From 66074f152f2a42218e6d54f50d4fa3717940c299 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Wed, 4 May 2016 14:27:38 -0700
Subject: [PATCH] [master] log message when using ISC DLV

4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]
---
 CHANGES                           |  6 ++++++
 bin/named/server.c                | 22 +++++++++++++++++++---
 bin/tests/system/dlvauto/tests.sh | 10 ++++++++--
 doc/arm/notes.xml                 |  9 +++++++++
 4 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 62ab930424..a4b6decef1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
+			is scheduled to be disabled in 2017.  A warning is
+			now logged when named is configured to use it,
+			either explicitly or via "dnssec-lookaside auto;"
+			[RT #42207]
+
 4351.	[bug]		'dig +noignore' didn't work. [RT #42273]
 
 4350.	[contrib]	Declare result in  dlz_filesystem_dynamic.c.
diff --git a/bin/named/server.c b/bin/named/server.c
index aec9712637..5918e8643f 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -2540,6 +2540,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
 	const cfg_obj_t *zonelist;
 	const cfg_obj_t *dlzlist;
 	const cfg_obj_t *dlz;
+	const cfg_obj_t *dlvobj = NULL;
 	unsigned int dlzargc;
 	char **dlzargv;
 	const cfg_obj_t *dyndb_list;
@@ -3852,7 +3853,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
 	result = ns_config_get(optionmaps, "dnssec-lookaside", &obj);
 	if (result == ISC_R_SUCCESS) {
 		/* If set to "auto", use the version from the defaults */
-		const cfg_obj_t *dlvobj;
 		const char *dom;
 		dlvobj = cfg_listelt_value(cfg_list_first(obj));
 		dom = cfg_obj_asstring(cfg_tuple_get(dlvobj, "domain"));
@@ -3870,18 +3870,34 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
 	}
 
 	if (result == ISC_R_SUCCESS) {
+		dns_name_t *dlv, *iscdlv;
+		dns_fixedname_t f;
+		dns_fixedname_init(&f);
+
+		iscdlv = dns_fixedname_name(&f);
+		CHECK(dns_name_fromstring(iscdlv, "dlv.isc.org", 0, NULL));
+
 		for (element = cfg_list_first(obj);
 		     element != NULL;
 		     element = cfg_list_next(element))
 		{
-			dns_name_t *dlv;
-
 			obj = cfg_listelt_value(element);
 			obj = cfg_tuple_get(obj, "trust-anchor");
+
 			dlv = dns_fixedname_name(&view->dlv_fixed);
 			CHECK(dns_name_fromstring(dlv, cfg_obj_asstring(obj),
 						  DNS_NAME_DOWNCASE, NULL));
 			view->dlv = dns_fixedname_name(&view->dlv_fixed);
+
+			if (dns_name_equal(view->dlv, iscdlv)) {
+				if (auto_dlv)
+					obj = dlvobj;
+				cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
+					    "WARNING: the DLV server at "
+					    "'dlv.isc.org' is expected to "
+					    "cease operation by the end "
+					    "of 2017");
+			}
 		}
 	} else
 		view->dlv = NULL;
diff --git a/bin/tests/system/dlvauto/tests.sh b/bin/tests/system/dlvauto/tests.sh
index e79c3f7420..c5e2fb7e17 100644
--- a/bin/tests/system/dlvauto/tests.sh
+++ b/bin/tests/system/dlvauto/tests.sh
@@ -12,8 +12,6 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.3 2011/03/03 16:16:46 each Exp $
-
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
@@ -22,9 +20,17 @@ DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
 status=0
 n=1
 
+echo "I:checking that a warning was logged about the ISC DLV service ($n)"
+ret=0
+warnings=`grep "WARNING: the DLV server at 'dlv.isc.org'" ns2/named.run`
+[ -z "$warnings" ] && ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 #
 #  When this was initialy reported there was a REQUIRE failure on restarting.
 #
+n=`expr $n + 1`
 echo "I:checking dnssec-lookaside "'"auto"'"; with views of multiple classes ($n)" 
 if [ -s  ns2/named.pid ]
 then
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index be65160136..3fb953275a 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -484,6 +484,15 @@
 
   <section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
     <itemizedlist>
+      <listitem>
+        <para>
+	  The ISC DNSSEC Lookaside Validation (DLV) service is scheduled
+	  to be disabled in 2017.  A warning is now logged when
+	  <command>named</command> is configured to use this service,
+	  either explicitly or via <option>dnssec-lookaside auto;</option>.
+	  [RT #42207]
+	</para>
+      </listitem>
       <listitem>
         <para>
 	  The timers returned by the statistics channel (indicating current