,8 @@ view [ ] { tcp-keepalive ; tcp-only ; transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ]; - transfer-source-v6 ( | * ) [ port ( | * ) ]; + transfer-source ( | * ) ; + transfer-source-v6 ( | * ) ; transfers ; }; // may occur multiple times servfail-ttl ; @@ -580,8 +580,8 @@ view [ ] { suppress-initial-notify ; // obsolete synth-from-dnssec ; transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ]; - transfer-source-v6 ( | * ) [ port ( | * ) ]; + transfer-source ( | * ) ; + transfer-source-v6 ( | * ) ; trust-anchor-telemetry ; // experimental trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times trusted-keys { ; ... }; // may occur multiple times, deprecated diff --git a/doc/misc/primary.zoneopt b/doc/misc/primary.zoneopt index 007a903dd0..6217bb76ab 100644 --- a/doc/misc/primary.zoneopt +++ b/doc/misc/primary.zoneopt @@ -5,8 +5,8 @@ zone [ ] { allow-transfer [ port ] [ transport ] { ; ... }; allow-update { ; ... }; also-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ]; // deprecated - alt-transfer-source-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt-transfer-source ( | * ) ; // deprecated + alt-transfer-source-v6 ( | * ) ; // deprecated auto-dnssec ( allow | maintain | off ); // deprecated check-dup-records ( fail | warn | ignore ); check-integrity ; @@ -43,13 +43,13 @@ zone [ ] { max-zone-ttl ( unlimited | ); notify ( explicit | master-only | primary-only | ); notify-delay ; - notify-source ( | * ) [ port ( | * ) ]; - notify-source-v6 ( | * ) [ port ( | * ) ]; + notify-source ( | * ) ; + notify-source-v6 ( | * ) ; notify-to-soa ; nsec3-test-zone ; // test only parental-agents [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental-source ( | * ) [ port ( | * ) ]; - parental-source-v6 ( | * ) [ port ( | * ) ]; + parental-source ( | * ) ; + parental-source-v6 ( | * ) ; serial-update-method ( date | increment | unixtime ); sig-signing-nodes ; sig-signing-signatures ; diff --git a/doc/misc/secondary.zoneopt b/doc/misc/secondary.zoneopt index bec0e9c5c9..fb5830910c 100644 --- a/doc/misc/secondary.zoneopt +++ b/doc/misc/secondary.zoneopt @@ -6,8 +6,8 @@ zone [ ] { allow-transfer [ port ] [ transport ] { ; ... }; allow-update-forwarding { ; ... }; also-notify [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ]; // deprecated - alt-transfer-source-v6 ( | * ) [ port ( | * ) ]; // deprecated + alt-transfer-source ( | * ) ; // deprecated + alt-transfer-source-v6 ( | * ) ; // deprecated auto-dnssec ( allow | maintain | off ); // deprecated check-names ( fail | warn | ignore ); database ; @@ -41,13 +41,13 @@ zone [ ] { multi-master ; notify ( explicit | master-only | primary-only | ); notify-delay ; - notify-source ( | * ) [ port ( | * ) ]; - notify-source-v6 ( | * ) [ port ( | * ) ]; + notify-source ( | * ) ; + notify-source-v6 ( | * ) ; notify-to-soa ; nsec3-test-zone ; // test only parental-agents [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental-source ( | * ) [ port ( | * ) ]; - parental-source-v6 ( | * ) [ port ( | * ) ]; + parental-source ( | * ) ; + parental-source-v6 ( | * ) ; primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; request-expire ; request-ixfr ; @@ -55,8 +55,8 @@ zone [ ] { sig-signing-signatures ; sig-signing-type ; sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | * ) ]; - transfer-source-v6 ( | * ) [ port ( | * ) ]; + transfer-source ( | * ) ; + transfer-source-v6 ( | * ) ; try-tcp-refresh ; update-check-ksk ; use-alt-transfer-source ; // deprecated diff --git a/doc/misc/stub.zoneopt b/doc/misc/stub.zoneopt index 2a6810f22c..e641904754 100644 --- a/doc/misc/stub.zoneopt +++ b/doc/misc/stub.zoneopt @@ -20,8 +20,8 @@ zone [ ] { min-retry-time ; multi-master ; primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - transfer-source ( | * ) [ port ( | * ) ]; - transfer-source-v6 ( | * ) [ port ( | * ) ]; + transfer-source ( | * ) ; + transfer-source-v6 ( | * ) ; use-alt-transfer-source ; // deprecated zone-statistics ( full | terse | none | ); }; diff --git a/lib/isccfg/include/isccfg/grammar.h b/lib/isccfg/include/isccfg/grammar.h index 447ba71171..83482d94fe 100644 --- a/lib/isccfg/include/isccfg/grammar.h +++ b/lib/isccfg/include/isccfg/grammar.h @@ -270,6 +270,7 @@ struct cfg_parser { #define CFG_ADDR_V6OK 0x00000004 #define CFG_ADDR_WILDOK 0x00000008 #define CFG_ADDR_DSCPOK 0x00000010 +#define CFG_ADDR_PORTOK 0x00000020 #define CFG_ADDR_MASK (CFG_ADDR_V6OK | CFG_ADDR_V4OK) /*@}*/ diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 9b37671230..e579bf55fe 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1214,8 +1214,10 @@ static cfg_type_t cfg_type_fstrm_model = { static cfg_clausedef_t options_clauses[] = { { "answer-cookie", &cfg_type_boolean, 0 }, { "automatic-interface-scan", &cfg_type_boolean, 0 }, - { "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 }, - { "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 }, + { "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, + CFG_CLAUSEFLAG_DEPRECATED }, + { "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, + CFG_CLAUSEFLAG_DEPRECATED }, { "bindkeys-file", &cfg_type_qstring, 0 }, { "blackhole", &cfg_type_bracketed_aml, 0 }, { "cookie-algorithm", &cfg_type_cookiealg, 0 }, @@ -1345,8 +1347,10 @@ static cfg_clausedef_t options_clauses[] = { { "update-quota", &cfg_type_uint32, 0 }, { "use-id-pool", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "use-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT }, - { "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 }, - { "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 }, + { "use-v4-udp-ports", &cfg_type_bracketed_portlist, + CFG_CLAUSEFLAG_DEPRECATED }, + { "use-v6-udp-ports", &cfg_type_bracketed_portlist, + CFG_CLAUSEFLAG_DEPRECATED }, { "version", &cfg_type_qstringornone, 0 }, { NULL, NULL, 0 } }; @@ -3194,6 +3198,12 @@ parse_querysource(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { } else if (strcasecmp(TOKEN_STRING(pctx), "port") == 0) { /* read "port" */ + if ((pctx->flags & CFG_PCTX_NODEPRECATED) == 0) + { + cfg_parser_warning( + pctx, 0, + "token 'port' is deprecated"); + } CHECK(cfg_gettoken(pctx, 0)); CHECK(cfg_parse_rawport(pctx, CFG_ADDR_WILDOK, &port)); @@ -3264,7 +3274,7 @@ static void doc_querysource(cfg_printer_t *pctx, const cfg_type_t *type) { const unsigned int *flagp = type->of; - cfg_print_cstr(pctx, "( ( [ address ] ( "); + cfg_print_cstr(pctx, "[ address ] ( "); if ((*flagp & CFG_ADDR_V4OK) != 0) { cfg_print_cstr(pctx, ""); } else if ((*flagp & CFG_ADDR_V6OK) != 0) { @@ -3272,16 +3282,7 @@ doc_querysource(cfg_printer_t *pctx, const cfg_type_t *type) { } else { UNREACHABLE(); } - cfg_print_cstr(pctx, " | * ) [ port ( | * ) ] ) | " - "( [ [ address ] ( "); - if ((*flagp & CFG_ADDR_V4OK) != 0) { - cfg_print_cstr(pctx, ""); - } else if ((*flagp & CFG_ADDR_V6OK) != 0) { - cfg_print_cstr(pctx, ""); - } else { - UNREACHABLE(); - } - cfg_print_cstr(pctx, " | * ) ] port ( | * ) ) )"); + cfg_print_cstr(pctx, " | * )"); } static unsigned int sockaddr4wild_flags = CFG_ADDR_WILDOK | CFG_ADDR_V4OK | @@ -3309,7 +3310,7 @@ static cfg_type_t cfg_type_querysource = { "querysource", NULL, * which is gratuitously interpreted as the IPv4 wildcard address. */ static unsigned int controls_sockaddr_flags = CFG_ADDR_V4OK | CFG_ADDR_V6OK | - CFG_ADDR_WILDOK; + CFG_ADDR_WILDOK | CFG_ADDR_PORTOK; static cfg_type_t cfg_type_controls_sockaddr = { "controls_sockaddr", cfg_parse_sockaddr, cfg_print_sockaddr, cfg_doc_sockaddr, &cfg_rep_sockaddr, &controls_sockaddr_flags @@ -3562,13 +3563,13 @@ static cfg_type_t cfg_type_logfile = { "log_file", parse_logfile, print_logfile, doc_logfile, &cfg_rep_tuple, logfile_fields }; -/*% An IPv4 address with optional port, "*" accepted as wildcard. */ +/*% An IPv4 address, "*" accepted as wildcard. */ static cfg_type_t cfg_type_sockaddr4wild = { "sockaddr4wild", cfg_parse_sockaddr, cfg_print_sockaddr, cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddr4wild_flags }; -/*% An IPv6 address with optional port, "*" accepted as wildcard. */ +/*% An IPv6 address, "*" accepted as wildcard. */ static cfg_type_t cfg_type_sockaddr6wild = { "v6addrportwild", cfg_parse_sockaddr, cfg_print_sockaddr, cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddr6wild_flags diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index ad166954c2..8bee7342ba 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -3221,6 +3221,14 @@ parse_sockaddrsub(cfg_parser_t *pctx, const cfg_type_t *type, int flags, CHECK(cfg_peektoken(pctx, 0)); if (pctx->token.type == isc_tokentype_string) { if (strcasecmp(TOKEN_STRING(pctx), "port") == 0) { + if ((pctx->flags & CFG_PCTX_NODEPRECATED) == + 0 && + (flags & CFG_ADDR_PORTOK) == 0) + { + cfg_parser_warning( + pctx, 0, + "token 'port' is deprecated"); + } CHECK(cfg_gettoken(pctx, 0)); /* read "port" */ CHECK(cfg_parse_rawport(pctx, flags, &port)); ++have_port; @@ -3263,13 +3271,14 @@ cleanup: return (result); } -static unsigned int sockaddr_flags = CFG_ADDR_V4OK | CFG_ADDR_V6OK; +static unsigned int sockaddr_flags = CFG_ADDR_V4OK | CFG_ADDR_V6OK | + CFG_ADDR_PORTOK; cfg_type_t cfg_type_sockaddr = { "sockaddr", cfg_parse_sockaddr, cfg_print_sockaddr, cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddr_flags }; static unsigned int sockaddrdscp_flags = CFG_ADDR_V4OK | CFG_ADDR_V6OK | - CFG_ADDR_DSCPOK; + CFG_ADDR_DSCPOK | CFG_ADDR_PORTOK; cfg_type_t cfg_type_sockaddrdscp = { "sockaddr", cfg_parse_sockaddr, cfg_print_sockaddr, cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddrdscp_flags }; @@ -3342,10 +3351,12 @@ cfg_doc_sockaddr(cfg_printer_t *pctx, const cfg_type_t *type) { POST(n); } cfg_print_cstr(pctx, " ) "); - if ((*flagp & CFG_ADDR_WILDOK) != 0) { - cfg_print_cstr(pctx, "[ port ( | * ) ]"); - } else { - cfg_print_cstr(pctx, "[ port ]"); + if ((*flagp & CFG_ADDR_PORTOK) != 0) { + if ((*flagp & CFG_ADDR_WILDOK) != 0) { + cfg_print_cstr(pctx, "[ port ( | * ) ]"); + } else { + cfg_print_cstr(pctx, "[ port ]"); + } } }